Sunday, July 19, 2015

Using Ubiquiti Access Points to Provide Wireless Internet to Remote Neighbors who don’t have Broadband Service

In rural areas such as here in Vermont, there are sometimes no other choices than dial-up or satellite Internet service.  But if you are lucky enough to have more bandwidth than you need, you could share it with neighbors who can’t get decent broadband service.  I therefore recently started to work on such a project using two Ubiquiti Nanostation Loco M2 to learn how that would work.  Here is my attempt at documenting the design.

First I made sure line of sight was present.  This dictates what model of Ubiquiti AirMax Nanostation M you pick.  The 2.4 GHz band was fine for my needs.  The other choices were 900 MHz or 5 GHz.  Details about this choice are out of scope for this article but you can learn more online or at

Also, from what I understand, you could pick a Nanostation NSM2 for your AP and Nanostation LocoM2 for the stations at various neighbors as long as both models transmit and receive on the same band.

The Cisco router I chose has a WAN port to connect to the ISP’s bridge, a LAN port for the internal network, and a third port for the Ubiquiti access point (AP). 

IP addressing:

The WAN port has a public subnet assigned showing as “” on the below drawing. 

The internal LAN has a private subnet of

And, the third port is setup as a 802.1Q trunk with subinterfaces as follows. 

We allow two VLANs on this trunk…

VLAN 603 will be the access VLAN which is the public subnet “” shown below.  This VLAN will not be tagged so we added the “native” keyword on the encapsulation command.

VLAN 604 will be the management VLAN which is the private subnet of

Here is the Cisco router’s interface configuration connected to the AP.

interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
media-type rj45
negotiation auto
interface GigabitEthernet0/2.603
encapsulation dot1Q 603 native
ip address
interface GigabitEthernet0/2.604
description WISP MGMT
encapsulation dot1Q 604
ip address

The address will be the default gateway for the WISP client’s router’s WAN interface, and the will allow us to manage the AP and stations.  Here is the drawing:

WISP Diagram

Any consumer grade router can be used for the remote site and because those have NAT/PAT enabled by default, we can have overlapping internal networks.

It took me quite a bit of time to research and come up with a working configuration so I hope the following screens will help someone out there.  Thanks to the good folks who posted their working configs on the forums!  Here is what I did to make it work. 

On the AP:




On the STA:




Note- the IP Aliases allow a tech to connect a laptop directly to the equipment and configure it locally via, the default management IP for AirOS, if needed.  Also, since the VLAN 604 management IP addresses are private (not routed on the Internet), you can only manage them from the local site, hence they are not exposed to the Internet’s threats.