The network set up and associated processes described in this topic enable an occupier to manage their own network; supplying, configuring, and managing their own router and firewall.
Recommendation: essensys recommends that you only follow this process with support from an internal or third-party IT team.
Understanding the Public IP set up
Typical set up
The following diagram shows the typical Public IP network set up. In this scenario, the occupier has a Public IP (supplied by essensys) for each of their devices that require a public address, and uses the center's LAN network (Wi-Fi Secure, switch ports, etc).
The Public IP address ensures that all traffic that is destined for the internet uses the router.
Any port with a LAN role (LAN only or Voice_LAN_Internet) is part of the occupier's managed LAN network. As the occupier is configured to have a Public IP, all traffic destined for the internet passes via the router.
With this configuration, essensys recommends that the occupier manages their own DHCP (DHCP disabled).
Alternative set up
It is also possible for the occupier to use their own devices, in which case the WAN-Public IP connection (in red in the preceding diagram) is created, but the client uses their own ports on the router to connect their own devices.
If the client has their own switch, they would connect this to the LAN side of their configured router/firewall. All floor ports in the office would then connect to the client’s switch.
Configuring the Public IP
A Public IP is needed for each device (firewall/router) that requires a separate public address.
Add one or five Public IPs by adding a Public IP service for this occupier.
Note: You can only have either one Public IP or five Public IPs per occupier, these services cannot be mixed due to the network setup.
Optionally, test the occupier's Public IP address and network, before they connect their router/firewall.
Supply the Public IP to your occupier.
A Public IP was assigned for this occupier by essensys in response to the Public IP service being added in the previous step.
You can see the Public IP in the essensys Platform under Occupiers > <occupier name> > Network info.
For each public IP device, you need two assigned switch ports, one with the role Public only and one LAN only.
Connecting the devices
Once the occupier has an active Public IP port, their router/firewall needs to connect to the Public IP port on the switch, and their wired devices need to connect to correctly configured ports to use the router.
Connect the WAN side (Wide Area Network) of the configured router/firewall to the port with the role Public IP on the switch.
Connect the LAN side (Local Area Network) of the configured router/firewall to a port with the role LAN only on the switch.
For each device that is part of the LAN you will need to:
Assign services for the occupier.
Assign the LAN only or Voice, LAN, Internet roles to the ports that they will connect their devices to.
Connect devices to these ports.
Activate services as described elsewhere.
With this configuration, essensys recommend that the occupier manages their own DHCP.
For details describing the use of DHCP and how to disable managed DHCP for the occupier, see DHCP.
If the occupier's router has Wi-Fi capability, this should be disabled in order to reduce the possibility of interference in the building.