I searched, but could not find an answer. I am a complete noob to staros, this is my first experience.

I have the following equipment:
2x WRAP boards with 1 atheros card each
1x WRAP board with 2 atheros cards

all the wrap boards are the same model, running v2.10.0 build 4693 of staros

This is what i'm trying to do:
A Building with internet connection
B Tower between the two building with line of site to both buildings
C Building #2 no line of site to building A, no internet connection

I want to share the internet connection/network from A to C. I want it to be one seamless LAN.

How do i configure the repeater box to function like i want? I can not figure out the proper IP configuration, nor how to just make starOS bridge the wireless networks on each atheros card to each other.

Thanks for any help, If more information is needed i'll do my best help.

MK

The wrap boards have 64MB compact flash. here's what the serial boot log says:

PC Engines WRAP .2B/2C v1.09
640 KB Base Memory
64512 KB Extended Memory

01F0 Master 848a TOSHIBA THNCF032MBA

MK

Get the units routing from A to C through B then create a VDS link between the Ethernet ports on A and C and it will all seem like you have a long cat5 jumper cable between the units.

That's the plan, I've done it with other hardware, but i'm not sure how to implement it in starOS. Which radios need to be setup as AP and which as client?

How does the IP config need to be setup on the units? I notice that i can't use the same subnet on wireless as on the ethernet ports.

Like I said, big time noob here :)

MK

How does the IP config need to be setup on the units? I notice that i can't use the same subnet on wireless as on the ethernet ports. Like I said, big time noob here :) MK
Dear Noob (or is that Knob?);

Here's what I'd do...

WRAP1
Eth1 Conencted to Internet, or switch or whatever & IP = 192.168.1.1/24
wpci1 setup as AP (SSID of 'LINK1')& IP of 192.168.2.1/30
default route 0.0.0.0/0 to 192.168.1.1
static route 192.168.3.1/30 to 192.168.2.2
static route 192.168.4.1/24 to 192.168.2.2

WRAP2
wpci1 setup as Client (SSID of 'LINK1') & IP of 192.168.2.2/30
wpci2 setup as AP (SSID of 'LINK2') & IP of 192.168.3.1/30
default route 0.0.0.0/0 to 192.168.2.1
static route 192.168.4.1/24 to 192.168.3.2

WRAP3
wpci1 setup as Client (SSID of 'LINK2') & IP of 192.168.3.2/30
eth1 connected to remote computer(s) & IP of 192.168.4.1/24
default route 0.0.0.0/0 to 192.168.3.1

And then (if I havn't made a typo) you can plug computers into the ethernet of WRAP1 and number them 192.168.1.x & you can plug computer(s) into the ethernet of WRAP3 and number them 192.168.4.x and you should be able to ping / network between both groups of computers.

As well, you'll want to Nat/Masq on WRAP1 (or on some other router there) to translate these private 192.168 IP's into whatever your public IP's are.

Also, you can then VDS if you want or need to. There's no particular need to, unless of course you need one of your Public IP's on the Ethernet side of WRAP3 or something like that. If you just want to be able to use the internet from the other side of WRAP3, then no VDS would be required.

So far so good, i would have never been able to figure that out. I know only the basics in subnetting.

I have a laptop (192.168.4.4) attached to the ethernet on WRAP3, I can ping all the way to 192.168.2.1 on WRAP1, but can not ping 192.168.1.1, or the laptop I have attached to WRAP1's ethernet (192.168.1.3)

The end goal is to actually have this act exactly as Lonnie said, just like a patch cable, passing all network traffic through (dhcp included)

Any ideas? Thank you very much for your assistance!

MK

Sorry, on WRAP1, the default route would have to be some router on the Ethernet side of that WRAP, not to the WRAP itself. Preferably the router on that said that's doing the NAT/MASQ. I'm assuming that on that end, you have an internet connection with some real Public IP(s), and a router that knows how to distribute that around?

On our networks, we have a MikroTik machine as our gateway on our Public IP's, so the default route on our first StarOS machine is actually 0.0.0.0/0 to 123.123.123.254 (IP Changed to protec the innocent), and that machine has a Masq statement to translate the 192.168.x.x numbers into a real IP number, as well as routing 10.x.x.x to the WRAP's to handle.

So, in our case, we have a Class C (or a /24) of public addresses with our Internet feed. The first StarOS machine actually has one of these 'real' addresses on it's Ethernet port (x.x.x.44) and has a private number (192.168.1.1) on it's Wireless port. That way, when our default route is set to x.x.x.254, it know that needs to go out the Ethernet port, since the .254 address is in the same subnet range as the .44 address of the Ethernet port.

So, bascially, in the same layout as I describled initially, if you don't have a router capable of doing this now, you could instead add a PC or WRAP with two ethernet ports running StarOS machine that has your public to private translation, this would work fine end to end.

I is sorri to hijack postsing. I also is new to STAROS.

If I same as MTK in senario of routing BUT needs this:
wrapA---wrapB1(cross cable)wrapB2---wrapC
wrapB1 and wrapB2 in same building but opposites sides. wrapA is can see wrapB1 but no see wrapB2 or wrapC. wrapB2 is can see wrapC, but also no see wrapB1 and wrapA. I is connects the wrapB1 and wrapB2 with cross cables.

How is to do same routings settings?
Please help give easy settings for see.

Thankings all!

Inet2000, Thanks again! Here's what I've set up so far, but I can't figure out what I am doing wrong.

WRAP1
Eth1 Conencted to Internet, or switch or whatever & IP =192.168.71.201/24
wpci1 setup as AP (SSID of 'LINK1')& IP of 192.168.2.1/30
default route 0.0.0.0/0 to 192.168.71.1
static route 192.168.3.1/30 to 192.168.2.2
static route 192.168.4.1/24 to 192.168.2.2

WRAP2
wpci1 setup as Client (SSID of 'LINK1') & IP of 192.168.2.2/30
wpci2 setup as AP (SSID of 'LINK2') & IP of 192.168.3.1/30
default route 0.0.0.0/0 to 192.168.2.1
static route 192.168.4.1/24 to 192.168.3.2

WRAP3
wpci1 setup as Client (SSID of 'LINK2') & IP of 192.168.3.2/30
eth1 connected to remote computer(s) & IP of 192.168.4.1/24
default route 0.0.0.0/0 to 192.168.3.1

I'm testing this setup In-House, our internal network uses a 192.168.71.xx address scheme, and the dhcp server/router/NAT is 192.168.71.1

I have this itching feeling that I am missing something blatently obvious with the subnet masks, but that's why I need your help.

When deployed, this setup is going to be attached on the LAN side of a router using 192.168.1.x addresses, with an ip address of 192.168.1.254 itself.

When deployed, I Want the setup to act purely as an ethernet cable, plug wrap1 into a switch at one building, plug wrap 3 into a switch at the other, and everything works (dhcp over the wraps, file sharing, internet, etc..)

Check your PMs too

**EDIT** Can't PM, nevermind

That actually looks all right, so we have to do specific questions now.

What does and does not ping from each of the three WRAPs?

The part where you link the two networks together with VDS is easy and you need to worry about that last after you've verified that all 3 WRAPs can reach every IP on the other WRAPs.

After the WRAPs are all reaching each other you can set VDS up on A and C and get the VDS tunnel up. Bridge vds1 to ether1 on WRAPs A and C and you win.

From a laptop connected directly to WRAP3 and using an IP address of 192.168.4.4 I can pingsuccesfully to:

192.168.4.1
192.168.3.2
192.168.3.1
192.168.2.2
192.168.2.1
192.168.71.201
Nothing past that, no other IPs on our internal network.

From WRAP1 I can ping:
192.168.2.2
192.168.3.1
192.168.3.2
192.168.4.1
192.168.4.4
any 192.168.71.xx address

Machines on the internal network can not ping any of the non 192.168.71.xx addresses, only the 192.168.71.201 address on wrap1

I guess it would seem that it's working for the most part..

Thanks,
MK



That actually looks all right, so we have to do specific questions now.

What does and does not ping from each of the three WRAPs?

The part where you link the two networks together with VDS is easy and you need to worry about that last after you've verified that all 3 WRAPs can reach every IP on the other WRAPs.

After the WRAPs are all reaching each other you can set VDS up on A and C and get the VDS tunnel up. Bridge vds1 to ether1 on WRAPs A and C and you win.

Seeing how this will in the end act like a patch cable.. Is it possible to to have the setup be like this:

The internet come to building A then to a switch. Plugged into the switch is building A's router w/ a public IP. Also plugged into teh switch is WRAP1, it's wireless link ending at Building B, with B's router plugged into WRAP3 and the router having a public IP address.

Thereby having the WRAPs independent of the network, and purely function as a patch? ie not needing router address that are on our network.

This would save me a lot of reconfiguring of their internal networks, and allow then to continue using their VPN A-B, but that VPN and B's internet would go over the WRAPs.

Sound logical?

MK

Thanks for the info guys, I'll try to see if the reseller has any idea how to get them to work how I need, hard to say.. if they do i'll reply with the settings they came up with.

MK

Make sure that your 71.1 router knows to send anything to 2.x, 3.x and 4.x via a gateway of 71.201, otherwise your pings reply can't route. This has caught me on more than one occasion.

Any idea on how i set this up on a cisco router?

I am setting it up in-shop with wan IPs etc.. so that I will be 100% sure it will work when deployed.


Make sure that your 71.1 router knows to send anything to 2.x, 3.x and 4.x via a gateway of 71.201, otherwise your pings reply can't route. This has caught me on more than one occasion.

So i'm not as bad at this as i thought. I added the routes to the router:
192.168.4.0 255.255.255.252 X.X.209.150
192.168.3.0 255.255.255.252 X.X.209.150
192.168.2.0 255.255.255.252 X.X.209.150

I can now ping from the laptop 192.168.4.2 all the way to the cisco router (ISP central router)

I need to now get it to be able to have a public IP on the laptop and get internet access etc..

Also, i can ping our dns server, but if i use it for the dns on the laptop with the 4.2 address, i can not resolve any names.. is this something that gets fixed with the VDS link? I'll try to research how to setup VDS, so far i'm stumped.

MK

Searching worked! :)

bridged eth and vds on wrap 1, setup vds on wrap 1 as server

bridged eth and vds on wrap 2, setup vds on wrap 2 as client

Setup public IP on the laptop, went to google.com... it works. Thanks for the help guys, I THINK i have gotten past the troubles I was having, but i'll post again should need arise.

Thanks,
MK

Today I consoled in to all the wraps and set them back to defaults. I took my documentation and notes, and was able to get them all set back up in about 1.5 hours (found some stuff i had forgotten to take notes on)

This is all getting deployed next week, i'll be sure to let everyone know how it goes.

Cheers,
MK

This is how I have set up my system with repeaters. First whole system is set up to route. I used RIP because that is what I am comfertable with.

To test I connected my lap top to eth0 of the station with the IP address of 10.0.13.1 and configured my local IP as 10.0.13.20 and my gateway as 10.0.13.1.

I then procced to ping each interface moving away from me to make sure that routing was working as expected.

ex.
Ping 10.0.13.1
ping 10.0.11.3
Ping 10.0.11.2
Ping 10.0.10.2
Ping 10.0.10.1
Ping 10.10.0.20

This takes me all the way from eth0 on the station router to eth0 on the AP router.

Next we set up the VDS.
On the AP router we create a VDS with the following:
name: vds1 (your choice)
*no IP*
master
username: (your choice) this is cap's sensitive
password: (your choice) this is cap's sensitive
compression
encryption
keep alive
bridge 1

Now go the IP address settings for eth0 and in the lower right change bridge from "0" to "1" (matching the VDS).

On the Station router:
Create a VDS with the following:
name: vds1 (must match the AP)
*no IP*
client
username: (must match the AP) this is cap's sensitive
password: (must match the AP) this is cap's sensitive
compression
encryption
keep alive
bridge 1

Now go the IP address settings for eth0 and in the lower right change bridge from "0" to "1" (matching the VDS).

With this setup you can run devices connected to the station router and for example 192.168.1.2 can communicate with a device connected to the AP with address 192.168.1.3 and the wireless equipment is "invisable". My Windows 2000 DHCP server works accross this link and my users never see the wireless equipment. You must disable DHCP on the wireless equipment of corse but works great.

Hope this helps some one.

http://mstair.com/network.jpg