Header Only - DO NOT REMOVE - Extreme Networks
Question

AP-7522 Client Bridging Isn't Working


I have two AP-7522 access points. Both have version 5.9.1.4-004R. Both receive their power and network through a Symbol AP-PSBIAS-2P2-AFR "brick". I set the country name to "United States-us" on both because I read the radios will not turn on until you do.

AP#1 - This is the "host" access point connected to the wired LAN with access to the internet. The internal network is 192.168.1.0/24. I've given this AP the IP address 192.168.1.101. I configured a wireless network with SSID "myWireless", Secure-PSK, WPA2-CCMP, and the key is "myWirelessKey". Radio 1 is 2.4GHz, radio 2 is 5GHz.

AP#2 - This is the "client" access point that I want to bridge to AP#1. I have AP#2 connected to an unmanaged 5 port switch, which also connects a desktop PC. It's this desktop PC that needs access to the internet. I've given this AP the IP address 192.168.1.101. For the bridging configuration I followed the directions here (https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-WiNG-AP-to-act-as-a-clien...)
  • en
  • conf t
  • profile
  • interface radio 2
  • rf-mode bridge
  • bridge ssid myWireless
  • bridge vlan 1
  • bridge encryption-type ccmp
  • bridge authentication-type none
  • bridge wpa-wpa2 psk 0 myWirelessKey
  • no bridge eap username
  • no bridge eap password
  • bridge eap type peap-mschapv2
  • bridge roam-criteria missed-beacons 20
  • bridge roam-criteria rssi-threshold -75
  • bridge channel-list 5GHz 36,40,44,48
  • bridge channel-list 2.4GHz
  • comm wr
However when I run "show wireless bridge candidate-ap" it reports 0 candidate APs. AP#1 shows no wireless clients. The workstation can successfully ping AP#2 and vice versa. I am able to reach the web interface and ssh on AP#1 on the 192.168.1.0/24 network. But AP#1 can't ping AP#2 and vice versa. Nothing on the 192.168.1.0/24 network can ping AP#2 or the desktop PC. The desktop PC cannot reach anything on the 192.168.1.0/24 network.

Right now both APs are in the same room, 10 feet from each other, no physical obstacles between them.

In my searching I also found (https://gtacknowledge.extremenetworks.com/articles/Solution/AP7522-Client-Bridge-not-able-to-making-...) I tried the solution there but it didn't help.

Does anyone know what I'm doing wrong, or what I'm missing?

Additional questions:
1 - Do I have to configure any bridging properties on the AP#1 that is connected to the wired network with internet access? None of the guides I've read mention anything about configuration on the "host" AP, but since I can't get this working I'm wondering if some configuration is necessary on AP#1.

2 - Do I have to load a special firmware version to be able to access bridging configuration in the web GUI? Right now none of those configuration options are there and I have to do everything through ssh/command line. I know this was the case for some APs in the past that didn't have a web GUI at all and you had to download the firmware that included the GUI.

Thanks for any help you can provide!
Aaron

45 replies

Userlevel 4
Good info, Aaron.

First...I'm hoping it was just a typo, but you seem to be indicating that you setup both APs with a static address of 192.168.1.101
If that's the case, it shouldn't be causing the primary problem....but it's still an issue that would need correcting.

If you followed that billeted list of commands, I see one major potential issue (not sure why they included this one command).
This one:
  • bridge channel-list 5GHz 36,40,44,48
With this command, you're setting up the client-bridge AP so that it will only ever look for host APs that are operating on those 4 channels. If there are none nearby on those channels though, it will never be able to connect to anything, right?
I'd highly recommend including all of the possible channels that your 'host' APs are capable of operating on (or if statically assigned, those channels)
Or....set the Channel to "Smart"...which will more directly reflect how a normal wireless client behaves....it scans all channels looking for APs.

1 - Do I have to configure any bridging properties on the AP#1 that is connected to the wired network with internet access? None of the guides I've read mention anything about configuration on the "host" AP, but since I can't get this working I'm wondering if some configuration is necessary on AP#1.
Answer: NO. When setting up client-bridge APs, the only work that needs to be done is on the client-bridge APs themselves.

2 - Do I have to load a special firmware version to be able to access bridging configuration in the web GUI? Right now none of those configuration options are there and I have to do everything through ssh/command line. I know this was the case for some APs in the past that didn't have a web GUI at all and you had to download the firmware that included the GUI.
Answer: The very early releases of WiNG code (if I recall correctly) only allowed for the client-bridge setup via the CLI. The newest versions of WiNG code allow for full configuration via the GUI.
Thanks for your help Chris!

"bridge channel-list 5GHz smart" did not work, but that's no problem.

Should I enter "bridge channel-list 5GHz" and leave the rest of the command empty?
Or should I enter "no bridge channel-list 5GHz" assuming that if that option isn't configured that the AP will use its defaults?
Userlevel 4
[That GTAC article has now been corrected - and new screenshots as well]

Just go into the radio 2 interface and issue the command:
no bridge channel-list 5GHz
commit write

Then run the command again to see what candidate APs it's finding:
show wireless bridge candidate-ap

If it's showing APs now, it should be connecting to the one it thinks is best. Once it's connected, run this to see the stats of the client-bridge connection
show wireless bridge statistics
Unfortunately that didn't fix it either. Total number of candidates displayed is still 0.

Do I need to be creating or editing a specific profile? In my bulleted list of commands I originally posted, the third command is "profile" which enters me into the context "ap7522-A81950(config-profile-{ALL})". Then I enter "interface radio 2". But when I enter the command "rf-mode bridge" there I get the error "rf-mode bridge is not supported on radio2 of anyap"

But if I instead use "profile ap7522 PROFILE-AP7522", then "interface radio 2", and then "rf-mode bridge", it accepts the command.

But how do I know what profile the AP is using? If I enter "profile ?" it lists a few available, but I didn't create any of them. Profiles "anyap", "ap7522", "ap7532", and "ap7562" are available. I didn't create "PROFILE-AP7522" either. Is it ok to use it?

Sorry for these novice questions, this is the first time I've had to work this in-depth with these access points. I'm grasping at straws at this point.

By the way, to address your question from your first post, I did make a typo with the 192.168.1.101 address. AP#2 has 192.168.1.102
Userlevel 4
Okay...so if this being done w/o a controller (just configuring the AP as a stand-alone device), then your command where you specified the 7522 profile is correct.

So the commands would look like this:

    en conf t profile ap7522 PROFILE-AP7522 interface radio 2 rf-mode bridge bridge ssid myWireless bridge vlan 1 bridge encryption-type ccmp bridge authentication-type none bridge wpa-wpa2 psk 0 myWirelessKey comm wr
All of the other commands you don't see there now are NOT needed in your case.

To answer your question about which Profile is being used:
The Profile name "PROFILE-AP7522" I think is the default one, in which case...it should be be being used...by default.
If you want to confirm this, go into the CLI and do this:
    en self show context
You should see an entry in there that says, "use profile PROFILE-AP7522"
If you see that it's configured to use some other Profile name, then that's the problem.

By the way, this "self" section is the device override section of the AP's config. This is where you setup any configuration settings that DEVIATE from the 'master' Profile. This is where you would go in the CLI to enter things that are different or unique about this one AP...things like the AP's static IP address or it's hostname.
If there are any settings that exist in *both* the override section and in the main Profile, the AP will use the setting in the override section. The settings in that section *override* what's in the main Profile.
Sometimes this catches people off-guard...because they have a setting in the override section, but when they try to change its value in the main Profile, nothing changes. 🙂 They instead need to change the value for that setting in the override section.
The entry says "use profile default-ap7522". How can I switch it to use PROFILE-AP7522?

How can I perform a factory reset to get back to the default configuration? Do I log in as user "reset" and password "FactoryDefault" ? I've tried so many things, one of my previous attempts to fix the problem might actually be causing me problems at this point and I need to start from a clean slate.
Userlevel 4
Aha...so there's the issue then.

Command to change this:

  • en
  • self
  • use profile PROFILE-AP7522
  • commit write
As long as you're in the override section, what else is in there? Just want to make sure there's nothing else that is going to mess things up.
Update: I issued the command "use profile PROFILE-AP7522" and now "show context" reports that profile is being used. Still have zero candidate APs though.

I'm looking at the output of "show running-config" and PROFILE-AP7522 doesn't have any "vlan 1" entries in it. I entered the vlan commands from the bulleted list though. Is this an issue?
Userlevel 4
I should've remembered that too.
Any time you create a new Profile....it doesn't come pre-populated with VLAN-1. You need to manually add it if you need it on the AP.

In this case, you need to go into the Profile and create the VLAN-1 entry:

    en config t profile ap7522 PROFILE-AP7522 interface vlan 1 commit write optionally - ip address 192.168.1.102/24 (you could also enter this address in the override section) commit wr
This missing VLAN-1 entry shouldn't stop the AP from being able to discover candidate APs though.
What other entries are there in the self (override) section?

What is the output of:

show wireless radio
I log in via ssh, then enter the commands "en", then "self", then "show context". Below is the output. I'm typing this by hand, not copy/paste, as this is the desktop PC connected to AP#2 and it doesn't have internet access. Might be typos, I'll do my best to proofread.

I gave the wired interface ge1 the IP address 192.168.1.102/24. Is that going to conflict with anything we're adding to this profile PROFILE-AP7522 ?

  • ap7522 B8-50-01-A8-19-50
  • use profile PROFILE-AP7522
  • use rf-domain default
  • hostname ap7522-A81950
  • ip default-gateway 192.168.111.1
  • interface vlan1
  • description "WAN Interface"
  • ip address 192.168.111.102/24
  • no ip dhcp client request options all
  • no shutdown
  • no virtual-controaller
  • rf-domain-manager capable
  • ip dns-server-forward
  • ip nat inside source list default-B85001A81950-nat precedence 1 itnerface vlan1 overload
  • no adoption-mode
Userlevel 4
This is starting to feel a little bit like a minefield situation (various settings in the config that I can't see that will cause issues). It might be easier and faster to simply default the AP and start from scratch so we'll at least know what we're dealing with.

Besides that though, questions:
Why is there a VLAN-1 entry in the override section that is on a different network? (192.168.111.0 vs 192.168.1.0)
Why is the nat entry there?
"show wireless radio"

RADIO RADIO-MAC RF-MODE STATE CHANNEL POWER #CLIENT
ap7522-A81950:R1 B8-50-01-EB-D7-50 2.4GHz-wlan Off N/A (smt) 21 (smt) 0
ap7522-A81950:R2 B8-50-01-EC-51-C0 bridge On 48w (smt) 20 (smt) 0
Chris Kelly wrote:

This is starting to feel a little bit like a minefield situation (various settings in the config that I can't see that will cause issues). It might be easier and faster to simply default the AP and start from scratch so we'll at least know what we're dealing with.

Besides that though, questions:
Why is there a VLAN-1 entry in the override section that is on a different network? (192.168.111.0 vs 192.168.1.0)
Why is the nat entry there?

Sorry, another typo on my part. I'm actually using 192.168.111.0/24 but sanitized it to 192.168.1.0/24 in my first post, then forgot to sanitize it in other posts.

I don't know about the NAT entry. I didn't enter that. Did the AP automatically put that in there after I configured ge1 for 192.168.1.102/24?

I'll factory reset and start from the beginning, keeping in mind what we've discussed here, and I'll get back to you.

Should I run "delete startup-config" and then "reload" to return to factory settings?
Userlevel 4
Chris Kelly wrote:

This is starting to feel a little bit like a minefield situation (various settings in the config that I can't see that will cause issues). It might be easier and faster to simply default the AP and start from scratch so we'll at least know what we're dealing with.

Besides that though, questions:
Why is there a VLAN-1 entry in the override section that is on a different network? (192.168.111.0 vs 192.168.1.0)
Why is the nat entry there?

Yep, that's it exactly. Just make sure after you issue the "reload" command that if you see a prompt asking if you want to save your settings before reloading that you say *NO*. 🙂
Userlevel 4
So radio 2 is showing the channel 48w entry. Seems like it may be connected.
Run again the command:
show wireless bridge statistics
Chris Kelly wrote:

So radio 2 is showing the channel 48w entry. Seems like it may be connected.
Run again the command:
show wireless bridge statistics

Now the channel is 161w, then 64w. Seems like it's searching? "show wireless bridge statistics" is empty
Chris Kelly wrote:

So radio 2 is showing the channel 48w entry. Seems like it may be connected.
Run again the command:
show wireless bridge statistics

Now the channel is 161w, then 64w. Seems like it's searching? "show wireless bridge statistics" is empty
Userlevel 4
Chris Kelly wrote:

So radio 2 is showing the channel 48w entry. Seems like it may be connected.
Run again the command:
show wireless bridge statistics

Possibly. Not ever watched to see if that happens when it's not actually connected. if it is connected, the channel should stay the same...as long as it stays connected to same AP
Userlevel 4
Okay....if you're starting from scratch, this is what the CLI setup would look like.

en
config t
rf-domain default
country-code us
exit
profile ap7522 default-ap7522
interface radio 1
shut
interface radio 2
rf-mode bridge
bridge ssid myWireless
bridge encryption-type ccmp
bridge authentication-type none
bridge wpa-wpa2 psk 0 myWirelessKey
comm wr
self
interface vlan 1
ip address 192.168.111.102/24
exit
ip default-gateway 192.168.111.1
(Optionally) ip name-server [i]
commit write

I think that should be it.
I wish I would have seen your last post before I tried the config again. I messed something up and lost all remote access. I had been accessing over the 169.254.x.x IP address, or the 192.168.111.102 address. Now neither work. tcpdump shows no layer 3 traffic.

Is there a tiny paperclip hole on this unit anywhere that can be used for factory reset? This PC doesn't have a serial port, and I don't think I have an Ethernet to USB console cable...
Userlevel 4
Not sure what happened to cause the loss of layer-3 access....
No paperclip reset button on that AP though.
Only other thing I can think of is...to try to access it via MiNT from another WiNG AP.

Do you have another WiNG AP connected on the same layer-2 network?
If you do, log into that AP and issue the CLI command:
show mint neighbors
Unfortunately "0 mint neighbors" after I plug them into the same unmanaged 5 port switch

Thanks very much for your help today! I'll post again after I can find a console cable and run another factory reset, or fix whatever mistake I made.

I might not be able to get the proper console cable until I'm in my other office on Monday.

Have a great weekend
Userlevel 4
Sounds good, Aaron.
Once you are able to log back in, that list of commands I provided should have the AP setup and able to connect.
I actually found a working serial cable by chance. I factory reset the device again and entered the last config you provided me. Unfortunately it still isn't working.

I connected a laptop to AP#1 to ensure the wireless key was correct, and it worked successfully. I was able to reach the internet.

I'm going to go through the config line by line to see what the problem might be.
Userlevel 4
Output of:
show wireless bridge candidate-ap

If no candidates show up, then:
show wireless radio

If everything checks out and the AP continues to not see any APs to connect to, I'd actually be inclined to recommend a firmware update...just to make sure we're not dealing with some sort of unknown bug.

Also, if you could now...post a full copy of the running config. I'll 2x check it to make sure it's all setup correctly.

Reply