Prev: Possible to secure WEP?
Next: xp not detecting correct dhcp address
From: John Navas on 3 Jul 2006 19:35
On Sat, 01 Jul 2006 10:03:18 -0700, Jeff Liebermann
<jeffl(a)comix.santa-cruz.ca.us> wrote in
<ct9da294d0fbkbcm5dv2udp6kgkda1nb14(a)4ax.com>:

>John Navas <spamfilter0(a)navasgroup.com> hath wroth:
>
>>Access points (unlike routers) don't query DHCP servers because they
>>don't care about IP addresses. They are simply bridges that just pass
>>data link layer traffic back and forth, including DHCP traffic from
>>clients talking to DHCP servers on the other side of the bridge. The
>>management interface address of the access point is set manually, not by
>>DHCP.
>
>I beg to differ. [SNIP]

You are correct, as I noted in an earlier response.

>The problem is what to do about the gateway IP address. Note that the
>default value for the gateway on the above examples is blank or
>0.0.0.0 which means no default gateway. That makes sense as you would
>not want your return packets going off to the internet when they
>should be going to whatever IP is originating the packets. The only
>time one needs a real gateway IP is when the access point needs to get
>or send something to or from the internet. That can be time sync,
>update checks, logging output, and possibly DNS lookups. Otherwise,
>no gateway is required or desired.
>
>Another uncommon problem is what to do if the gateway IP address
>happens to be outside of the netmask IP address range. This can
>happen if the LAN is divided into subnets. All current desktop OS's
>support this, but it seems to be lacking in commodity routers and
>access points. It's not a big problem but should be consdered for
>complex network topologies. (The easy solution is to alias the
>internet gateway router with a LAN gateway IP in each sub-net).

Here I beg to differ. A network bridge doesn't have anything to do with
IP addresses since it operates on the data link layer. Thus a gateway
address and netmask aren't meaningful to the bridge, especially since
they won't necessarily be related to the proper port. In other words,
they are only meaningful to the management module. The correct thing
for the bridge to do is to either learn the correct port from the
incoming Ethernet management frame, or flood the response to all ports,
initially at least, learning which port to use for future responses,
just as it does with all other network traffic.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
From: Jeff Liebermann on 3 Jul 2006 22:49
John Navas <spamfilter0(a)navasgroup.com> hath wroth:

>>The problem is what to do about the gateway IP address. Note that the
>>default value for the gateway on the above examples is blank or
>>0.0.0.0 which means no default gateway. That makes sense as you would
>>not want your return packets going off to the internet when they
>>should be going to whatever IP is originating the packets. The only
>>time one needs a real gateway IP is when the access point needs to get
>>or send something to or from the internet. That can be time sync,
>>update checks, logging output, and possibly DNS lookups. Otherwise,
>>no gateway is required or desired.
>>
>>Another uncommon problem is what to do if the gateway IP address
>>happens to be outside of the netmask IP address range. This can
>>happen if the LAN is divided into subnets. All current desktop OS's
>>support this, but it seems to be lacking in commodity routers and
>>access points. It's not a big problem but should be consdered for
>>complex network topologies. (The easy solution is to alias the
>>internet gateway router with a LAN gateway IP in each sub-net).

>Here I beg to differ. A network bridge doesn't have anything to do with
>IP addresses since it operates on the data link layer.

Generally true for most consumer access points and bridges. Wwrong
for the better bridges and access points. The higher end devices all
have syslog, ntp, snmp, smtp for emailing log files, dnsmasq, and
other services that usually require internet access to work. Without
these, the bridge would not need a gateway to the internet as in a
typical commodity access point. But, with these services, a
functional gateway is a requirement.

Another example is the typical print server. Many of these can
automagically check for firmware updates from the internal web based
admin interface. However, that doesn't work unless the default
gateway is configured and functioning. Of course, if IPP (internet
printing protocol) is being used, the gateway is manditory.

>Thus a gateway
>address and netmask aren't meaningful to the bridge, especially since
>they won't necessarily be related to the proper port. In other words,
>they are only meaningful to the management module.

Management and services features.

>The correct thing
>for the bridge to do is to either learn the correct port from the
>incoming Ethernet management frame, or flood the response to all ports,
>initially at least, learning which port to use for future responses,
>just as it does with all other network traffic.

I don't think a bridge can determine the default gateway by this
method.

--
Jeff Liebermann jeffl(a)comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
From: John Navas on 4 Jul 2006 10:59
On Mon, 03 Jul 2006 19:49:18 -0700, Jeff Liebermann
<jeffl(a)comix.santa-cruz.ca.us> wrote in
<b6lja2hj6vuqose9gr10nfq1tec15j25f2(a)4ax.com>:

>John Navas <spamfilter0(a)navasgroup.com> hath wroth:

>>Here I beg to differ. A network bridge doesn't have anything to do with
>>IP addresses since it operates on the data link layer.
>
>Generally true for most consumer access points and bridges. Wwrong
>for the better bridges and access points. The higher end devices all
>have syslog, ntp, snmp, smtp for emailing log files, dnsmasq, and
>other services that usually require internet access to work. Without
>these, the bridge would not need a gateway to the internet as in a
>typical commodity access point. But, with these services, a
>functional gateway is a requirement.

Sure, but those are management services that aren't really part of the
bridge -- the management module is functionally separate (and is even
physically separate with some devices), and a gateway is only necessary
when leaving local subnets by means of a router, which isn't true in
many cases.

>>Thus a gateway
>>address and netmask aren't meaningful to the bridge, especially since
>>they won't necessarily be related to the proper port. In other words,
>>they are only meaningful to the management module.
>
>Management and services features.

Right, but not part of the bridge.

>>The correct thing
>>for the bridge to do is to either learn the correct port from the
>>incoming Ethernet management frame, or flood the response to all ports,
>>initially at least, learning which port to use for future responses,
>>just as it does with all other network traffic.
>
>I don't think a bridge can determine the default gateway by this
>method.

True, but it will work fine when the source is on a local subnet, as it
often is. I personally think it's a bad idea to have network hardware
devices making non-local connections on their own.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
First  |  Prev  | 
Pages: 1 2 3 4 5
Prev: Possible to secure WEP?
Next: xp not detecting correct dhcp address