This repeats much of Msmith’s post…
The simplest, but not necessarily the best, option would be to assign all host IP addresses – router, AP(LAN1), SMs, and PCs – in the same subnet. For example, the router could be 192.168.0.1, and each other host would be given an address of 192.168.0.x, a mask of 255.255.255.0 (24 bits, or “/24”), and a default gateway of 192.168.0.1. The PCs could have their addresses assigned by a DHCP server, but the AP and SMs would need static addresses outside the range assigned by DHCP. In this configuration every host can talk to every other host; every PC can ping, telnet, or browse to the AP and all SMs.
The customer’s PC, however, does not need to access the IP address of its SM to be able to get to the Internet via the AP and router. The customer’s PC only needs to get to the address of the router, not the SM and AP. If you want the customer to be able to access their local SM’s web pages, so you can step them through the diagnosis of a problem, then the above configuration might be appropriate. In this case, however, make sure every Canopy SM’s password is different; you don’t want one customer to access another customer’s SM.
What many ISPs do, and what other forum members have suggested in this thread and others, is this: You must assign customers’ PCs to the same subnet as the outbound router – 192.168.0.x to 192.168.0.1 as above – but assign your Canopy units to a different IP network, like 10.99.x.x (or 192.168.201.x or 172.19.123.x or whatever). You’ll also need to assign one of these 10.99.x.x “management” addresses to a PC in your office to access the Canopy units. Your Ethernet and Canopy networks then carry traffic for two separate IP networks; Ethernet switches and Canopy units (when NAT is disabled) operate at ISO layer-2, IP is layer-3; there is no conflict.
A Canopy network is just a big, wide-area Ethernet switch. If you attached four PCs to a single Ethernet hub or switch, assigned the mask 255.255.255.0 and the following addresses to the PCs:
The two 192.168.44.x PCs could ping each other, the two 192.168.55.x PCs could ping each other. The 192.168.44.x PCs, however, could not ping the 192.168.55.x PCs. A Canopy network works the same way.
If you’re new to both Canopy and IP networking, your Canopy network is small, and you may be imposing on your customers’ patience and typing skills to solve problems, you might want to stick with the first configuration above. When you become more comfortable with what works and what doesn’t, but certainly before your Canopy network grows to more than 50 APs and SMs, design a new IP addressing structure and switch everything over.