Client bridge not working as expected

  • 0
  • 1
  • Problem
  • Updated 3 months ago
  • Solved
I have an AP7532 set up in client bridge mode per this guide connected to my AP3825 and the bridged device (a Crestron NVX per my last question) was able to DHCP, but now I can't ping it. The EWC and NAC only show the first bridge MAC (that of the AP) as connected. Any thoughts on what to try next?

Here's some debug output (the NVX is 00-10-7F-AA-2C-07, the switch (a B5) is 20-B3-99-F1-94-24 which I also can't ping, but see below):

ap7532-87F65C>show wireless bridge hosts
-----------------------------------------------------------------------------
HOST MAC BRIDGE MAC IP BRIDGING STATUS ACTIVITY
(sec ago)
-----------------------------------------------------------------------------
84-24-8D-87-F6-5C 84-24-8D-BE-78-50 10.20.254.72 UP 00:00:24
00-10-7F-AA-2C-07 84-24-8D-BE-78-51 10.20.255.213 UP 00:03:03
20-B3-99-F1-94-24 84-24-8D-BE-78-52 10.20.255.59 UP 00:00:37
-----------------------------------------------------------------------------
Total number of hosts displayed: 3
ap7532-87F65C>show wireless bridge statistics
----------------------------------------------------------------------------------------
LOCAL RADIO CONNECTED AP SIGNAL SNR TX-RATE RX-RATE Tx Rx RETRY
(dbm) db (Mbps) (Mbps) bps bps AVG
----------------------------------------------------------------------------------------
ap7532-87F65C:R2 D8-84-66-12-6D-21 -33 59 212 12 0 k 6 k 0
----------------------------------------------------------------------------------------
Total number of radios displayed: 1
ap7532-87F65C>show wireless bridge config
---------------------------------------------------------------------------------------------------------------------------------------
IDX NAME MAC PROFILE RF-DOMAIN SSID BAND ENCRYPTION AUTHENTICATION EAP-USERNAME
---------------------------------------------------------------------------------------------------------------------------------------
1 ap7532-87F65C 84-24-8D-87-F6-5C default-ap7532 default Staff 2.4GHz/5GHz ccmp eap tuser
---------------------------------------------------------------------------------------------------------------------------------------
ap7532-87F65C>show wireless radio
----------------------------------------------------------------------------------------------
RADIO RADIO-MAC RF-MODE STATE CHANNEL POWER #CLIENT
----------------------------------------------------------------------------------------------
ap7532-87F65C:R1 84-24-8D-BB-10-D0 2.4GHz-wlan Off N/A ( smt) 30 (smt) 0
ap7532-87F65C:R2 84-24-8D-BE-78-50 bridge On 165 ( smt) 20 (smt) 0
----------------------------------------------------------------------------------------------
Total number of radios displayed: 2
If I ssh to the AP7532 then telnet to the switch, I can ping stuff from the switch. But the bridge MAC doesn't show up in the infrastructure at all (not in `show mac 84-24-8D-BE-78-52` or `show port ge.5.30` (which does show 84-24-8D-BE-78-50). I can even telnet to a webserver and issue "GET / HTTP/1.0" so two-way communication is possible. OK, if I check ARP for the switch's DHCP IP it's 84:24:8d:be:78:50 just like the AP7532's IP is:
$ arp -n 10.20.254.72
Address HWtype HWaddress Flags Mask Iface
10.20.254.72 ether 84:24:8d:be:78:50 C vlan20
$ arp -n 10.20.255.59
Address HWtype HWaddress Flags Mask Iface
10.20.255.59 ether 84:24:8d:be:78:50 C vlan20
So the AP7532 isn't correctly giving each bridge host a unique MAC address on the wifi. Is there something I should be doing so it does this? It's currently authenticating to a WPA2-Enterprise SSID:
 interface radio2
rf-mode bridge
channel smart
power smart
data-rates default
no preamble-short
radio-share-mode off
bridge ssid Staff
bridge encryption-type ccmp
bridge authentication-type eap
bridge eap username tuser
bridge eap password 0 hunter2
Although DHCP is coming from the MAC addresses you'd expect:
Jun 13 08:33:21 antares-a dhcpd: DHCPDISCOVER from 84:24:8d:be:78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPOFFER on 10.20.255.59 to 84:24:8d:be:78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPREQUEST for 10.20.255.59 (10.20.0.2) from 84:24:8d:be:78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPACK on 10.20.255.59 to 84:24:8d:be:78:52 via vlan20
Jun 13 13:02:10 antares-a dhcpd: DHCPREQUEST for 10.20.255.213 from 84:24:8d:be:78:51 (DM-NVX-351-00107FAA2C07) via vlan20
Jun 13 13:02:10 antares-a dhcpd: DHCPACK on 10.20.255.213 to 84:24:8d:be:78:51 (DM-NVX-351-00107FAA2C07) via vlan20
So now I'm really confused. Any thoughts? AP3825 is running 10.31.08 FWIW.
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
  • confused

Posted 3 months ago

  • 0
  • 1
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,046 Points 20k badge 2x thumb
I can't remember whether IdentiFi likes a bridge with different MACs !?

I've installed Scalance client-APs a loooong time ago and I think we've always used the mode that only allowed one MAC on the radio....
https://support.industry.siemens.com/cs/document/109474556/why-is-the-wlan-client-connected-to-the-a...

Why not use WDS or mesh ? As far as I unterstand the NVX is mobile in this one room only - right ?!
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
Yeah, just this room, but there's going to be 7 mobile tables with NVXes on them, and the NVX protocol is multicast so I definitely don't want mesh. If it comes to it I could just use WiNG APs for the uplink APs as well (I'm thinking AP8432s). I do have a second AP7532 for testing so I'll give it a shot tomorrow.
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
Photo of James A

James A, Embassador

  • 6,982 Points 5k badge 2x thumb
Client Bridge is supposed to use a different MAC address for each client device. And sometimes it does, when they DHCP, but sometimes it doesn't. Although perhaps the MAC address in the DHCP packet and is being altered while the L2 MAC is unchanged? I'm going to have to get some traffic dumps at this point.
(Edited)
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
I contacted GTAC, and it turned out to be SPR-3354 which was fixed in WiNG 5.9.1 - I upgraded to WiNG 5.9.2 and it worked fine. Although now I'm hitting an issue where the AP7532 fails to associate to an AP3825 at VHT speeds but works when it falls back to HT, which is a bit odd. I'm still running 10.31.08, I was going to upgrade to 10.41 but my service contract hasn't been properly associated with my assets so now I need that sorted out first. I'll try connecting it to an AP3935 while I wait.