Forum

Good Morning,

I have a wireless bridging scenario that I'm troubleshooting and I'm looking for some thoughts about what I've missed.

I have a multi-building VPN/DSL-routed network that has been working with no issues. We've decided to go with a wireless bridge between the buildings to improve the speed. LAN A is the central LAN and has a server and muliple workstations, LAN B and C are remote offices with a few workstations.

The wireless provider installed a bridge in each location and made the radio links. Everything runs and is stable from bridge to bridge over a dedicated IP subnet 192.168.1.0. LAN A has a bridge in AP mode and LAN B and C have bridges running in Station Adapter - Infrastructure (SAI) mode. For full disclosure, if you directly connect to bridge B and use the 1.x address you can access the GUI for the AP in LAN A or the local bridge in LAN B. However, you cannot access the GUI for bridge C. This is supposed to be a feature of the bridging software.

Ok so here is the problem. In the routed configuration, I had subnets 70 (core), 71 and 72. All traffic in this configuration is bi-directional. When the bridge was in place, I decided to flatten the network by changing my subnet mask to include these three subnets (so that Internet traffic would continue to flow out the individual DSL links but internal traffic would use the wireless). When I did this workstations in the 71 network were able to ping the server at 70.253 and the Arp cache showed that they were connecting at the MAC layer. However, when I apply the same subnet mask in the 70 network, I get the matching ARP entry but I don't get ping traffic. So it seems that broadcast traffic flows out but not directed traffic.

Now I've gone over the IP multiple times and when I switch a machine in the core network back to a fully routed subnet mask the Ping immediately starts working.

Because the connection works on a routed link the only thing I have left to go on is the bridging configuration. I noticed in the bridge configuration that there was an option for running the remote bridges in Station Adapter - Infrastructure mode (SAI) or Building-to-Building (PxP) mode. Everything else looks good based on the CWNA training I received. However, I can't find any specific document on what is the functional difference between these modes to elminate this as a possibility. The vendor's wireless engineer assures me that the modes don't matter, that it only has to do with how the radios talk to each other. My instincts are telling me that the remote bridges are forwarding to the AP but that the AP somehow doesn't have a way to forward back to the remotes...

What else should I be looking for? Thanks in advance.

Rob Ruder

i am confused on the physical layer and ip setup. can you include a drawing of some type? my concern is the current wired network, the new wireless network, and the physical connectivity to both. almost sounds like they are competing, or, there is a spanning-tree issue going on.

I don't know that I can do a drawing but I can lay out the numbers a little better.

LAN A: 192.168.70.0/24 GW 192.168.70.254
LAN B: 192.168.71.0/24 GW 192.168.71.254
LAN C: 192.168.72.0/24 GW 192.168.72.254

The gateway for each LAN is a DSL Connection to the internet. On each DSL Router there is a defined VPN tunnel from each LAN to the other two LANs. In this configuration all traffic is bi-directional, a host in each subnet can ping hosts in each of the other subnets. The backbone for each LAN is a switch.

The wireless layer is a bridge device in each building that is connected to its local switch. The bridge in LAN A is configured as an Access Point and the bridges in the other two LANs are configured in Station Adapter - Infrastructure mode. The bridges are configured with a 192.168.1.0/24 IP for administrative purposes and a client configured in that subnet range and plugged into a bridge can ping the other bridges. Bridge B and Bridge C can ping Bridge A. Bridge A can ping both Bridge B and Bridge C, however, Bridge B cannot ping Bridge C nor vice versa.

This is what I observed. I changed the mask in Subnet B to 20 bits rather than 24, i.e. 255.255.240.0. My expectation was that with a 240 subnet the host computer would resolve the address ranges 70, 71, and 72 as a single network and would thus use ARP to locate the local host for connectivity. Anything outside of the 20 bit mask would be handled through the DSL router. This is exactly the behavior I got. From a computer at 192.168.71.75 I was able to successfully ping 192.168.70.253 and I the ARP cache contained the appropriate MAC entry.

However, when I went to LAN A and tried the same mask, I could not ping from 192.168.70.253 back to 192.168.71.75. However, the ARP cache contained the appropriate MAC address after I had attempted pinging. So, ARP traffic worked while Ping traffic did not. When I switched the mask back to the 24 bit mask, I was able to ping again but of course it was using the Default Gateway and VPN routes so I did not have the MAC address in the ARP cache.

Actually, while reviewing terminology again, I found that the scenario I'm working with is layed out graphically in Figure 4.9 of the CWNA Official Study Guide.

what is doing the routing on this network? you have three subnets, switches, vpns...what is routing between all the subnets, or, is it one flat network? default gateways and subnet masking? how does that look?