What Is a WISP?
A WISP or Wireless Internet Service Provider, is an Internet Service Provider who uses wireless links to connect your home or office to the internet.
Unlike in conventional internet connections using either Cable or ADSL technologies, WISPs attach a antener to the outside of you house pointed at a mast located X amount of distance away and provides you house with internet.
Where are they used?
WISPs are used in rural and remote locations where running a cable is not practical.
A Basic Set up…
below im going to cover at a high level (With some low level configs) how you can put together a simple WISP to get an under standing of how larger wisps work, which is basically the same…
To start of with many networks use Cisco routers to move traffic around a network, 
however in my example i am going to be using the open source version of Vyatta, which is a free open source routing platform.
i am also going to be using Ubiquity Rocket M5 radios on the Mast side and Nano Station M5s on the client side connecting to a domestic router like a netgear.
The Image below shows the network layout –
The below is a sample Vyatta Core Router config –
Boarder Router-
interfaces {
ethernet eth0 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address dhcp
description "Inter connect with internet"
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 192.9.200.1/26
address 172.17.1.254/32
description "WISP Core Net"
duplex auto
ip {
ospf {
authentication {
md5 {
key-id 25 {
md5-key PASSWORD
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp_affinity auto
speed auto
}
ethernet eth3 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth4 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth5 {
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
authentication md5
network 192.168.201.0/24
network 192.9.200.0/26
}
parameters {
abr-type cisco
router-id 192.9.200.1
}
redistribute {
connected {
metric-type 2
}
}
}
static {
route 0.0.0.0/0 {
next-hop 192.168.201.1 {
}
}
}
}
service {
ssh {
listen-address 192.9.200.1
port 8089
protocol-version v2
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name WISP.Local
host-name border-01
login {
user vyatta {
authentication {
encrypted-password PASSWORD
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
Tower A
interfaces {
ethernet eth0 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.9.200.2/26
description "WISP Core Net"
duplex auto
ip {
ospf {
authentication {
md5 {
key-id 25 {
md5-key PASSWORD
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp_affinity auto
speed auto
}
ethernet eth2 {
address 192.9.200.65/26
address 172.17.1.253/32
description "Client Access"
duplex auto
smp_affinity auto
speed auto
}
ethernet eth3 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth4 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth5 {
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
authentication md5
network 192.9.200.0/26
network 192.9.200.64/26
}
parameters {
abr-type cisco
router-id 192.9.200.2
}
redistribute {
connected {
metric-type 2
}
}
}
static {
route 0.0.0.0/0 {
next-hop 192.9.200.1 {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name Client {
authoritative disable
subnet 192.9.200.64/26 {
default-router 192.9.200.65
dns-server 8.8.8.8
dns-server 8.8.4.4
domain-name WISP.local
lease 86400
start 192.9.200.66 {
stop 192.9.200.126
}
}
}
}
ssh {
listen-address 192.9.200.65
listen-address 192.9.200.2
port 22
protocol-version v2
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name WISP.Local
host-name Tower-A
login {
user vyatta {
authentication {
encrypted-password PASSWORD
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
Tower B
interfaces {
ethernet eth0 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.9.200.3/26
description "WISP Core Net"
duplex auto
ip {
ospf {
authentication {
md5 {
key-id 25 {
md5-key PASSWORD
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
smp_affinity auto
speed auto
}
ethernet eth2 {
address 192.9.200.129/26
address 172.17.1.252/32
description "Client access"
duplex auto
smp_affinity auto
speed auto
}
ethernet eth3 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth4 {
duplex auto
smp_affinity auto
speed auto
}
ethernet eth5 {
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
authentication md5
network 192.9.200.0/26
network 192.9.200.128/26
}
parameters {
abr-type cisco
router-id 192.9.200.3
}
redistribute {
connected {
metric-type 2
}
}
}
static {
route 0.0.0.0/0 {
next-hop 192.9.200.1 {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name Client {
authoritative disable
subnet 192.9.200.128/26 {
default-router 192.9.200.129
dns-server 8.8.8.8
dns-server 8.8.4.4
domain-name WISP.local
lease 86400
start 192.9.200.130 {
stop 192.9.200.190
}
}
}
}
ssh {
listen-address 192.9.200.3
port 22
protocol-version v2
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name WISP.Local
host-name Tower-B
login {
user vyatta {
authentication {
encrypted-password PASSWORD
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
Sample Ubiquity config (taken from “http://wiki.ubnt.com/Building_a_wisp”) –
BaseStation
AirMax node
Minimum requirements:
- High speed Internet connection, enabling you to resell the service to third parties. (Usually residential connections don’t allow doing that; ask your ISP for more information).
- A router (Mikrotik, Pfsense, Cisco, etc…) to manage clients’ IP addresses, bandwidths, traffic prioritization, among other basic services your network may require. Simply as an example: a MikrotikRouterboard 1100 (or RB450G for smaller WISP) may be a good choice for a relatively low-cost solution without sacrificing performance.
- An Ethernet switch (just in case your router doesn’t have free ports available).
- 3 AirMaxBaseStation 120º Antennas (alternately an array of 4 AirMaxBaseStation 90º Antennas, for higher capacity and throughput).
- 3 Rocket M5 (in case you use an array of 4 AirMax antennas, you must use 4 Rocket M5)
- Available space on a telecommunication tower, a tall building’s roof or another elevated place, which allows you sufficient height to have Line-of-Sight between the Base Station and customers devices (CPE).
- An CALEA compliant system (in the U.S.)
In case you’re planing a big deployment with multiple APs co-located on the same tower, we suggest to use airSync capable APs, such as RocketM5-GPS or the new RocketM5-Titanium, which offers enhanced RF isolation to reduce dramatically co-located interference, improving throughput and reliability.
Also it is recommended, but not a must, to use the following:
- A UPS system supported by an electrical power generator (Diesel, solar panel, etc) for redundancy (UPS capacity depending on the autonomy time you consider pertinent)
- Multiples Internet connections for a higher bandwidth and redundancy in case of failures.
Step to step
- Connect the Rocket M5s (running AirOS 5.5 or a higher version) to their respective AirMax Antennas.
- Enable airMax to achieve maximum performance.
- Connect a FTP cable (shielded cable) between the PoE device, on the port labeled as PoE, and the first Rocket M5; then connect the PoE device to the power source. Important! Don’t use unshielded cable, UTP, cause your devices could be damaged by ESD attacks.
Note: Connect one device at each time; configure the first one (change of IP address), only then the second one, and subsequently the third one.
- When using a shielded Ethernet cable connect the port labeled LAN on the PoE device to an available Ethernet port on your router or switch (in case of any doubt with it, consult your router manual).
- Login to the first device (in case of you don’t know how to do that, check this guide) and change the device’s IP address, assigning one within your network range.
Note: You must assign a different IP address to each Rocket M5.
AP – Wireless Page
- Enter the new IP address into the browser’s address bar to login again. Then define the following parameters on Wireless tab:
-
- Wireless Mode: Access Point WDS
- SSID: “Network’s name”, you may use the same name on all your AP if you like. However, it is recommended to use different names for easier identification in the network you are connected to.
- Country code: choose your country
- Channel Shifting: disabled
- Frequency: select an un-crowded frequency (assuming you are allowed to use it, in case local restrictions apply).
Note: Use different channels (frequencies) for each Rocket M5 –in AP mode – with enough separation to avoid self-interferences from your own AP.
-
- Output Power: select maximum power allowed by your authority in your country.
Note: In some cases by using less power you may achieve better performance.
-
- Max Tx Rate: select MCS12 (if WPA2 is selected) and enable “Auto ACK” option.
- Security: select WPA2-AES (or another security method if you wish). However, it is highly recommended not to use WEP or MAC ACL unless they’re combined with WPA security, since they are highly insecure). WPA2-AES method offers the best performance.
- Press the “Change” button to confirm changes, and then press “Apply” to apply the new configuration. Usually it takes a few seconds until changes will have applied.
Also, you may change some parameters on the “Ubiquiti” page:
-
- Enable AirMax: Enabled (assuming your network is only using AirMax CPE, associated to each AP).
Note: Remember that in case you chose not to use the AirMax option, each Access Point will be limited to a maximum of approx. 35 client devices.
Also, you may change some parameters on the “Advanced” page:
-
- ACK Timeout (Auto Adjust): Enabled
- Press the “Change” button to confirm changes, and then press “Apply” to apply the new configuration. Usually it takes a few seconds until changes will have applied.
- In some particular cases you may need to do some changes in other parameters; for more information see the AirOS 5 User’s Manual. However, for most scenarios, the previously suggested settings are enough to start using your Base Station.
- Now, repeat previous steps for the other 2 Rocket M5; do so one by one. Remember to change the IP address of each Rocket M5, select a different frequency and SSID (in case you decided to use different Wireless network names) for each Access Point.
- Once all equipments are properly configured, (only) then install them on their definitive locations.
Note: If for any situation you should require to go to “default” on a RocketM5, you won’t need to access the device physically, just press the “Reset” button located on the PoE device for a few seconds.
Clients
Ubiquiti has a large variety of devices that can act as Station (CPE); for more details regarding which product is the best for your needs, consultthis guide.
In the following example, I am going to configure a NanoStation M5, running AirOS 5.5, as our first client.
CPE- Wireless Page
Go to the “Wireless” tab and set the following parameters:
-
- Wireless Mode: Station WDS
- SSID: type the network’s name you want to connect. In case all your AP using the same SSID and wanting to connect to a specific AP, type the MAC address of the AP you want to specifically associate in the “Lock to AP MAC” field.
- Country Code: same as selected on AP.
- Channel Width: this value must coincide with the AP’s Channel Width.
- Channel Shifting: Disabled
- Output Power: select maximum power allowed by your authority in your country.
Note: In some cases by using less power you may achieve better performance.
-
- Security: this value must coincide with the AP’s security method.
CPE- Advanced Page
Go to “Ubiquiti” tab:
CPE- Traffic Shaping
-
- In Stations you don’t need to enable AirMax, the device automatically detects if the AP associated is using AirMax or not. However, you may define AirMax Priority Level; in ascendant priority order they are: None, Low, Medium and High.
Go to “Network” tab:
-
- In case you want to limit the CPE’s bandwidth, say for download and/or upload passing through the device’s Ethernet interface, enable “Traffic Shaping” option, however, at the same time you may use more complex bandwidth control and prioritization policies in the principal Router. In this example, we are going to limit the download bandwidth to 2048Kbps and the upload bandwidth to 512Kbps.
Note: These values are not universal, and you should be aware of how much bandwidth you offer your clients, based on factors like these: competitors’ offers, amount of bandwidth you can buy from your ISP, user profiles and strategies of your own business model.
- It is recommended to use the Router mode in your client’s device (CPE) to avoid errors caused by users, such as: an inexpert user connecting his SOHO Router’s LAN port to the NanoM5, thereby creating a second DHCP server on your network, provoking incorrect assignation of IP addresses; or other kinds of inconveniences that may give you big headaches. The activation parameters are as follow:
Within the “Wireless” tab, define the following settings:
- Network Mode: Router
- WLAN IP Address: define device’s private IP in the user’s network. In this case: 192.168.1.1.
- Enable NAT: Enabled
- Enable DHCP Server: Enabled
-
- Range Start: 192.168.1.100
- Range End: 192.168.1.110 (this range allow the user 10 available IP addresses for his/her computers or other network devices).
For more information about the Router mode see the AirOS 5 User’s Manual.
General Recommendations
Based on my personal experience as a WISP’s owner, I would recommend the following:
- Use all CPEs in Router mode, since this avoids specific user problems to penetrate into the entire network.
- Assign solid and well-planned QoS policies, traffic prioritization and bandwidth limitations from the principal Router; this will help you to improve your users’ experience, especially at peak hours.
- Use AirControl to monitor your network; this is especially useful when you have a lot of users. Also, you may combine it with other network monitoring software.
- If available, always use Ping Watchdog in your Ubiquiti devices and Routers. It helps prevent device hang-ups.
- Use always good quality materials (cables, connectors, mounts, etc), ensure quality installation, although more expensive, it could save you headaches in the short and long terms.
- In case of questions or doubts, visit Ubiquiti’s Forum, there are thousands of answered questions; and in case you can’t find an immediate result for your problem you can always you post a question; a friendly community will certainly assist you.