Regular Member
ukzerosniper
Posts: 550
Registered: ‎01-14-2012
Posts: 550
Kudos: 58
Solutions: 12
Registered: 01-14-2012

WDS (Transparent Bridge Mode)

Hi guys,

When I enabled WDS (Transparent Bridge Mode), I lost the ability to give out DHCP to clients connected to the CPE. There MACs did not come through the connection.

Is this to be expected?

I think I may have the usage for WDS (Transparent Bridge Mode) backwards in my thinking.

Can someone point me to good documentation or give me a simple to understand overview of appropriate and non appropriate usage along with the reasons in given examples.

Thanks guys.
If this post helped. Consider donating to my bit coin fund

1DrTMxNmBuZwgEcJs2LTh3hnB6VFEC1Uqf
Ubiquiti Employee
UBNT-Matt
Posts: 5,825
Registered: ‎11-27-2007
Posts: 5825
Kudos: 2505
Solutions: 66
Contributions: 39
Registered: 11-27-2007

Re: WDS (Transparent Bridge Mode)

Hi,
Were you using UBNT equipment on both sides?
Did you have it enabled on the Station and the AP? It will have to be enabled on both sides.
Regular Member
ukzerosniper
Posts: 550
Registered: ‎01-14-2012
Posts: 550
Kudos: 58
Solutions: 12
Registered: 01-14-2012

Re: WDS (Transparent Bridge Mode)

Hi,
Were you using UBNT equipment on both sides?

Did you have it enabled on the Station and the AP? It will have to be enabled on both sides.


Hi Matt,

Yes we have UBNT gear on both sides.

Yes, it is enabled on the Station and the AP.

With WDS off, we have noticed that when we ping a client connected to the station (an AirRouter for example), we are getting the mac of the Station back rather than the MAC of the client.

Is this to be expected when WDS is turned off?

Thanks.
If this post helped. Consider donating to my bit coin fund

1DrTMxNmBuZwgEcJs2LTh3hnB6VFEC1Uqf
SuperUser
mhoppes
Posts: 13,480
Registered: ‎06-23-2010
Posts: 13480
Kudos: 3953
Solutions: 55
Registered: 06-23-2010

Re: WDS (Transparent Bridge Mode)

Yes. That is the expected result.
Again, make sure you have WDS enables on the AP and Station as well as any links in between.
All links also need to be in bridge mode.
In running this for a small pool of dhcp IPs and it works fine.
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

Hi there
This is more than likely not the best thread for SIP related issues, but I suspect my problem is related to WDS and/or bridge mode.
I've been a Mikrotik user for 10+ years, but I'm slowly but surely moving all new links over to UBNT. However, I have run into issues on several ocasions now. It would appear that the UBNT devices would masquarade any network it is not aware of (in bridge mode with WDS enabled). This is either a bug, or the people responsible for this does not understand what a transparent bridge is.
Here's a typical setup (one that I'm currently battling with):
LAN1 -(192.168.0.0/24) - Mikrotik Router - (192.168.253.0/24) - UBNT AP - Wireless Link (PTP, Bridged, WDS enabled) - UBNT Station - (still 192.168.253.0/24) - Remote site Mikrotik Router - LAN2 - (192.168.1.0/24).
On the above setup, the Mikrotiks are responsible for routing. The UBNT's are setup to be completely transparent (ie, they should be acting like running a CAT5 cable between the two MT routers). All agree?
Devices from LAN1 can trace to LAN2 and vice-versa. Files can be transferred etc, no problem. BUT, here is the problem!
LAN1 PBX: 192.168.0.250
LAN2 PBX: 192.168.1.250
Both PBX's have SIP trunks to each other. When I do a "sip show peers" on either of the PBX's, it reports the Mikrotik at the other site's IP (the 192.168.253.x IP). (ie, LAN1's PBX sees LAN2's Mikrotik's IP which connects to the UBNT, and vice-versa for the other site).
Before we installed the UBNT wireless link, I've setup a VPN via ADSL. That used to work fine for months now, and the PBX would show the other PBX's IP as source when you do a "sip show peers".
For those who don't know how bad NAT could be for SIP, basically this type of thing causes one way voice communication (and some other similar issues, dropped calls etc).
Please note: the NAT issue is NOT on the Mikrotik, it is a fully routed network (and yes, I've even disabled masquarading on both sides). When I route the SIP trunks via the ADSL VPN, everything works as expected.
The ONLY way I could get the PBX's to see the correct source IP, was to create a VPN (PPtP on 192.168.252.0/24) through the wireless UBNT link. Unfortunately this causes some other problems, but at least we could get the VoIP working. I HAVE to fix this, as the client is refusing to pay until it is sorted.
My prognosis is that the UBNT device masquarades any network it is not aware of, and this is not only a bug, it is a very serious problem.
Could anyone suggest anything I could try (other than running CAT5 from the one building to the other 20km away, or replacing the equipment with Mikrotik AP's!)? I would really appreciate it.
Thanks guys!! G
SuperUser
Josh_SPITwSPOTS
Posts: 18,108
Registered: ‎11-20-2011
Posts: 18108
Kudos: 5599
Solutions: 138
Registered: 11-20-2011

Re: WDS (Transparent Bridge Mode)

I've been a Mikrotik user for 10+ years, but I'm slowly but surely moving all new links over to UBNT. However, I have run into issues on several ocasions now. It would appear that the UBNT devices would masquarade any network it is not aware of (in bridge mode with WDS enabled). This is either a bug, or the people responsible for this does not understand what a transparent bridge is.

Welcome to UbiquitiLand. Coming in here asking for help with this kind of attitude is going to generate a reaction, and not of a positive kind. If it's attention you wanted, you've got it.
AP-WDS to STA-WDS in bridge mode creates a 100% transparent bridge. Without WDS (even in bridge mode), clients clients on the far sides of the bridge end up with the MAC of the STA/AP.
One thing you might check, is make sure that BOTH sides of the link are running 5.5.2, or 5.5.4b.
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

Welcome to UbiquitiLand. Coming in here asking for help with this kind of attitude is going to generate a reaction, and not of a positive kind. If it's attention you wanted, you've got it.

AP-WDS to STA-WDS in bridge mode creates a 100% transparent bridge. Without WDS (even in bridge mode), clients clients on the far sides of the bridge end up with the MAC of the STA/AP.

One thing you might check, is make sure that BOTH sides of the link are running 5.5.2, or 5.5.4b.


Hi esseph

It was not my intention to offend, I was just a bit frustrated and it reflected in my writing. I do apologise for that!

Thanks for your reply!

If I understand you correctly, using WDS + bridge on both sides, the MAC's of the client devices (printers, PBX's, PC's etc) will not be reflected, but rather the MAC of the UBNT? This would mean the problem is potentially bigger than I initially thought.

I have upgraded to 5.5.2 over the weekend (I'm a bit weary of beta software, but I'm willing to try it as long as its possible to up/downgrade if there are problems).

Perhaps I should approach my request a bit differently:

I have two sites, different LAN ranges, Mikrotik Routers at each site (which does all the routing, we can't get rid of them). I have now built a wireless link between the two sites. HOW would you recommend me setting up the wireless link, so that the correct/actual SOURCE IP and MAC is shown, rather than the UBNT's MAC (an the Mikrotik's IP)?

Thanks again esseph for your help!


G
SuperUser
mhoppes
Posts: 13,480
Registered: ‎06-23-2010
Posts: 13480
Kudos: 3953
Solutions: 55
Registered: 06-23-2010

Re: WDS (Transparent Bridge Mode)

The outcome you are getting is not the expected. UBNT radios DO create transparent bridges. If you are getting the IP of the MikroTik on your SIP system you've got something configured wrong somewhere. The only way I can think that that would happen is if NAT is enabled on the MT. Otherwise, in a truly routed environment the MT IP would not end up getting sent to the remote unit.
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
SuperUser
Josh_SPITwSPOTS
Posts: 18,108
Registered: ‎11-20-2011
Posts: 18108
Kudos: 5599
Solutions: 138
Registered: 11-20-2011

Re: WDS (Transparent Bridge Mode)

Hi esseph

It was not my intention to offend, I was just a bit frustrated and it reflected in my writing. I do apologise for that!

Thanks for your reply!

If I understand you correctly, using WDS + bridge on both sides, the MAC's of the client devices (printers, PBX's, PC's etc) will not be reflected, but rather the MAC of the UBNT? This would mean the problem is potentially bigger than I initially thought.

I have upgraded to 5.5.2 over the weekend (I'm a bit weary of beta software, but I'm willing to try it as long as its possible to up/downgrade if there are problems).

Perhaps I should approach my request a bit differently:

I have two sites, different LAN ranges, Mikrotik Routers at each site (which does all the routing, we can't get rid of them). I have now built a wireless link between the two sites. HOW would you recommend me setting up the wireless link, so that the correct/actual SOURCE IP and MAC is shown, rather than the UBNT's MAC (an the Mikrotik's IP)?

Thanks again esseph for your help!


G


No, you have it backwards. Read again what I posted, then look at your response.

If you are NOT using WDS BRIDGE, then requests from the far side by clients will have the MAC of the AP/STA.

If you ARE using WDS BRIDGE on both the AP *and* the station, then it is literally just like running a long cable from one side to the other.

Make sure you don't have something silly like client isolation enabled.
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

Hi mhoppes
As mentioned, I have even tried turning NAT completely off on the Mikrotik's. (I could safely disable NAT for testing, as it only affects the client's Internet connection).
I sincerly doubt the problem is on the Mikrotik configuration, I've done hundreds of similar links in my life, even with old 2.4GHz equipment, and this particular issue is unique, as it seems the UBNT devices "rewrites" some information (by means of masquarading or other means of NAT)
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

No, you have it backwards. Read again what I posted, then look at your response.

If you are NOT using WDS BRIDGE, then requests from the far side by clients will have the MAC of the AP/STA.

If you ARE using WDS BRIDGE on both the AP *and* the station, then it is literally just like running a long cable from one side to the other.

Make sure you don't have something silly like client isolation enabled.


Sorry about that, I understand what you meant now. Ie WDS on/off turns transparency on/off.

I'm sure I don't have isolation or anything else enabled, I always try to leave as many settings default as possible.

Please tell me, from a UBNT standpoint, would it be a better idea to configure both UBNT's in Router (or SOHO Router) modes?

G
SuperUser
Josh_SPITwSPOTS
Posts: 18,108
Registered: ‎11-20-2011
Posts: 18108
Kudos: 5599
Solutions: 138
Registered: 11-20-2011

Re: WDS (Transparent Bridge Mode)

Sorry about that, I understand what you meant now. Ie WDS on/off turns transparency on/off.

I'm sure I don't have isolation or anything else enabled, I always try to leave as many settings default as possible.

Please tell me, from a UBNT standpoint, would it be a better idea to configure both UBNT's in Router (or SOHO Router) modes?

G


You can't ask a question like that without any explanation or context. I have no benchmark to judge "better" or "worse".
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
SuperUser
mhoppes
Posts: 13,480
Registered: ‎06-23-2010
Posts: 13480
Kudos: 3953
Solutions: 55
Registered: 06-23-2010

Re: WDS (Transparent Bridge Mode)

Hi mhoppes

As mentioned, I have even tried turning NAT completely off on the Mikrotik's. (I could safely disable NAT for testing, as it only affects the client's Internet connection).

I sincerly doubt the problem is on the Mikrotik configuration, I've done hundreds of similar links in my life, even with old 2.4GHz equipment, and this particular issue is unique, as it seems the UBNT devices "rewrites" some information (by means of masquarading or other means of NAT)


My guess is something is misconfigured in the MT causing the traffic to go out NAT. Think about this. The MT isn't running the SIP service... so IF the UBNT radio really was re-writing the IP address your SIP services would be broken, since the PBX systems would be sending traffic to the wrong IP addresses.

What happens if you do a traceroute?
Ubiquiti airMax Training - Morgantown, PA
October 24th & 25th - CLICK HERE TO REGISTER
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

You can't ask a question like that without any explanation or context. I have no benchmark to judge "better" or "worse".


Hi esseph

I meant it in the context of my problem, but also, if you were a UBNT salesman/technician, and you arrived at a client to install a wireless link, and you had no choice but to connect to the Mikrotik Routers. How would you more than likely configure the setup? Would you do it the way I did it using a transparent bridge, or would you let the UBNT's also do some routing?
SuperUser
Josh_SPITwSPOTS
Posts: 18,108
Registered: ‎11-20-2011
Posts: 18108
Kudos: 5599
Solutions: 138
Registered: 11-20-2011

Re: WDS (Transparent Bridge Mode)

Hi esseph

I meant it in the context of my problem, but also, if you were a UBNT salesman/technician, and you arrived at a client to install a wireless link, and you had no choice but to connect to the Mikrotik Routers. How would you more than likely configure the setup? Would you do it the way I did it using a transparent bridge, or would you let the UBNT's also do some routing?


Depends on the level of routing required. What exactly are you using the mikrotiks for?
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

My guess is something is misconfigured in the MT causing the traffic to go out NAT. Think about this. The MT isn't running the SIP service... so IF the UBNT radio really was re-writing the IP address your SIP services would be broken, since the PBX systems would be sending traffic to the wrong IP addresses.

What happens if you do a traceroute?


Like I said, all traces seems right, I get the expected gateways.

The SIP trunk does reach the remote PBX, BUT, the remote PBX "thinks" the trunk is coming from the Mikrotik's IP, instead of the PBX. In this particular scenario, the problem only seems to exist with the SIP protocol. Even when I login via SSH from LAN1's Linux server, to LAN2's Linux Server (and also Mikrotik), the connected user's source address is correct.
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

Depends on the level of routing required. What exactly are you using the mikrotiks for?


The Mikrotik's does DHCP for each LAN, it also dials PPPoE for ADSL, it connects to my main VPN Router (for support purposes), it does traffic shaping, QOS etc (QOS and shaping is only done on the ADSL interface, it will not cause any problems for the wireless link), and lastly it does all inbound port forwarding.

What I meant with you have no choice by using the Mikrotik, I meant you can't connect the UBNT directly to the LANs' switches and setup routing on the UBNT's, as prettymuch everything uses the Mikrotik as its gateway.
SuperUser
Josh_SPITwSPOTS
Posts: 18,108
Registered: ‎11-20-2011
Posts: 18108
Kudos: 5599
Solutions: 138
Registered: 11-20-2011

Re: WDS (Transparent Bridge Mode)

Like I said, all traces seems right, I get the expected gateways.

The SIP trunk does reach the remote PBX, BUT, the remote PBX "thinks" the trunk is coming from the Mikrotik's IP, instead of the PBX. In this particular scenario, the problem only seems to exist with the SIP protocol. Even when I login via SSH from LAN1's Linux server, to LAN2's Linux Server (and also Mikrotik), the connected user's source address is correct.


Have you restarted the PBXs since you put the ubiquiti bridge in place?
Josh Reynolds :: Chief Information Officer :: www.spitwspots.com
Ubiquiti Carrier Wireless Admin, Trainer
New Member
Giepie
Posts: 12
Registered: ‎08-16-2012
Posts: 12
Registered: 08-16-2012

Re: WDS (Transparent Bridge Mode)

Have you restarted the PBXs since you put the ubiquiti bridge in place?


No I haven't restarted the PBX's, but I have reconnected the trunks. It is impossible to restart the PBX's during office hours, but to force the PBX to reconnect the trunk, I enter a bogus IP, apply, then enter the correct IP and apply. In the Asterisk console ($> asterisk -rvvv) I can see when the trunk registers (although from the wrong source address).

I can only do propper testing during business hours when the client trade, but I can't interrupt their service too much, therefore I have to do the above to force the PBX to reconnect.
Established Member
Bbobb
Posts: 2,153
Registered: ‎01-13-2010
Posts: 2153
Kudos: 73
Registered: 01-13-2010

Re: WDS (Transparent Bridge Mode)

We run a fully bridged WDS backbone and have several different network scopes traversing it many of which are bridged connections from end user points with a broad selection of routers, Video confrencing gear, and IP telephony. every single instance of that provides the correct endpoint MAC without exception.

We have to concur with the suggestion you need to capture packets exiting the MT device to see what the MACs are as you are absolutely going to see the same thing out of the other end of any bridge WDS or chain of bridges WDS. It makes perfect sense that if you tunnel it across the bridge that the contents certianly won't get caught and changed but if that is the only adjustment made then you are traversing the MT differently and it is not rewriting the MAC. Hopefully a close inspection of the exact differences between those modes will bring you to the offending setting.

we don't think that your observation regarding "It worked on an MT bridge" is relevant at this point unless you directly swap the entire bridge back and forth between the two bridges with no "adjustments" on the endpoint gear. You are trying to determine if you have a defective cable or not......

Bob