Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Networking & Wireless forum

Resolved Question

CentOS 6 with Cisco WET200 (wireless bridge)

by klaymen2 / October 19, 2011 10:59 PM PDT

Hi all,

I'm not sure if this is an issue with the Cisco WET2000, or with CentOS 6.0...

We recently got a Cisco WET200 bridge (firmware 2.0.0.5-ETSI) to connect some servers with only ethernet interfaces to our LAN where we don't have a wired connection between the roomn with the servers and the LAN (powerline doesn't work neither btw). The LAN is connected to the internet (cable provider) using a Vigor2110Vn (firmware 3.3.2.3). The Vigor serves as router and access point to the LAN (IP 192.168.0.1). There are wired and wireless systems connected to the Vigor.

The servers on the seperate segment conencted via the Cisco bridge are all running CentOS 6.0. To connect the servers to the bridge, we have a switch (3com) between them so all servers are on the same port 2 of the bridge. I set the servers up using DHCP using the Vigor as DHCP server, and their MAC addresses are bound to fix IP addresses in the Vigor (currently 192.168.0.211 - 192.168.0.213).

The whole setup works, the servers receive their IP addresses correctly, they have the Vigor router also correclty in their arp table. I can also without any problems reach the servers from the LAN and vice versa, I can for example mount a filesystem from our NAS (IP 192.168.0.17) over the bridge. Performance is quite nice.

Only one thing does not work: I can't reach the router from the CentOS servers. Pings from server to router don't succeed, and of course no connection to the internet is possible at all (because the Vigor is the default gateway). But, as I mentioned, the DHCP setup works; when I change the assigned IP on the Vigor, the router gets the new IP at the next reboot, so server and Vigor can communicate with each other using DHCP. But obviously not in any other way. Every other system on the LAN is visible from CentOS though, both wired and wireless systems. Just not the router itself. I can even see the router's (correct) MAC and IP in the servers arp table (arp -a). Firewall on the servers are turned off.

The real strange thing comes here: when I shutdown the server and connect it to the router directly (wired), skipping the bridge, everything works perfectly. This would be an indication that the bridge has an issue.

If I connect my standard laptop (Windows 7) to the Cisco bridge though, on the same switch where the servers are located, this *also* works perfectly! This would be an indication that the issue is with CentOS and contradicts the first test. In further tests I verified MacOS Lion (directly), Suse Linux inside a VMWare (bridged), and even CentOS 5.2 in a VMWare (bridged) in the seperated segment; they all work flawlessly. Only CentOS 6.0 (both native and inside a VMWare) don't work over the bridge to the router.

Even if I install VMWare with a Windows XP guest OS on the CentOS 6.0 server as host, this guest OS works perfectly if I set its ethernet interface up as bridged (so it gets an IP address in the 192.168.x.x range), while - as said - the CentOS 6 host itself doesn't get through. This excludes (I think) hardware issues with the network interface. If I set up the Windows XP guest as NAT, of course it doesn't work.

I also tried sniffing the traffic. Unfortunately I can't sniff directly at the Vigor to see what reaches it, because there is only a wireless connection there. So I tried to mirror the wired (and also wireless) port on the Cisco to port 1 and sniffed there. Unfortunately I only see packets from the servers to the LAN and no reply packets, not even for working connections between servers and LAN where there *must* be packets in both directions, and yes, of course I tried "Ingress", "Egress" and "Both". I seem to do something wrong there. So sniffing didn't give me any indications what could be wrong.

Any ideas or suggestions? It seems to be something related to the interaction Centos6+Cisco+Vigor, because with only 2 of those components there are no issues: servers directly on LAN work (Centos6+Vigor), servers to other LAN systems work (Centos6+Bridge), and laptop on bridged segment works (Bridge+Vigor). No idea what else I could try... Possibly some MTU size issue? Fragmentation?Thanks for any advice,

Andy

klaymen2 has chosen the best answer to their question. View answer
Discussion is locked
You are posting a reply to: CentOS 6 with Cisco WET200 (wireless bridge)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: CentOS 6 with Cisco WET200 (wireless bridge)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer chosen by klaymen2

Collapse -
Partially solved (workaround)
by klaymen2 / October 20, 2011 11:59 PM PDT

Meanwhile I found a workaround, though no real explanation.

The solution was to configure all servers using static IPs instead of DHCP *and* to remove the entries from the router DHCP reservation list. I think I already tried it earlier without success, but maybe I forgot to remove the systems from the router DHCP list. Anyway, this way - static IP and no entries for the MACs on the router - it works. As soon as I switch the servers to dynamic IPs (with or without DHCP reservations on the router), it doesn't work anymore - though the servers *do* get IP addresses and *can* communicate with all other systems, except the router. This static IP setup is ok for me, but still it would be nice to have an explanation. Closest thing I can think of is that the router - though it has the IP/MAC relationship in its static list (DHCP reservation) - for some reason doesn't know/notice that those IPs are online and so never react on packets from them. This might also be an issue with the Vigor router, this device already gave me headaches earlier (I still didn't find the ideal router .-).

Thanks for your help anyway, I hope the "solution" helps others.

Collapse -
Answer
testing
by bill012 / October 20, 2011 2:11 AM PDT

Looks as though you have done most the stuff I would have done. It is unfortunate the port mirroring does not work correctly since that is the best way to find this.

It is highly unlikely it is a issue with something like MTU or fragments since you can't get ping to work and that uses very small packets.

First thing to check is the mac tables on the switch and maybe the bridge if you can. You should see the mac address of the devices on the correct ports... ie the ports the switch/bridge uses to SEND traffic should contain the mac. If you see the mac a packet has to have passed though that port with the source mac set to it. These time out fairly quickly so make sure you check right after sending traffic from both ends.

Next ensure that your router has a arp entry for your servers with the correct mac. If not you could try to hard code one. If you do not have a arp entry then something is blocking it.

Even with the sniffer working only one way you can gets some useful info. First clear the arp table on the router so it must rearp the server ip. You should see your server send a response to the arp even though you do not see the request in the sniffer... but it implies the server got the request. This will imply you have very basic networking correctly working. I am betting since it works without the bridge you will see a issue at this point.

Next I would do the same with a ping packet from the router to the server. If you see the ping get sent back then you at least know that it received the packet and processed it and the packet is getting lost going back. It would be nice if you could see the packet coming but at least you eliminate part of the path.

Collapse -
Additional sniffing results
by klaymen2 / October 20, 2011 6:32 PM PDT
In reply to: testing

Thanks for your answer!

Yes, I see all the MAC addresses correectly.

I tried an additional test and replaced the switch on the side of the servers by a hub so I can at least sniff all traffic on this side of the bridge. Very strange stuff indeed here...

first, I see the pings that get through and those that don't get through. They look identical.

Then I started XP in a VMWare on the server with the problem and sniffed the succesful ping of this system. The only difference I can see to the failed ping is the slightly different data part, and the fact that CentOS seems to set the Id field in the IP header always to 0 (no increments) and sets the don't fragment bit. but this is also the case for the successful pings to the other systems.

Then I set a filter to see only packets betwen the ethernet addresses of the CentOS server and the router. I see:

- an ARP reply from the router (to a ARP request from the server that was a broadcast)
- several failed DNS queries from the servers
- of course the failed ping requests
- interesting: *one* direct (non broadcast) ARP request from server to router with "Who has 192.68.0.1? Tell 192.168.0.212" (those are the IPs of router and server), followed by a correct reply from router to server ("192.168.0.1 is at ..."). This shows that ethernet frames between those addresses can cross the bridge successfully. I don't really grasp why this query was sent out though, but that's another issue.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!