• September 23, 2018, 04:59:12 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Arp - 5510 - Wireless Bridge  (Read 1330 times)

0 Members and 1 Guest are viewing this topic.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Arp - 5510 - Wireless Bridge
« on: May 20, 2017, 04:26:39 PM »
Hi
  I'm not quite sure if this should be under this section or under wireless, I try and explains the problem.

So the main building is mostly  Avaya 5510 with a couple of 5520

connected to the 5520 is an EnGenius ENstationAC  that's is setup as the root for a wireless bridge setup in WDS_Bridge mode running at 5Ghz @ 80Mhz

The remote building is 100M away with clear line of site. Where the second part of the Bridge is.
The unit as setup with AES security for the bridge and MAC listed on the bridge.

@ the remote end the bridge connects to a 5520.

The link is running at about 350Mb, the test the link speed we used a product called netstress .

Also in the remote building there is an AP7131 - Controlled by RFS7K

So to the issue / problem

From the Root ( Main network ) I can connect to pc/laptops via RDP in the remote building

From the Remote Building (Wired ) I can not ping a servers in the Root network

But If I connect via the AP that is on the remote network I can ping a known server but not consistently 

From the 5520 in the remote building using telnet I run the ping <IP of the bridge> connected locally and it returns with " Host not reachable "  This also applies to even the switch itself

From the main network I can ping the root and remote side of the bridge and the devices

It looks like I need to add a next hop or something so the switch will pass traffic to the bridge

Also for some strange reason in the remote building a laptop can not RDP to a PC or vice versa
but from the main (Root ) network I can RDP to either

Not sure if any of this makes sense :-(
« Last Edit: May 22, 2017, 12:33:47 PM by Radio_Head »


Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: Arp - 5510 - Wireless Bridge
« Reply #1 on: May 30, 2017, 12:19:49 PM »
Sounds like you need to add static-routes to each site pointing back to the other.

I would use the bridges as a routed link instead of L-2, since you will get user broadcast traffic.

So, let's say site 1 is 192.168.1.0/24, and site two now becomes 192.168.2.0/24.
Between you can add 192.168.100.0/29.
First site routed interface: 192.168.100.1
first site's wireless bridge: 192.168.100.2
second site's wireless bridge:  192.168.100.3
second site's routed interface:  192.168.100.4
First site's static route:  192.168.2.0 255.255.255.0 192.168.100.4
Second site's static route:  192.168.1.0 255.255.255.0 192.168.100.1

This design keeps broadcast traffic off the link, but provides full routing capability between the buildings.

TankII

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Arp - 5510 - Wireless Bridge
« Reply #2 on: May 31, 2017, 04:46:29 AM »
Hi Tankll
    and thanks for the reply,
I have not done anything like this before :o, do you have a guide for the commands I need to run ?

The network is a flat network 1 VLan, is what you have suggested port based or global ? It only needs to be applied to the switch the bridge is connected to ?

we have quite a few stacks with MLT' s between them, would I need to enable IP Routing on all the stacks / MLT's


Between you can add 192.168.100.0/29. ( 172.xxx.xxx.0/xx )

HQ site routed interface: 192.168.100.1 ( Do I assign a static IP in the 172.xxx.xxx.0/xx to a port on the switch ? )
HQ site's wireless bridge: 172.xxx.xxx.253
Remote site's wireless bridge:  172.xxx.xxx.254
second site's routed interface:  192.168.100.4 ( Do I assign a static IP in the 172.xxx.xxx.0/xx to a port on the switch ? )

HQ site's static route:  192.168.2.0 255.255.255.0 192.168.100.4

Remote site's static route:  192.168.1.0 255.255.255.0 192.168.100.1

many thanks in advance  :)
« Last Edit: May 31, 2017, 05:49:49 AM by Radio_Head »

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: Arp - 5510 - Wireless Bridge
« Reply #3 on: May 31, 2017, 08:51:25 AM »
I would have building one in VLAN 1, and move the other building to VLAN 2, just to make things easier to follow.  Make sure you change the management VLAN for the second building so you can remote manage the switches after.  All VLANs should be port-based.  The reason for changing the other building's VLAN is to prevent any incorrectly tagged VLAN frames from bridging and causing potential logical loops.  You would need to create additional DHCP scopes, unless everything is static IP, with the appropriate DHCP forwarders in the switches.  All this can be done with base licensing, since advanced licensing is needed only for dynamic routing (OSPF) and SMLT.

Build the router interfaces as VLAN 100, which is high enough to avoid any other VLANS you might need to create for other services in the future (VOIP/Security).  You can use whatever IP address range you'd like - you noted using a 172.X.X.X range - that is of course, acceptable.  Just make sure your static routes point to the correct routed interfaces.
Only the switches/stacks that connect to the bridges need IP forwarding (routing) enabled.  The rest are Layer-2 to the 'routers'.

High level:  Building 1 (one subnet) | routed boundary | wireless bridges for L-2 connectivity between buildings | routed boundary| Building 2 (one subnet, different VLAN)

Don't forget your ISP router will need appropriate static routes so the building 2 users can reach the Internet!

TankII

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Arp - 5510 - Wireless Bridge
« Reply #4 on: June 07, 2017, 04:10:29 AM »
Hi Tankll
     
     Could you run your technical eye over this just to make sure I understand - VLAN 1 is the main VLAN

On the HQ Switch

The wireless Bridges have static IP addresses

vlan create 100 name "172-17-xxx-0/24" type port
vlan members remove 1 46-47
vlan members add 100 46-47
vlan port 46-47 pvid 100
interface vlan 100
ip address 172.17.xx.xxx 255.255.xxx.xxx
ip dhcp-relay
exit
ip dhcp-relay fwd-path 172.17.xxx.1 172.17.x.254 enable  ( Is first IP the  the IP of the remote switch followed by the DHCP server on the HQ network )

Remote_Site

vlan create 100 name "172-17-xxx-0/24" type port
vlan members remove 1 46-47
vlan members add 100 46-47
vlan port 46-47 pvid 100
interface vlan 100
ip address 172.17.xx.xxx 255.255.xxx.xxx
ip dhcp-relay
exit
ip dhcp-relay fwd-path 172.17.xxx.1 172.17.x.254 enable  ( Is first IP the  the IP of the HQ Switch followed by the DHCP Server on the HQ_network )

ip route 0.0.0.0 0.0.0.0 172.17.xxx.254 1  ( Should this be the DHCP server or the default-gateway on the HQ site and the ending 1 is vlan 1 ? )

The reason I have added two ports is we have two wireless bridges, so would these then need to set up as an MLT ? to use both bridges to give higher throughput

On the remote site, we are going to install a firewall connected to an ADSL line then setup an IPsec tunnel between the two buildings for just the wired clients - looking at getting the firewall to dhcp addresses to these wired clients on a 192.168.xxx.xxx network. Then use the wireless Bridge for just the wifi clients.

Also all Voip traffic will go via the ADSL line

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Arp - 5510 - Wireless Bridge
« Reply #5 on: June 08, 2017, 04:04:31 AM »
I Hvae done a bit more testing, so at the remote site with my laptop connected to the 5520 Ican ping and rdp to other devices local to that switch, but I can not ping anything that is on wifi in that building ( AP7532 )

so I connected to the RFS7K via ssh ( which is located in the HQ building ) and from the command I can ping the mobile device.

If I take my laptop of the wired lan and turn on the wifi I can ping the mobile device, but i can not RDP to pc in the same building.

From the main HQ network I can ping the mobile units and the desktops in the remote building

So it looks like a routing issue so would as suggested by tankll making the bridge an L3 routed connection correct the issue or at least improve it ?

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: Arp - 5510 - Wireless Bridge
« Reply #6 on: June 08, 2017, 05:09:58 PM »
Working backwards:
You do not have to enable DHCP Relay on intermediate networks.  You only need to configure it for the segments that need it.
For L-3 DHCP parameters (based on my initial suggested IP address information)
ip dhcp-relay fwd-path 192.168.1.1 192.168.200.X (Assuming the servers are on a separate segment)
ip dhcp-relay fwd-path 192.168.2.1 192.168.200.X

Your network mask is too large on the wireless bridge network (VLAN 100).  255.255.0.0 is a /16.  You list the VLAN name as /24 which is 255.255.255.0.  That can cause problems as well, which is why using something completely different for this layer-3 link is helpful.  If it is a /16 and you have other 172.17.X.X networks in your environment, the network mask will be large enough to prevent routing from leaving the switch - it things everything is local.

If you set up an MLT with two wireless bridges (Something I haven't done before), I would suggest you read up on VLACP as well.  You need to validate the remote site reachable at a per-port basis.  otherwise, the switch will think the path is up (when it isn't) and traffic will get dropped.  Alternatively, configure a separate Voice VLAN and send that via Layer-2 across  the second set of bridges to the other switch.  So,  the user VLANS would be routed to keep broadcast traffic down, and VOIP would be bridged to ensure the traffic is separated and quality is maintained. 
You have to have an MLT on both sides to prevent spanning-tree loops on the switches if both bridges are currently running.  If spanning-tree is default on the switches, take a look, and you will probably see one side is blocked in your current configuration.

If you look around at my much older posts, I have posted our Layer-2 configuration guide, which might help.  It is an older version, but it is a start.  It includes guides to QOS and other features you need to provide best VOIP service.

TankII

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Arp - 5510 - Wireless Bridge
« Reply #7 on: June 09, 2017, 08:20:21 AM »
Hi Tankll
     So to test this out of production, I have two switch's
this is what I have done
HQ
HQ_Switch(config)#vlan create 100 name "192.168.1.0/24" type port
HQ_Switch(config)#vlan members remove 1 47-48
HQ_Switch(config)#vlan members add 100 47-48
HQ_Switch(config)#vlan port 47-48 pvid 100
HQ_Switch(config)#interface vlan 100
HQ_Switch(config-if)#ip address 192.168.100.1
HQ_Switch(config-if)#ip dhcp-relay
exit
when I try the command below I get an error
HQ_Switch(config)#ip dhcp-relay fwd-path 192.168.2.0 172.17.xxx.150 enable

ip dhcp-relay fwd-path 192.168.2.0 172.xxx.xxx.150 enable
% Cannot modify settings
% Error agent/server does not exist

Remote_Switch(config)#vlan create 102 name "192.168.2.0/24" type port
Remote_Switch(config)#vlan members remove 1 47-48
Remote_Switch(config)#vlan members add 102 47-48
Remote_Switch(config)#vlan port 47-48 pvid 102
Remote_Switch(config)#interface vlan 102
Remote_Switch(config-if)#ip address 192.168.100.4
Remote_Switch(config-if)#ip dhcp-relay
exit
Remote_Switch(config)#ip dhcp-relay fwd-path 192.168.1.0 172.17.xxx.150 enable

the DHCP server is on VLAN 1 ( 172.17.xxx.150 )


I have a cable between to two switches port 48 / 48  The remote switch has a lan connection in port 45 ( vlan 1 )

I can telnet to the remote switch fine , from the cli on the remote if I run a ping to the ip of the HQ switch in the 172 range  " host is not reachable, If I ping the lan dhcp server in the 172 range , it is reachable

I can aslo ping 192.168.100.1 & .4 ( .4 being itself )

on the HQ switch I can ping 192.168.100.1 & .4 but not the DHCP server. should I still get to it ?

Do I need to set port 47 & 48 to be trunk ports ?

Many thanks for your help, it is very much appreciated



« Last Edit: June 09, 2017, 08:25:09 AM by Radio_Head »

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: Arp - 5510 - Wireless Bridge
« Reply #8 on: June 12, 2017, 03:54:46 PM »
DHCP relay requires the physical interface, not the network. 
ip dhcp-relay fwd-path 192.168.2.0 172.17.xxx.150 enable should be:
ip dhcp-relay fwd-path 192.168.2.1 172.17.xxx.150 enable

In your case, you are giving VLAN 100 a name 192.168.1.0/24 - you might want to match it up with your actual IP address for clarity.

Also, make sure you put the correct Network mask on your segments.
So, assuming all ports on Lab switch 1 are in VLAN 1, and that VLAN has a local IP address of 172.17.X.X, and your point-to-point is 192.168.100.X (/24 is really large, and not necessary), I will assume your Lab switch 2 VLAN 1 has a 172.18.X.X IP address.
With that in mind, for Lab switch 2, the VLAN 1 IP could be 172.18.0.1/24.
So, add a static-route to Lab switch 2 of: 0.0.0.0 0.0.0.0 192.168.100.1
ip dhcp-relay fwd-path 172.18.0.1 172.17.xxx.150 enable

Back on the router for 172.17.X.X (not necessarily Lab switch 1 in this case), add a static-route 172.18.0.0 255.255.255.0 192.168.100.4

See how that works!

TankII