Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3436
Views
0
Helpful
4
Replies

3rd party wireless bridge

Go to solution
rschwart
Level 1
Level 1

‎02-20-2012 01:51 PM - edited ‎07-03-2021 09:37 PM

I have an outside vendor using a Moog/Videolarm bridge device for security gate access. The moog/videolarm ap is set as a transparent bridge connecting to an ssid we have set up for them. The device connects with the correct credentials, but the black box connected to the bridge responds to a ping sometimes. I set a constant ping to the 2 devices, the ap/bridge and the black box: the bridge reponds for 25 pings then stops and the black box responds 25 pings and then the ap/bridge starts responding. Any suggestions thoughts, I really don't want to put up a bridge just for one device.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Justin Kurynny
Level 4
Level 4

‎02-21-2012 09:42 AM

rschwart,

If you are using a lightweight access point and a controller as your root AP in this setup, then what I think you're seeing is that transparent bridging not working correctly because of the strict 1:1 MAC:IP relationship in a client connection record. With a root AP in local mode, the recommended and cleanest way around this on the client/bridged side is to use a WGB. Here is what Cisco has to say about client bridges and WGBs in the CUWN environment:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70lwap.html#wp1144634

Despite this, you may have some other ways around this problem, and one or more of the following options may work for you:

  • Disable the IP-MAC address binding check on the controller CLI:

wlc> config network ip-mac-binding disable

  • If the option is available, configure the Moog/Videolarm device as an L3 routed device (i.e., a wireless router). Configure a new network on the "LAN" side of the Moog/Videolarm device and put your black box on that network. Use a static IP or DHCP to always assign the same IP to the "WAN" side of the Moog/Videolarm and then put a route behind the controller on your upstream L3 device to route all of your "LAN" traffic to that static/reserved "WAN" IP.

  • Change your lightweight root AP to bridge mode and when the HREAP tab appears in AP configuration mode, make it a Root AP. This will tell the controller that the 1:1 relationship of MAC:IP no longer applies. I'm not 100% sure of the ramifications otherwise (client access, RRM) of this change, and your Moog/Videolarm may not even be able to associate, but it could be worth trying just to see if you get a change in behavior.

  • If the option is available, configure MAC cloning of the black box on the Moog/Videolarm device. This way the controller only sees one MAC on the other side of the bridge link (even though you have two separate devices).

Justin

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Justin Kurynny
Level 4
Level 4

‎02-21-2012 09:42 AM

rschwart,

If you are using a lightweight access point and a controller as your root AP in this setup, then what I think you're seeing is that transparent bridging not working correctly because of the strict 1:1 MAC:IP relationship in a client connection record. With a root AP in local mode, the recommended and cleanest way around this on the client/bridged side is to use a WGB. Here is what Cisco has to say about client bridges and WGBs in the CUWN environment:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70lwap.html#wp1144634

Despite this, you may have some other ways around this problem, and one or more of the following options may work for you:

  • Disable the IP-MAC address binding check on the controller CLI:

wlc> config network ip-mac-binding disable

  • If the option is available, configure the Moog/Videolarm device as an L3 routed device (i.e., a wireless router). Configure a new network on the "LAN" side of the Moog/Videolarm device and put your black box on that network. Use a static IP or DHCP to always assign the same IP to the "WAN" side of the Moog/Videolarm and then put a route behind the controller on your upstream L3 device to route all of your "LAN" traffic to that static/reserved "WAN" IP.

  • Change your lightweight root AP to bridge mode and when the HREAP tab appears in AP configuration mode, make it a Root AP. This will tell the controller that the 1:1 relationship of MAC:IP no longer applies. I'm not 100% sure of the ramifications otherwise (client access, RRM) of this change, and your Moog/Videolarm may not even be able to associate, but it could be worth trying just to see if you get a change in behavior.

  • If the option is available, configure MAC cloning of the black box on the Moog/Videolarm device. This way the controller only sees one MAC on the other side of the bridge link (even though you have two separate devices).

Justin

0 Helpful

Go to solution
rschwart
Level 1
Level 1
In response to Justin Kurynny

‎03-05-2012 12:58 PM

Thanks for the help. This did resolve our issue and everything works for our vendor.

0 Helpful

Go to solution
Justin Kurynny
Level 4
Level 4
In response to rschwart

‎03-05-2012 01:55 PM

rschwart,

Did the vendor tell you which method they used to fix the issue?

Thanks for marking answered.

Justin

0 Helpful

Go to solution
rschwart
Level 1
Level 1
In response to Justin Kurynny

‎03-05-2012 02:48 PM

Sorry, I should have been more clear, I used the cli wlc>config network ip-mac-binding disable. Not the best solution, but it works. I only disabled it on the WLC that controls the ap.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card