As some of you may recall, I’m not an ISP but just using Canopy 900 gear for a private point-to-point link, using a single AP and SM in a rural setting.
I have the connection running very stable, even through some foilage and pines. Throughput is as good as I can expect using the 900 band (total of 4.5Mbps aggregate).
Now what I’d like to do is modify my routing to suit my needs better. What I really want to do is just use this as a private bridge between two wired LAN segments. That is, I want any computer in a wired LAN at either the AP or the SM side to access any other computer at the other side. In essence, just as if the two LAN segment switches were cascaded together.
I do this know to another building using Linksys WAP54G access points in “bridge mode” and it works great. But I needed the Canopy 900 setup to connect these two sites due to the NLOS conditions.
Currently everything on both sides is in the 192.168.1.x subnet:
LanA’s gateway: 192.168.1.1
AP (at LanA): 192.168.1.110
SM (at LanB): 192.168.1.211
LanB devices: 192.168.1.2xx
The SM is set to NAT disabled, Local network accessibility, and a gateway of 192.168.1.1 (which is located on the same switch as the AP).
From the SM side, I only got things to work by using a hub instead of a switch. I also used static IPs on all devices on the SM hub side to eliminate worrying about DHCP issues. Things on the SM side can then find each other, any device in the wired LAN segment where the AP is located, and public IP’s by going through the gateway at the AP location.
However, I can’t go the other direction. Devices on the LAN segment of the AP side can’t find devices on the SM segment, with the exception of the SM address itself.
I’m pretty sure I understand why all of this is true, and why I had to use a hub instead of a switch at the SM side. What is less clear to me is how to reassign my IP configuration to achieve the result I want, which is simply to bridge two wired segments with a switch on each side, and be able to route between any device on either side.
When I put the Linksys pair in “bridge mode”, how do the switches on end know to route traffic for a device to the Linksys bridge? And how do I mimic this behavior with the Canopy 900? (I’m at 7.3.6 now)
I realize this is not the norm for Canopy setups, since I am not in a service provider / client relationship, and that a WISP would not want to do it this way.
Should I be using a different private IP / subnet range on the SM? IE, 192.168.2.x or something? I can easily do a router there instead of the hub, and have the router provide DHCP for its own subnet. Then if that router lists the IP address of the SM as it’s default gateway, won’t any traffic not on the 192.168.2.x subnet then route to the SM and then on to the AP?
This (I would expect) should let the SM side LAN segment work amongst themselves and get to the AP side and out its gateway for public IPs. But would it also let them access devices in the 192.168.1.x subnet at the AP?
And how would devices in the 192.168.1.x subnet at the AP get routed to the 192.168.2.x subnet at the SM? Would that be by me adding a “static route” in the router at the AP side?
Would this be the right entries for that?
Destination 192.168.2.1
Subnet mask 255.255.255.0
Gateway 192.168.2.1 (the router’s IP? the SM’s IP?)
Metric 2?
Private Y?
According to the router help text, if private is true “the static route will not be reported in RIP”. Is that what I’d want in this scenario since both segments are private IP subnets?
I’ve never had to deal with bridging two private IP subnets before, only single subnets and all the associated settings for the gateway/router/firewall. Is using two different subnets the best way for me to go? Or at least I couldn’t figure out how to make it happen with a single subnet, like it does with my Linksys bridge.
How should I setup the AP and SM’s IP configuration? Do I then enable NAT on the SM side if that is in its own subnet? Is a static route only needed on the router on the AP side, since the SM segment would come to the gateway router on the AP side whether it needed a public IP or private IP in the other segment?
Am I on the right track here?
Thanks in advance. (I’m a software guy; not a network admin…)
Doug
Canopy is by nature a transparent bridge. As long as they are registered, the two Ethernet ports are the same as two ends of a wire (unless you have filters enabled in the SM).
The IP’ in the AP and SM are just for management and have no bearing on the network running on it. So, here is how I would do it:
192.168.1.1 Router with DHCP server
255.255.255.0 Subnet
192.168.1.100+ LAN A, LAN B all set for DHCP
192.168.1.10 AP Static Assignment
192.168.1.11 SM Static Assignment
SM = NAT disabled
If you prefer a static network, then just assign IP’s that are outside the routers’ DHCP pool. Make the router’s IP address the DNS server and then put your DNS IP’s in the router along with your WAN IP.
Jerry Richardson wrote: Canopy is by nature a transparent bridge. As long as they are registered, the two Ethernet ports are the same as two ends of a wire (unless you have filters enabled in the SM).
Hmm, it doesn't seem to work that way for me in practice. I do have everything in the same 192.168.1.x subnet now (mask 255.255.255.0), with NAT disabled on the SM and no filters enabled.
I've tried both the "public" and "private" network options on the SM configuration. The User Guide isn't real clear what this is actually for, so I tried it both ways. :(
If I was using a hub on the AP side, I suspect it might work. But I have a Gibagit switch on that side, and want to keep it that way. The problem seems to be things on the AP lan segment side don't know to route over the RF link to the switch on the other side.
On the SM side, the default gateway is still the 192.168.1.1 router, and things can go that direction. But how do I get things to route to devices on the SM side?
Doug
"Currently everything on both sides is in the 192.168.1.x subnet:
LanA’s gateway: 192.168.1.1
AP (at LanA): 192.168.1.110
SM (at LanB): 192.168.1.211
LanB devices: 192.168.1.2xx "
If this is still true, then use a SWITCH at LAN-B and do not deploy a Router nor Access Point. This will give you a flat network and the two locations should appear as one.
wtkirk wrote: If this is still true, then use a SWITCH at LAN-B and do not deploy a Router nor Access Point. This will give you a flat network and the two locations should appear as one.
My original install used a Linksys WRT54G router+WiFi as the connection point of the SM, but I disabled the DHCP in it and plugged the SM into one of the switch ports instead of the WAN port. I figured this would give me a 4 port switch (including the SM) plus WiFi broadcast at that location.
But it didn't work, so I dropped in the hub.
What is the "private" vs "public" setting in the IP config of the SM? I've been trying to do some research, and perhaps that is my problem? I have it on private now, thinking that was because 192.168.1.x was private. But does this really control whether the switches on the two ends are able to share routing data on the devices behind the AP and SM?
Did it maybe not work for me because it was set to "private" on the SM?
Doug
I think the Public/Private has to do with accessing the management IP on the SM. If it’s public you can get to it from both sides, if it’s private you can only get to it from on side.
LAN A --> AP --> SM --> Gigaswitch --> LAN B and Router LAN port (as WiFi AP)
When you say you can’t get from one side to the other - what exactly do you mean? What tests have you perfomed? Pings? Windows File Sharing Browsing?
Go to the Bridge Timeout Entry in both the SM and AP. Set them both to 1440. Reboot all nodes on both LANs. This includes the AP, the SM, and the switches/hubs.
It sounds like the AP is not “switching” MAC addresses and frames properly. I ran into this problem a few years ago. Setting that parameter to 1440 and rebooting “should” fix it.
Keep us updated.
msmith wrote: When you say you can't get from one side to the other - what exactly do you mean? What tests have you perfomed? Pings? Windows File Sharing Browsing?
Correct. Neither would work, even with the IP in the UNC path instead of machine name.
msmith wrote: Go to the Bridge Timeout Entry in both the SM and AP. Set them both to 1440. Reboot all nodes on both LANs.
They are currently both 25 minutes (which must be the default, because I have not changed them). I'll try this and report back. I may not have access to the SM side until sometime this weekend though.
Thanks for the suggestion.
Doug
msmith wrote: Keep us updated.
Well, nobody is at that site right now, but I decided since it didn't have a switch but only a hub, I'd change the settings and remotely reboot the SM and reboot the AP and router on my side.
And guess what? Now I can ping the machines at that side, and though I can't see them in Network Neighborhood I can specify it in a UNC or map a drive to it.
So this weekend I'll try removing the hub and putting the switch back in place, then I should be all set.
Thanks again -- I wouldn't have known to try that option...
Doug
No problem.
I had a similar issue a few years ago, so my advice comes from experience.