Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

3rd party wireless bridge

I have an outside vendor using a Moog/Videolarm bridge device for security gate access. The moog/videolarm ap is set as a transparent bridge connecting to an ssid we have set up for them. The device connects with the correct credentials, but the black box connected to the bridge responds to a ping sometimes. I set a constant ping to the 2 devices, the ap/bridge and the black box: the bridge reponds for 25 pings then stops and the black box responds 25 pings and then the ap/bridge starts responding. Any suggestions thoughts, I really don't want to put up a bridge just for one device.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: 3rd party wireless bridge

rschwart,

If you are using a lightweight access point and a controller as your root AP in this setup, then what I think you're seeing is that transparent bridging not working correctly because of the strict 1:1 MAC:IP relationship in a client connection record. With a root AP in local mode, the recommended and cleanest way around this on the client/bridged side is to use a WGB. Here is what Cisco has to say about client bridges and WGBs in the CUWN environment:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70lwap.html#wp1144634

Despite this, you may have some other ways around this problem, and one or more of the following options may work for you:

  • Disable the IP-MAC address binding check on the controller CLI:

wlc> config network ip-mac-binding disable

  • If the option is available, configure the Moog/Videolarm device as an L3 routed device (i.e., a wireless router). Configure a new network on the "LAN" side of the Moog/Videolarm device and put your black box on that network. Use a static IP or DHCP to always assign the same IP to the "WAN" side of the Moog/Videolarm and then put a route behind the controller on your upstream L3 device to route all of your "LAN" traffic to that static/reserved "WAN" IP.

  • Change your lightweight root AP to bridge mode and when the HREAP tab appears in AP configuration mode, make it a Root AP. This will tell the controller that the 1:1 relationship of MAC:IP no longer applies. I'm not 100% sure of the ramifications otherwise (client access, RRM) of this change, and your Moog/Videolarm may not even be able to associate, but it could be worth trying just to see if you get a change in behavior.

  • If the option is available, configure MAC cloning of the black box on the Moog/Videolarm device. This way the controller only sees one MAC on the other side of the bridge link (even though you have two separate devices).

Justin

4 REPLIES

Re: 3rd party wireless bridge

rschwart,

If you are using a lightweight access point and a controller as your root AP in this setup, then what I think you're seeing is that transparent bridging not working correctly because of the strict 1:1 MAC:IP relationship in a client connection record. With a root AP in local mode, the recommended and cleanest way around this on the client/bridged side is to use a WGB. Here is what Cisco has to say about client bridges and WGBs in the CUWN environment:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70lwap.html#wp1144634

Despite this, you may have some other ways around this problem, and one or more of the following options may work for you:

  • Disable the IP-MAC address binding check on the controller CLI:

wlc> config network ip-mac-binding disable

  • If the option is available, configure the Moog/Videolarm device as an L3 routed device (i.e., a wireless router). Configure a new network on the "LAN" side of the Moog/Videolarm device and put your black box on that network. Use a static IP or DHCP to always assign the same IP to the "WAN" side of the Moog/Videolarm and then put a route behind the controller on your upstream L3 device to route all of your "LAN" traffic to that static/reserved "WAN" IP.

  • Change your lightweight root AP to bridge mode and when the HREAP tab appears in AP configuration mode, make it a Root AP. This will tell the controller that the 1:1 relationship of MAC:IP no longer applies. I'm not 100% sure of the ramifications otherwise (client access, RRM) of this change, and your Moog/Videolarm may not even be able to associate, but it could be worth trying just to see if you get a change in behavior.

  • If the option is available, configure MAC cloning of the black box on the Moog/Videolarm device. This way the controller only sees one MAC on the other side of the bridge link (even though you have two separate devices).

Justin

Community Member

Re: 3rd party wireless bridge

Thanks for the help. This did resolve our issue and everything works for our vendor.

Re: 3rd party wireless bridge

rschwart,

Did the vendor tell you which method they used to fix the issue?

Thanks for marking answered.

Justin

Community Member

Re: 3rd party wireless bridge

Sorry, I should have been more clear, I used the cli wlc>config network ip-mac-binding disable. Not the best solution, but it works. I only disabled it on the WLC that controls the ap.

1214
Views
0
Helpful
4
Replies
CreatePlease to create content