Spoiler alert, Mike has some new recording equipment, so let’s see what he does with it.
Mike, Wilson and Miller went to WISPAmerica 2016 in Louisville, KY last week. We came out with six interviews that are of far better quality than last fall in Vegas. The show just started a week ago and we already have 3/5ths of the views of the new videos. We interviewed Baicells, Mimosa, VISP, Trango, IgniteNet and TowerOne.
If you need to find the SNMP Ifindex of your Cisco router you can simply enter :
1 2 3
!change the interface name for your desired entry. router# show snmp mib ifmib ifindex TenGigabitEthernet1/1 Interface = TenGigabitEthernet1/1, Ifindex = 1
I had a customer ask for a very odd configuration.
Off of the ServerAP, Ether 2 must always hand out 192.168.88.10. The routers need to be a generic config so they can use them no matter what MAC address the server has.
They also want the ClientAP to just bridge everything together so the remote special devices will pull DHCP from the server AP. Oh yeah…and they all have to be in the same “subnet” and accessible to each other. What to do, what to do…
Well, this is what I did:
The ServerAP has proxy-arp enabled for both Ether2 and WLAN1.
I then set Ether2 to IP 192.168.88.1/28 and configured a DHCP server on it to only hand out 192.168.88.10. If you don’t add an interface with an IP, the DHCP won’t enable. I first thought about bridging Ether2 and WLAN1, but if you do this, you can only run a single DHCP server…which means we can’t set aside a special IP for the server. So by breaking the subnet up we can run multiple servers.
Ether2 is configured for 192.168.88.19/24 with a DHCP handing out 192.168.88.100-254.
The ClientAPs then run in station bridge to allow them to connect wirelessly and bridge their ether interfaces over. Now wired clients can pull DHCP from the ServerAP.
Here’s the configs:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
/interface ethernet set [ find default-name=ether2 ] arp=proxy-arp /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk eap-methods="" management-protection=\ allowed mode=dynamic-keys name=profile1 supplicant-identity="" \ wpa2-pre-shared-key=popcorn /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ arp=proxy-arp band=2ghz-b/g/n disabled=no mode=ap-bridge \ security-profile=profile1 ssid=p48923 /ip pool add name=dhcp_pool1 ranges=192.168.88.10 add name=dhcp_pool2 ranges=192.168.88.100-192.168.88.254 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=30s name=\ dhcp1 add address-pool=dhcp_pool2 disabled=no interface=wlan1 lease-time=10m30s \ name=dhcp2 /ip address add address=192.168.88.1/28 interface=ether2 network=192.168.88.0 add address=192.168.88.19/24 interface=wlan1 network=192.168.88.0 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=ether1 /ip dhcp-server network add address=192.168.88.0/28 dns-server=188.8.131.52,184.108.40.206 gateway=192.168.88.1 add address=192.168.88.0/24 dns-server=220.127.116.11,18.104.22.168 gateway=192.168.88.19 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 /ip service set telnet disabled=yes set ftp disabled=yes set www address=192.168.88.0/24 set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /system identity set name=ServerAP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
/interface bridge add name=bridge1 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk eap-methods="" management-protection=\ allowed mode=dynamic-keys name=profile1 supplicant-identity="" \ wpa2-pre-shared-key=popcorn /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \ band=2ghz-b/g/n disabled=no mode=station-bridge security-profile=profile1 \ ssid=p48923 /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=wlan1 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid interface=bridge1 /system identity set name=ClientAP
As odd as this config seems, it worked a treat. The real secret is that proxy-arp allows the devices on different subnets to communicate even though it seems as though they shouldn’t be able to.
This is a weird one for sure. How would you guys have approached this? What would you have done different?
Mike(Mom), Tom, Tomas, Justin Miller, and Alex talk about how much they wish Greg was no this cast…but alas, he is not.
Some of the things discussed:
WISPAPalooza video interviews
WISPAPalooza in general
SDN\OpenFlow\Performant Networks\Bonding\ etc.
New TBW formats
Other stuff I probably forgot
To see the video please visit the link below!!!
Andrew Cox, Mike(Mom), Tom, Tomas, Justin Miller, and Greg talk about the meaning of life and how routing makes it just a little bit better.
I point out in the video that MTK donated money to, yet another, children’s hospital. I know they did this quietly, but people doing good things for a good reason need to be heard! Big ups to the Tik crew. I also stated that Robert Pera has been doing a lot for the Memphis community, and I admire the hell out of him for that.
Good people doing good things!
To see the video please visit the link below!!!
With Cisco’s DMVPN it should be a snap to pickup your router and move it to a new site…at least it was previously for my client. The difference was, they were statically configured before, and now they are DHCP.
Cisco Dynamic Multipoint VPN is a system where by you plug in, and remote sites will dial back to a hub site, create a tunnel, then encrypt the tunnel. Everything is done automatically…so why did it fail when switching to DHCP.
When the tunnel interface was enabled, everything flapped up and down. Connectivity was shot through the tunnel as well as regular internet access.
I first looked at the log on their router:
1 2 3 4
000573: Dec 28 2015 13:33:21.669 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is down: holding time expired 000574: Dec 28 2015 13:33:49.926 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is up: new adjacency 000575: Dec 28 2015 13:34:09.846 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is down: Peer goodbye received 000576: Dec 28 2015 13:34:13.026 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is up: new adjacency
As soon as the tunnel interface came up “Tunnel0”, EIGRP started going bananas. I was thinking…what would make EIGRP flap as well as connectivity to go crazy?
When the tunnel establishes it starts to learn routes from the the tunnel interface…perhaps it is getting a default route. That can’t be the issue, right, because our DHCP learned default route should have preference, right…WRONG.
By default the DHCP learned default route has an administrative distance of 254 as evidenced when issuing a show ip route command:
S* 0.0.0.0/0 [254/0] via 22.214.171.124
Since EIGRP has an AD of 90, when that default route comes it is is installed into the route table in place of our DHCP learned default. This then breaks our internet connectivity and the tunnel fails, which then repeats the cycle. It worked before because they were statically configuring default which has an AD of 1.
Cisco has a special command for just such an issue:
ip dhcp-client default-router distance X
X can be a value of 1 – 255. I chose 1 since that is consistent with a static route.
After you enter the command you have to shut/no shut the interface to have the default route be relearned. As soon as it is it acquires the new AD we set.
S* 0.0.0.0/0 [1/0] via 126.96.36.199
After that I enabled the tunnel interface, everything came up and all was right with the world.
Good luck and God’s speed little networkers!