Hi all!
I'm playing with OpenWRT and BATMAN advance and I had configured one essid to serve dynamic vlans via freeradius reply attributes.
I have a bridge (br0) with bat0, wireless and ethernet interface, and hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X succefully. Br0 has configured a VLAN and IP to connect with every other nodes. There is the same explanation, but schematic:
Wireless:
phy0 -> wlan0 -> bat0 phy1 -> wlan1 -> wlan1.1 \ --> wlan1.N
Hostapd bridge:
wlan1 -> brvlan1 -> {wlan1.1; vlan1} \ --> brvlanN -> {wlan1.N; vlanN}
Ethernet bridge:
br0 -> {bat0; eth0; wlan1} \ --> br0.X == IP/NETMASK
When I look at batman dat table there aren't any registry, but variuos stations are connected. Why is that? What's wrong in my config?
Thanks a lot. Fernando.
On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
Hi all!
I'm playing with OpenWRT and BATMAN advance and I had configured one essid to serve dynamic vlans via freeradius reply attributes.
I have a bridge (br0) with bat0, wireless and ethernet interface, and hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X succefully. Br0 has configured a VLAN and IP to connect with every other nodes. There is the same explanation, but schematic:
Wireless:
phy0 -> wlan0 -> bat0 phy1 -> wlan1 -> wlan1.1 \ --> wlan1.N
Hostapd bridge:
wlan1 -> brvlan1 -> {wlan1.1; vlan1} \ --> brvlanN -> {wlan1.N; vlanN}
Ethernet bridge:
br0 -> {bat0; eth0; wlan1} \ --> br0.X == IP/NETMASK
When I look at batman dat table there aren't any registry, but variuos stations are connected. Why is that? What's wrong in my config?
Hello Fernando,
I have to say that your setup is not the easiest I've ever seen :) However, the initial version of DAT was not made to work with VLANs, but I'm not entirely sure if this should lead to an empty table.
First of all, where are all your clients connected? to wlan1? Why did you put wlan1 into br0 and not wlan1.X? When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is the interface in br0 that will inject then the data into bat0)?
Cheers,
El 07/08/13 11:09, Antonio Quartulli escribió:
On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
Hi all!
I'm playing with OpenWRT and BATMAN advance and I had configured one essid to serve dynamic vlans via freeradius reply attributes.
I have a bridge (br0) with bat0, wireless and ethernet interface, and hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X succefully. Br0 has configured a VLAN and IP to connect with every other nodes. There is the same explanation, but schematic:
Wireless:
phy0 -> wlan0 -> bat0 phy1 -> wlan1 -> wlan1.1 \ --> wlan1.N
Hostapd bridge:
wlan1 -> brvlan1 -> {wlan1.1; vlan1} \ --> brvlanN -> {wlan1.N; vlanN}
Ethernet bridge:
br0 -> {bat0; eth0; wlan1} \ --> br0.X == IP/NETMASK
When I look at batman dat table there aren't any registry, but variuos stations are connected. Why is that? What's wrong in my config?
Hello Fernando,
I have to say that your setup is not the easiest I've ever seen :) However, the initial version of DAT was not made to work with VLANs, but I'm not entirely sure if this should lead to an empty table.
First of all, where are all your clients connected? to wlan1? Why did you put wlan1 into br0 and not wlan1.X? When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is the interface in br0 that will inject then the data into bat0)?
Cheers,
Hi Antonio, thanks for your answer.
I explain a bit more my stage... I have a server with DHCP that is the default gateway of all BATMAN nodes and clients, and BATMAN gateways are connected to it fisically. For roamming, I won't have IPs of VLANs in BATMAN nodes and all default gateways of VLANs are configured in the FW.
Clients connects to wlan1.X, but that interface is created by hostapd when radius allows access to the network of that client (default dynamic vlan behaviour). As hostapd creates this interface on demand and destroys it when is killed, I can't add wlan1.X to the bridge (br0). However, there is arp traffic on wlan1.
Greetings. Fernando
On Wed, Aug 07, 2013 at 12:58:32PM +0200, Fernando Pizarro wrote:
El 07/08/13 11:09, Antonio Quartulli escribió:
On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
Hi all!
I'm playing with OpenWRT and BATMAN advance and I had configured one essid to serve dynamic vlans via freeradius reply attributes.
I have a bridge (br0) with bat0, wireless and ethernet interface, and hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X succefully. Br0 has configured a VLAN and IP to connect with every other nodes. There is the same explanation, but schematic:
Wireless:
phy0 -> wlan0 -> bat0 phy1 -> wlan1 -> wlan1.1 \ --> wlan1.N
Hostapd bridge:
wlan1 -> brvlan1 -> {wlan1.1; vlan1} \ --> brvlanN -> {wlan1.N; vlanN}
Ethernet bridge:
br0 -> {bat0; eth0; wlan1} \ --> br0.X == IP/NETMASK
When I look at batman dat table there aren't any registry, but variuos stations are connected. Why is that? What's wrong in my config?
Hello Fernando,
I have to say that your setup is not the easiest I've ever seen :) However, the initial version of DAT was not made to work with VLANs, but I'm not entirely sure if this should lead to an empty table.
First of all, where are all your clients connected? to wlan1? Why did you put wlan1 into br0 and not wlan1.X? When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is the interface in br0 that will inject then the data into bat0)?
Cheers,
Hi Antonio, thanks for your answer.
I explain a bit more my stage... I have a server with DHCP that is the default gateway of all BATMAN nodes and clients, and BATMAN gateways are connected to it fisically. For roamming, I won't have IPs of VLANs in BATMAN nodes and all default gateways of VLANs are configured in the FW.
if I understood correctly you have many nodes all connected with a cable to the same GW? so all the nodes are in the same LAN?
Clients connects to wlan1.X, but that interface is created by hostapd when radius allows access to the network of that client (default dynamic vlan behaviour). As hostapd creates this interface on demand and destroys it when is killed, I can't add wlan1.X to the bridge (br0). However, there is arp traffic on wlan1.
I guess the traffic you see on wlan1 is VLAN traffic which is going to be delivered to any of your wlan1.x.
I have the feeling in this way none of the client is really bridged into batman-adv because you bridged wlan1 but the clients are connected to wlan1.x. can you please report what "batctl tl" is saying?
Cheers,
El 07/08/13 14:05, Antonio Quartulli escribió:
On Wed, Aug 07, 2013 at 12:58:32PM +0200, Fernando Pizarro wrote:
El 07/08/13 11:09, Antonio Quartulli escribió:
On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
Hi all!
I'm playing with OpenWRT and BATMAN advance and I had configured one essid to serve dynamic vlans via freeradius reply attributes.
I have a bridge (br0) with bat0, wireless and ethernet interface, and hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X succefully. Br0 has configured a VLAN and IP to connect with every other nodes. There is the same explanation, but schematic:
Wireless:
phy0 -> wlan0 -> bat0 phy1 -> wlan1 -> wlan1.1 \ --> wlan1.N
Hostapd bridge:
wlan1 -> brvlan1 -> {wlan1.1; vlan1} \ --> brvlanN -> {wlan1.N; vlanN}
Ethernet bridge:
br0 -> {bat0; eth0; wlan1} \ --> br0.X == IP/NETMASK
When I look at batman dat table there aren't any registry, but variuos stations are connected. Why is that? What's wrong in my config?
Hello Fernando,
I have to say that your setup is not the easiest I've ever seen :) However, the initial version of DAT was not made to work with VLANs, but I'm not entirely sure if this should lead to an empty table.
First of all, where are all your clients connected? to wlan1? Why did you put wlan1 into br0 and not wlan1.X? When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is the interface in br0 that will inject then the data into bat0)?
Cheers,
Hi Antonio, thanks for your answer.
I explain a bit more my stage... I have a server with DHCP that is the default gateway of all BATMAN nodes and clients, and BATMAN gateways are connected to it fisically. For roamming, I won't have IPs of VLANs in BATMAN nodes and all default gateways of VLANs are configured in the FW.
if I understood correctly you have many nodes all connected with a cable to the same GW? so all the nodes are in the same LAN?
Clients connects to wlan1.X, but that interface is created by hostapd when radius allows access to the network of that client (default dynamic vlan behaviour). As hostapd creates this interface on demand and destroys it when is killed, I can't add wlan1.X to the bridge (br0). However, there is arp traffic on wlan1.
I guess the traffic you see on wlan1 is VLAN traffic which is going to be delivered to any of your wlan1.x.
I have the feeling in this way none of the client is really bridged into batman-adv because you bridged wlan1 but the clients are connected to wlan1.x. can you please report what "batctl tl" is saying?
Cheers,
Hi Antonio,
I have BATMAN gateways wired with the FW with loop avoidance enabled , and no-gateways BATMAN nodes are connected wireless. The DHCP service is running in the FW and it's the default gateway for all nodes, management and users. All nodes are in the same LAN wired or wireless, attach schematic image of the stage.
This is the translation local table in gateway node:
root@Gateway:~# batctl tl Locally retrieved addresses (from bat0) announced via TT (TTVN: 153 CRC: 0x0e6d): Client Flags Last seen * 00:0a:f7:0f:0b:86 [.....] 0.370 * d4:ae:52:c7:4c:c8 [.....] 17.650 * 00:0d:b9:2b:a3:ec [.....] 44.770 * 96:db:c2:45:ab:52 [.P...] 0.000 * 18:f4:6a:b7:c6:7e [....W] 332.640 * 50:ea:d6:46:4c:e6 [....W] 61.800 * 00:0d:b9:2b:a0:68 [.....] 332.640
And this of the client node:
root@Client:~# batctl tl Locally retrieved addresses (from bat0) announced via TT (TTVN: 45 CRC: 0xfd10): Client Flags Last seen * 00:0d:b9:2b:02:60 [.....] 0.000 * 32:67:eb:c9:53:3e [.P...] 0.000
In the Client capture, the first MAC is eth0 and in the Gateway one (the first) sometimes appears eth0's mac address and others doesn't.
Thanks for all. Fernando
Hello Fernando,
to be honest the set up is not really clear to me, not because of the topology but because of all the bridges you created.
Once thing I am confident enough is that if you have clients connected to wlan1.N and then you have a bridge configured as { wlan1, eth0, bat0 } this is not going to work as expected.
Traffic sent over wlan1.1 will not be delivered to the bridge and so not delivered to bat0.
You should include wlan1.1 in the bridge itself.
Other than DAT, I expect this to be a general problem.
Cheers,
El 07/08/13 18:09, Antonio Quartulli escribió:
Hello Fernando,
to be honest the set up is not really clear to me, not because of the topology but because of all the bridges you created.
Once thing I am confident enough is that if you have clients connected to wlan1.N and then you have a bridge configured as { wlan1, eth0, bat0 } this is not going to work as expected.
Traffic sent over wlan1.1 will not be delivered to the bridge and so not delivered to bat0.
You should include wlan1.1 in the bridge itself.
Other than DAT, I expect this to be a general problem.
Cheers,
Hi Antonio,
This stage is working correctly in a lab. Every client can connect and traffic is correctly routed and delivered. But I noticed the empty dat table, so I think there's something that I'm not understanding or, at least, that I could do it better. I'll try to explain what I want to achieve, perhaps in that way I could be understood better.
I have a freeradius service controlling clients acces, one of the attributes is the vlan-id, I'm using 802.1x. This part is quite easy I think, but the reason why nodes haven't got any ip (but management IP, which users can't achieve...) is not so easy.
1) I'm using dynamic vlan assignment. With this config, I just have to change attribs in my radius server and create a new pool in my fw... I haven't to configure anything in every node.
2) I thougt having nodes without IP and just forwarding traffic to the main GW (the firewall) through batman-adv, not natting every client traffic with the node IP. In that way, roaming is working very good. The problem are stablished sessions, these sessions are lost jumping from a node to any other. I think this problem is nearly related to the empty DAT table, and empty DAT table problem is nearly related too the nodes has no IP assigned. However, I'm not sure about this..
There is an image attached explaining bridges.
Thanks a lot. Fernando.
Fernando,
On Thursday, August 08, 2013 01:07:09 Fernando Pizarro wrote:
- I thougt having nodes without IP and just forwarding traffic to the
main GW (the firewall) through batman-adv, not natting every client traffic with the node IP. In that way, roaming is working very good. The problem are stablished sessions, these sessions are lost jumping from a node to any other. I think this problem is nearly related to the empty DAT table, and empty DAT table problem is nearly related too the nodes has no IP assigned. However, I'm not sure about this..
the DAT table has nothing to do with roaming or sessions. It merely is an IP address cache to speed up ARP lookups. Even without DAT everything should work. I recommend to read our DAT user guide: http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable
If disabling DAT would break something we certainly would not make it an option to invite everybody to shoot themselves in the foot. ;-)
Therefore, I have to agree with Antonio that your problem is likely to be found somewhere else. First, you should define which established sessions break. The ones going into the internet or the ones you have locally. Depending on the answer we can dig deeper.
Generally it is a good idea to simplfy the setup until a point where everything works. Then you can move forward and make things more complicated. For the time being I'd recommend to vastly simplify your bridge & vlan setup by bridging your AP interface with bat0 only (no vlans, no radius tags, no brvlanN interface) to see if your roaming works.
Cheers, Marek
El 07/08/13 19:23, Marek Lindner escribió:
Fernando,
On Thursday, August 08, 2013 01:07:09 Fernando Pizarro wrote:
- I thougt having nodes without IP and just forwarding traffic to the
main GW (the firewall) through batman-adv, not natting every client traffic with the node IP. In that way, roaming is working very good. The problem are stablished sessions, these sessions are lost jumping from a node to any other. I think this problem is nearly related to the empty DAT table, and empty DAT table problem is nearly related too the nodes has no IP assigned. However, I'm not sure about this..
the DAT table has nothing to do with roaming or sessions. It merely is an IP address cache to speed up ARP lookups. Even without DAT everything should work. I recommend to read our DAT user guide: http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable
If disabling DAT would break something we certainly would not make it an option to invite everybody to shoot themselves in the foot. ;-)
Therefore, I have to agree with Antonio that your problem is likely to be found somewhere else. First, you should define which established sessions break. The ones going into the internet or the ones you have locally. Depending on the answer we can dig deeper.
Generally it is a good idea to simplfy the setup until a point where everything works. Then you can move forward and make things more complicated. For the time being I'd recommend to vastly simplify your bridge & vlan setup by bridging your AP interface with bat0 only (no vlans, no radius tags, no brvlanN interface) to see if your roaming works.
Cheers, Marek
Hi all, thanks for your answers.
I have tested my setup in lab and I think that roaming works even if the DAT table is empty, local and external established connections seems to don't have problems.
Thanks for your help. Fernando
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Fernando Pizarro -
Marek Lindner