What's new

[EA-AC87] subnet routing not working properly

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

cheetopet

New Around Here
Slowly working through this. Posting to possibly speed up the process or help someone else.

Media Bridge -

The EA-AC87 web ui is completely basic & very few knobs to tweak. You set a wireless network & an IP & thats pretty much it. hardware wise its pretty slim - ARC700 500MHz CPU & 64 Megs of RAM. Apparently not enough to run ssh as the only option for shell access is telnet. Not much running on it besides busybox, wpa_supplicant, ntp & avahi. No 3rd party firmware exists that I'm aware of. Software on the box is pretty sparse, no tcpdump or equivalent, they left out a bunch of basic stuff - more, less, fdisk, lsblk. df is broken.

Setup -

I've got 2 networks in my home, one primarily for wireless devices ('front' network) and another for some cloud infra ('back' network). I've got an RT-AC66U ('front router' running latest merlin fw) in router mode connected to my ISP in the front & an EA-AC87 (running latest stock fw) running as a wireless bridge from the front router to a dual NIC gateway box ('back router') to the back network. I've got a static route set on the RT-AC66U to route all back network traffic to the back router. If I replace the EA-AC87 with a rather long wire everything works perfectly. Additionally, before I split the networking into 2 the EA-AC87 was working flawlessly. With the EA-AC87 in place however no machine from either network can ping the other network except for the back router.

ICMP tests -

I fired up tshark on the back router & started pinging stuff. Interesting results. Any ping from the from the front network would hit the back router front side nic and stop. Any ping from the back side networking would hit both nic's, the target machine, return to the front side nic and stop. First thought was it was a routing issue. The router is just a Ubuntu box so I did a sanity check - ip_forward=1 check, rp_filter=0 check, firewall nope, extraneous iptables rules nope. Everything just hit the front side network nic & stopped. Also verified TCP & UDP both behave the same, so nothing specific to ICMP. Doubled checked all the routing tables & ethtool -S everywhere for any checksum errors or dropped packets, etc. Everything was clean. But keep in mind - with the EA-AC87 replaced with a very long wire everything works as expected, so my suspicion still lies with that box.

Link Layer tests -

Nothing on IP layer looked out of place so I started to check the next layer down. I was comparing good pings to my bad pings with tshark -V on the gateway & noticed the following.

(snip)
Ethernet II, Src: c8:60:00:c2:bd:1f, Dst: 00:15:58:c8:b8:87
Destination: 00:15:58:c8:b8:87
Address: 00:15:58:c8:b8:87
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: c8:60:00:c2:bd:1f
Address: c8:60:00:c2:bd:1f
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.0.0.187, Dst: 10.1.0.3
(snip)

Note: everything from here on out is pure conjecture on my part, I'm nothing close to a network engineer. From observations it seems that on a good ping the Dst: MAC matches the machine of the next hop - i.e. I ping google.com running tshark locally & the Dst: MAC on the first hop is my router. Looking at traffic coming through the EA-AC87 the Dst: MAC arriving at the front side NIC of the backside router matchs the final destination, not that hop.

Summary picture -

'Client' -> 'wireless router' -> 'wireless bridge' -> 'router nic 1' -> 'router nic 2' -> 'Server'
the Dst: MAC arriving at 'router nic 1' matches 'Server'. traffic stops, connection fails.

'Client' -> 'wireless router' -> 'loooonnnng wire' -> 'router nic 1' -> 'router nic 2' -> 'Server'
the Dst: MAC arriving at 'router nic 1' matches 'router nic 1'. traffic continues to 'Server', connection succeeds.

I'm assuming for now that the MAC header inconsistency is the source of my issues & gonna try to figure out whats exactly happening on the bridge.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top