I like when things work but I get a strange feeling it if I can’t explain why. Here’s a scenario that works perfectly well but I can’t figure out why. Maybe a Wifi Ueber-Geek can help:
I’ve used a Linksys WRT54 access point configured to AP client mode (bridged) to connect to a Siemens Wifi Access Point. Connected to the WRT54 are two notebooks, each via one Ethernet port. When the cable is plugged in both were assigned an IP address by the DHCP server running on the Siemens AP (192.168.40.20 and 192.168.40.73). Both can communicate with the Internet over the single wireless link just fine. What I wanted to test with this scenario was how the Ethernet MAC addresses of the two notebooks and the WRT54 access point are used on the wireless link.
To my great surprise the Siemens AP always uses the Ethernet MAC address of the WRT54 when packets are sent to one of the notebooks. But how does the WRT54 then know which notebook (which Ethernet port) it should deliver it to? On the notebook the incoming packet contains its MAC address. This means that the WRT54 must have changed the MAC address in the destination field. But why does it do that and how can it know which MAC address to use? I am thoroughly confused.
I’ve documented the result in the two pictures below. The first picture shows how the packet looks like when its received on the WRT54. The destination address in the 802.11 header is the WRT54 (Cisco-Li…, traced with Kismet on the WRT54). The same packet on the notebook (traced with Wireshark) suddenly contains the notebooks MAC address in the destination field of the of the Ethernet II header (Uniwil…). It’s not IP routing since the notebooks and the Siemens AP behind the wireless link are all in
the same subnet. It’s also not Layer 2 bridging since the MAC address
changes.
Does anyone have an explanation for this?
Hi Martin,
I’m not sure of the “how” (anything in LLC? It’s visible but not expanded in your pic), but I’m not surprised.
A few years back I purchased a “Cisco Aironet Workgroup Bridge for 5 clients”. The AP it connected to didn’t see it as a single bridge, but as (up to) 5 separate wireless clients. I guess that made it easier to work with simple APs.
Even now, real bridging with Wireless Distribution System isn’t guaranteed to work between different vendors equipment.
In DD-WRT alternate firmware for Linksys WRT54, WDS can only be enabled in AP mode, not in Client or Client Bridged modes.
Maybe the WRT54 “cheats” and looks at the destination IP address (192.168.40.20 in your examples) in the packet to pick the MAC address? Perhaps the WRT54 builds a table of MAC addresses assigned to the IPs it gets from the DHCP server.
Like swordfishBob, I’m neither sure nor surprised.
Some thoughts :
– routing is not based on IP address, but on MAC address. The IP packet is stuffed into a Ethernet packet, and the router has to decapsulate the Ethernet packet it receives, get the destination IP, re-encapsulate it into a new ethernet packet (and, in the meantime, manage the fact that the networks FROM and TO may support different IP-length or Ethernet-length ; so it may split one packet in many if needed).
– I don’t know enough about IPv6, but I thought it was more physical-related, i.e. MAC-related than a basic IPv4 address. This means that any IPv6 compliant router would have to manage this MAC-IPv4 table.
This leads to the idea that a router is not a basic box, but rather a hard-worker…
Hi Charlie Echo,
I agree and that’s the strange thing. The WRT45 AP client is not configured as a router. It has no routing table and it is also not the DHCP server giving out the IP addresses to the notebooks. It’s not even configured to be in the same subnet as the AP on the other side and the two notebooks connected via Ethernet. In this mode it shouldn’t even look inside the packet beyond layer 2. But I have no other idea how it can change the MAC addresses without actually doing that in this mode.
I continue to be puzzled 🙂
Cheers,
Martin
I have just browsed the Linksys wireless product list and it appears that any product with WRT… in the name is a router, while an access point is WAP… . So, the WRT45 AP is a router, as far as the Linksys naming convention goes. Unfortunately, Linksys does not have a link to this (old?) product on the Wireless products page.
I think your router is performing proxy-arp for its clients.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml
Hi Erwan,
yes you are right. It took a bit of time to figure it out 🙂 Take a look here:
http://mobilesociety.typepad.com/mobile_life/2007/10/wifi-ueber-geek.html
Thanks for your comment,
Martin
—–
PING:
TITLE: Quetsion
URL: http://quetsion.labestbargains.info/?p580686890
IP: 74.86.30.114
BLOG NAME: Quetsion
DATE: 09/24/2007 03:24:27 PM
(Click here to view the original thread with full color