dslreports logo

Two ISP using OSPF to find best default route

Example #1

Equipments used
* Two routers running IOS 12.3
* One PIX Firewall running OS 6.3(5)
* One Layer-3 Switch
* Three Access Points

Network Diagram

Notes:
* All routers, Layer-3 switch, and PIX Firewall run OSPF
* The purpose of using dynamic routing protocol such OSPF is to dynamically find the best default gateway of specific subnet
* You can use any other dynamic routing protocol such as RIP or EIGRP if it is supported on all equipments
* From routing perspectives, all AP (Access Points) are seen as Layer-2 switches with no knowledge of dynamic routing protocol at all
* In this sample configuration, wireless G (54 Mbps) is used although you can use wireless N (300 Mbps) whenever available

Objectives
* AP (Access Points) 1, 2, and 3 are fixed and establish Wireless connection
* All communication between rooms go over the Wireless connection
* Since no communication between rooms is in place without the Wireless connection, the Wireless connection is assumed or called as Wireless Backbone
* The three AP, the Layer-3 switch, Router 1, and PIX Firewall devices are part of and make up the Wireless Backbone infrastructure
* The Router 2 is solely for ISP-2 connection and providing ISP-2 default route to all LAN machines
* No wireless hosts such as laptop, PC, printers, or servers
* All hosts are wired and connect to switch at either Room 1, 2, or 3
* The wireless connection is solely used as Wireless Backbone with no wireless hosts
* AP 1 acts as Root Bridge, AP 2 acts as Workgroup Bridge, and AP 3 acts as Non-Root Bridge
* SSID is used as infrastructure SSID
* SSID is invisible to any wireless hosts or other AP (invisible during SSID scan)
* SSID is only visible and usable by AP 1, 2, and 3
* Encryption used is WPA Temporal Key Integrity Protocol (TKIP) over open authentication with PSK (pre-shared key)
* No DCHP pool over wireless since the wireless connection is solely used as Wireless Backbone with no wireless hosts
* The Wireless Backbone serves one subnet of 10.0.0.0/29; no VLAN, no trunking, and no other SSID use the radio
* All inter-room communication must go through 10.0.0.0/29 subnet
* All Wireless Backbone devices (the three AP, the Layer-3 switch, Router 1, and PIX Firewall) use up available IP address within the 10.0.0.0/29 subnet. In addition, all of these Wireless Backbone devices are always up and running 24/7. These measures are required to minimize possibility of unknown or unauthorized wireless device to become part of Wireless Backbone infrastructure
* All Room 1 and 3 users should use ISP 1 as default gateway and only use ISP 2 when ISP 1 is unavailable
* Similarly, all Room 2 users and servers use ISP 2 as default gateway and only use ISP 1 when ISP 2 is unavailable
* Only machines within 172.16.0.0/12 subnet are able to go out to the Internet. Other devices such as AP that use IP address outside 172.16.0.0/12 subnet are unable to go out to the Internet due to security
* There is only DHCP pool from the PIX Firewall for wired machines that connect to switch at Room 3. No DHCP pool for wired machines that connect to switch at Room 1 or 2.

Sample Configuration

Router 1



AP 1



Router 2



Layer-3 Switch



AP 2



PIX Firewall



AP 3



Notes:

* If both AP 2 and AP 3 station roles are set as Workgroup Bridge, then the AP 1 station role is not necessarily to be Root Bridge since to be Root is enough.
* When an AP is set as Workgroup Bridge, the AP is still IP-reachable via the radio assuming the dot11radio interface is up/up and the Dot11Radio-FastEthernet interfaces are in the same broadcast domain even though the FastEthernet interface port is up/down. In other words, the radio association is still intact during FastEthernet interface port cable disconnection.
* When an AP is set as Non-Root Bridge, the AP is not IP-reachable via the radio when the FastEthernet interface port is up/down assuming the Dot11Radio interface is up/up and the dot11radio-FastEthernet interfaces are in the same broadcast domain. In other words, the radio association is lost when the FastEthernet interface port cable disconnects.

Discussion
»Cisco Aironet 1231 AP - POS!!!


Expand got feedback?

by aryoba See Profile
last modified: 2015-08-17 15:40:21