Header Only - DO NOT REMOVE - Extreme Networks

Client bridge not working as expected


I have an AP7532 set up in client bridge mode per this guide connected to my AP3825 and the bridged device (a Crestron NVX per my last question) was able to DHCP, but now I can't ping it. The EWC and NAC only show the first bridge MAC (that of the AP) as connected. Any thoughts on what to try next?

Here's some debug output (the NVX is 00-10-7F-AA-2C-07, the switch (a B5) is 20-B3-99-F1-94-24 which I also can't ping, but see below):

ap7532-87F65C>show wireless bridge hosts
-----------------------------------------------------------------------------
HOST MAC BRIDGE MAC IP BRIDGING STATUS ACTIVITY
(sec ago)
-----------------------------------------------------------------------------
84-24-8D-87-F6-5C 84-24-8D-BE-78-50 10.20.254.72 UP 00:00:24
00-10-7F-AA-2C-07 84-24-8D-BE-78-51 10.20.255.213 UP 00:03:03
20-B3-99-F1-94-24 84-24-8D-BE-78-52 10.20.255.59 UP 00:00:37
-----------------------------------------------------------------------------
Total number of hosts displayed: 3
ap7532-87F65C>show wireless bridge statistics
----------------------------------------------------------------------------------------
LOCAL RADIO CONNECTED AP SIGNAL SNR TX-RATE RX-RATE Tx Rx RETRY
(dbm) db (Mbps) (Mbps) bps bps AVG
----------------------------------------------------------------------------------------
ap7532-87F65C:R2 D8-84-66-12-6D-21 -33 59 212 12 0 k 6 k 0
----------------------------------------------------------------------------------------
Total number of radios displayed: 1
ap7532-87F65C>show wireless bridge config
---------------------------------------------------------------------------------------------------------------------------------------
IDX NAME MAC PROFILE RF-DOMAIN SSID BAND ENCRYPTION AUTHENTICATION EAP-USERNAME
---------------------------------------------------------------------------------------------------------------------------------------
1 ap7532-87F65C 84-24-8D-87-F6-5C default-ap7532 default Staff 2.4GHz/5GHz ccmp eap tuser
---------------------------------------------------------------------------------------------------------------------------------------
ap7532-87F65C>show wireless radio
----------------------------------------------------------------------------------------------
RADIO RADIO-MAC RF-MODE STATE CHANNEL POWER #CLIENT
----------------------------------------------------------------------------------------------
ap7532-87F65C:R1 84-24-8D-BB-10-D0 2.4GHz-wlan Off N/A ( smt) 30 (smt) 0
ap7532-87F65C:R2 84-24-8D-BE-78-50 bridge On 165 ( smt) 20 (smt) 0
----------------------------------------------------------------------------------------------
Total number of radios displayed: 2
[/code]If I ssh to the AP7532 then telnet to the switch, I can ping stuff from the switch. But the bridge MAC doesn't show up in the infrastructure at all (not in 'show mac 84-24-8D-BE-78-52' or 'show port ge.5.30' (which does show 84-24-8D-BE-78-50). I can even telnet to a webserver and issue "GET / HTTP/1.0" so two-way communication is possible. OK, if I check ARP for the switch's DHCP IP it's 84:24:8d🇧🇪78:50 just like the AP7532's IP is:
$ arp -n 10.20.254.72
Address HWtype HWaddress Flags Mask Iface
10.20.254.72 ether 84:24:8d🇧🇪78:50 C vlan20
$ arp -n 10.20.255.59
Address HWtype HWaddress Flags Mask Iface
10.20.255.59 ether 84:24:8d🇧🇪78:50 C vlan20
[/code]So the AP7532 isn't correctly giving each bridge host a unique MAC address on the wifi. Is there something I should be doing so it does this? It's currently authenticating to a WPA2-Enterprise SSID:
interface radio2
rf-mode bridge
channel smart
power smart
data-rates default
no preamble-short
radio-share-mode off
bridge ssid Staff
bridge encryption-type ccmp
bridge authentication-type eap
bridge eap username tuser
bridge eap password 0 hunter2
[/code]Although DHCP is coming from the MAC addresses you'd expect:
Jun 13 08:33:21 antares-a dhcpd: DHCPDISCOVER from 84:24:8d🇧🇪78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPOFFER on 10.20.255.59 to 84:24:8d🇧🇪78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPREQUEST for 10.20.255.59 (10.20.0.2) from 84:24:8d🇧🇪78:52 via vlan20
Jun 13 08:33:22 antares-a dhcpd: DHCPACK on 10.20.255.59 to 84:24:8d🇧🇪78:52 via vlan20
Jun 13 13:02:10 antares-a dhcpd: DHCPREQUEST for 10.20.255.213 from 84:24:8d🇧🇪78:51 (DM-NVX-351-00107FAA2C07) via vlan20
Jun 13 13:02:10 antares-a dhcpd: DHCPACK on 10.20.255.213 to 84:24:8d🇧🇪78:51 (DM-NVX-351-00107FAA2C07) via vlan20
[/code]So now I'm really confused. Any thoughts? AP3825 is running 10.31.08 FWIW.

6 replies

Also the Slides for 5.8.5 Client Bridge link at https://gtacknowledge.extremenetworks.com/articles/Solution/AP7522-Client-Bridge-not-able-to-making-... doesn't work.
Userlevel 7
I can't remember whether IdentiFi likes a bridge with different MACs !?

I've installed Scalance client-APs a loooong time ago and I think we've always used the mode that only allowed one MAC on the radio....
https://support.industry.siemens.com/cs/document/109474556/why-is-the-wlan-client-connected-to-the-a...

Why not use WDS or mesh ? As far as I unterstand the NVX is mobile in this one room only - right ?!
Ron wrote:

I can't remember whether IdentiFi likes a bridge with different MACs !?

I've installed Scalance client-APs a loooong time ago and I think we've always used the mode that only allowed one MAC on the radio....
https://support.industry.siemens.com/cs/document/109474556/why-is-the-wlan-client-connected-to-the-a...

Why not use WDS or mesh ? As far as I unterstand the NVX is mobile in this one room only - right ?!

Yeah, just this room, but there's going to be 7 mobile tables with NVXes on them, and the NVX protocol is multicast so I definitely don't want mesh. If it comes to it I could just use WiNG APs for the uplink APs as well (I'm thinking AP8432s). I do have a second AP7532 for testing so I'll give it a shot tomorrow.
Userlevel 6
Maybe this article helps: https://gtacknowledge.extremenetworks.com/articles/Solution/Devices-behind-3rd-party-wireless-bridge-unreachable-over-time/

-Gareth
Client Bridge is supposed to use a different MAC address for each client device. And sometimes it does, when they DHCP, but sometimes it doesn't. Although perhaps the MAC address in the DHCP packet and is being altered while the L2 MAC is unchanged? I'm going to have to get some traffic dumps at this point.
I contacted GTAC, and it turned out to be SPR-3354 which was fixed in WiNG 5.9.1 - I upgraded to WiNG 5.9.2 and it worked fine. Although now I'm hitting an issue where the AP7532 fails to associate to an AP3825 at VHT speeds but works when it falls back to HT, which is a bit odd. I'm still running 10.31.08, I was going to upgrade to 10.41 but my service contract hasn't been properly associated with my assets so now I need that sorted out first. I'll try connecting it to an AP3935 while I wait.

Reply