Posted: Fri Sep 28, 2007 17:38 Post subject: repeater mode with bridging
when enabling bridging in repeater mode on the wireless physical interface wl0 what is it bridging.
1)I have my wireless physical interface wl0 on repeater mode with bridging on.
it is repeating (rebroadcasting) on a different subnet than the AP hosting the internet.
2) on the same router I have a wireless virtual interface wl0.1 with bridging on.
what is it bridging in scenario 1 vs scenario 2. I can understand that it would bridge my lan and virual wlan in scenario 2.
But what is happening in scenario 1. I hope it's not binding the physical wlan (repeater) with my lan.
Dont think of it as a different Vlan, as Vlans are generally separated by Subnets.
Think of it as a security Zone. Or rather the Service that is tying the Security zone of the LAN to the Security zone of the WLAN.
To me that makes more sense, since Security zones are not tied to anything other then the physical Port of the Network Device.
As were Vlans are normally Tied/Segmented by IP Subnets.
LiFE1688 wrote:
The Bridging is for WLAN to LAN.
Disabling the bridge puts the WLAN on a separate VLAN. So WLAN computers won't see the Wireed computers. It does not put it on a separate subnet, more like put it in a separate VLAN.
Joined: 02 Sep 2007 Posts: 14 Location: Charlotte, NC, USA
Posted: Fri Sep 28, 2007 21:45 Post subject:
Without knowing what the developer implemented underneath, "bridging" is just a word on a page, people use the term quite loosely these days. If you really want to know, "Use the source Luke" :-)
I can give you the proper definition of network bridge vs. router.
A bridge is actually an old device that you don't see too often any more, they have been replaced by 'Switches", they both operate at the MAC layer/ OSI Layer 2, http://en.wikipedia.org/wiki/OSI_model Most of the time they are just referring to the technical characteristics of bridging vs. routing.
A bridge attempts to isolate traffic on shared media networks (like Ethernet), a bridge keeps a MAC address table to determine what devices are communicating on each port/segment, if the two communicating devices are on the same segment then the traffic is contained to that segment, but if the bridge sees an MAC address that it has not seen before it will forward out to all ports and then listen to determine where that MAC exists and then will forward future packets to that port only. Bridges typically induced fairly high latency (by todays standards) in the tens of millseconds.
You really don't see these type brides any more, as Ethernet Switches are now quite inexpensive and do basically the same but do it at 'wire speed' (less than 1ms latency) by doing it in silicon (ASICS).. I recall working with the first Ethernet swiches in the industry back in the 1992 timeframe, they were made by Kalpana, a 16 port switch was ~$30K, you can get something that exceeds that capability at Best Buy now for under $60 (US)
Bridges only operate (by definition) at the Layer 2 MAC level (Media Access Control) and therefore have no knowledge of the higher level protocols TCP (Layer 4) & IP (layer 3) A key characteristic of a bridge/switch are that the source MAC address remains unchanged as it traverses the device.
This leads to the what a router is. A router by definition operates at OSI Layer 3&4, there are things called routing switches they are the same thing but just do it at "wire speed" (less than 1ms latency).
A key characteristic of a router is that the source MAC address *is* changed as it traverses the router, its source MAC address changes to interface it is egressing on the router, (as a result each port on a router as a different MAC address, unlike bridges/switches). From a network forensics point of view, this is how you can tell what a device is doing w/o actually knowing what it is. Another very key characteristic of a routers is that they are Broadcast traffic barriers, unless explicitly told to, a router will not forward broadcast traffic.
This is a gross over simplification, routers do much more, they can route traffic based on a whole slew of parameters that exist at Layer 3/4 (i.e. TCP/IP). There are new devices (sometimes called routers) that operate at higher level OSI layers and can block, direct, etc by protocol like HTTP, FTP, SSH, POP,, etc.
Whether it is wireless or not is inconsequential as that is OSI Layer 1 which is called the physical or signaling layer (. i.e. Copper, fiber, wireless, etc)
I suspect you didn't want to know how to build a watch, but rather just what time it was.. :-)
If you want to know more, google for the OSI Model or 802.x RFC standards. i.e. 802.3 (Ethernet), 802.5 (token ring), 802.11 (wireless ethernet), etc..
Good diagrams / Primer
http://www.novell.com/info/primer/prim05.html _________________ <always remember to pillage before you plunder>
WHR- G125 x3 -dd-wrt_v24_RC3_mini, WHR-G125 x2 -openwrt 2.6 kernel
Ipaq 3835 running Familiar Linux x 3 - www.handhelds.org www.gentoo.org - support the Linux community!
Posted: Sat Sep 29, 2007 4:29 Post subject: Wow that was over my head!!
Quote:
when enabling bridging in repeater mode on the wireless physical interface wl0 what is it bridging.
1)I have my wireless physical interface wl0 on repeater mode with bridging on.
it is repeating (rebroadcasting) on a different subnet than the AP hosting the internet.
2) on the same router I have a wireless virtual interface wl0.1 with bridging on
What i need to know is the security implications of the bridging. If i have bridging on as in scenario (1) will my shared data be accessible to computers hooked up to the router that is serving (hosting) the internet to my repeater?
What i want to know is what the bridging actually does in this in dd-wrt
Joined: 02 Sep 2007 Posts: 14 Location: Charlotte, NC, USA
Posted: Sat Sep 29, 2007 4:40 Post subject:
I understand completely. Unfortunately I cannot answer your question at this point without digging into the source code and I haven't the time for that; too many of my own issues to research.
You have a few options:
1) Dig into the source code yourself (hence "use the source Luke" comment)
or
2) wait for the development guys to answer your question
or
3) wait until the documentation catches up with the the code (which it will)
I gave you the basic knowledge of the issues. This is life in the OpenSource world i.e. take it upon yourself to understand the issues and contribute to the effort; or wait patiently for a simple solution. _________________ <always remember to pillage before you plunder>
WHR- G125 x3 -dd-wrt_v24_RC3_mini, WHR-G125 x2 -openwrt 2.6 kernel
Ipaq 3835 running Familiar Linux x 3 - www.handhelds.org www.gentoo.org - support the Linux community!
Bump. Still waiting for documentation 5 years later? This thread is the best thing I could find on a google search. If this has been discussed since then, pardon the bump, but can we get a link from this thread to more recent discussion wherever it might be so there's continuity between googling and a resolution. I'm just starting to feel better than incompetent with dd-wrt myself, so I'm not prepared to jump into source code right now either - but can anyone offer a solid understanding of what wireless>basic settings>network configuration>bridged/unbridged does, and potential security risks if, in repeater mode, it's exposing a private subnet?
Personally, I'm more interested in the implications of what it's doing for the physical bridge interface, from a non security standpoint, than anything else... Does this connect the physical interface to my inside interface in some way normal routing does not? What's the use of having it enabled in a repeater setup, vs disabled?
Posted: Sat Aug 18, 2012 5:50 Post subject: Bridged vs Unbridged
I too would be interested in knowing the difference between setting a wireless interface as Bridged vs Unbridged.
In my past experiences with wireless routers it can be quite difficult to get wireless machines on a network to communicate (i.e. share files with via UNC) with wired machines on the network. I've always associated this with the wireless network being somehow isolated from the rest of the internal network (as if they were on a separate subnet).
Any word on if this setting may somehow make wireless to wired connections easier; or perhaps the default setting of 'bridged' might make it easier in and of itself. *shrugs*
I'm a developer myself and truly appreciate other developers free time so a bit of insight would be greatly, well... appreciated
Joined: 04 Jan 2007 Posts: 11563 Location: Wherever the wind blows- North America
Posted: Sat Aug 18, 2012 14:44 Post subject:
It separates the wireless LAN from the wired LAN....if Unbridged they won't talk to each other but they both still share the WAN connection....the default is Bridged so they are all communication as one LAN.
redhawk _________________ The only stupid question....is the unasked one.
Posted: Sat Aug 25, 2012 16:00 Post subject: bridged vs. unbridged
redhawk0 wrote:
It separates the wireless LAN from the wired LAN....if Unbridged they won't talk to each other but they both still share the WAN connection....the default is Bridged so they are all communication as one LAN.
redhawk
Thanks, Redhawk. Can we paste that definition into the HELP sidebar of dd-wrt so that people don't have to Google (like I did) and read through this discussion thread?
Also, earlier in this thread someone suggested exactly that answer, but the original poster tested it and found that wired and wireless clients *did* talk to each other regardless of whether it was checked. Was that a bug or was the OP just doing something wrong in his testing?
Joined: 27 Feb 2012 Posts: 5 Location: Antipolo City, Philippines
Posted: Sat Aug 25, 2012 19:05 Post subject: bridged vs. unbridged
Hi. I'm just following this thread since I'm looking for a solution for my Home Network. I have a Belkin Share router with DD-WRT firmware v24 latest dated 04/2012 and another router, Zyxel ADSL2+ modem-router, P-660HN-T1A model provided my ISP. Tried configuring the bridge but I was not able to have the two meet via WIFI. When I cascaded the routers, it works as if it is a switch but when the link is unplug and tried to utilize the WIFI, they do not work. I can detect the Zyxel router in the site survey and says success when I tried joining the routers but still cannot ping the Zyxel router from the Belkin(client). Same holds true when I tried pinging Belkin from Zyxel(Main). I will use my client to free-up those scattered wires and for easy movement of my wired network devices like Internet TV and Cable box. Did anyone tried a similar setup like mine? I can provide you the screenshots of my client and Main router if needed. Any help will be highly appreciated.
AP isolation prevents wireless devices from communicating with one another when connected to the common WLAN. In other words, they are isolated from one another. At least that's what I've gathered from my reading on the subject...
Posted: Tue Sep 09, 2014 19:29 Post subject: AP isolation
zaklee wrote:
AP isolation prevents wireless devices from communicating with one another when connected to the common WLAN. In other words, they are isolated from one another. At least that's what I've gathered from my reading on the subject...
Not quite (although close). AP isolation prevents the wireless devices from talking to each other directly. They can still talk to one another but they have to go through the AP to do it. This adds a layer of security since the AP can filter attack traffic. It also slows things down, though, since traffic between wireless stations has to go through two hops (to the AP and then to the other station) instead of one.
This is quit confusing. How could a wifi interface in "unbridged" mode even have a different subnet ip adress and communicate with the wan interface without a bridge?
Would be cool if someone would explain more deeply what happens underneath the GUI.