Weird bridge configuration

troy · January 16, 2011, 12:38am

As recently mentioned, I just inherited a pretty good sized wireless network that I’m trying to get documented and fixed.

The implementation is so screwy, I can’t even describe it effectively. Here’s a diagram that was provided to me. The only thing you can’t see from here, are the 2 bridges on each routerboard:

-rb1.bridge1 (ether1 & wlan1) (172.17.0.34/24)
-rb1.bridge2 (ether2 & wlan2) (172.17.0.35/24)
-rb2.bridge1 (ether1 & wlan1) (172.17.0.36/24)
-rb2.bridge2 (ether2 & wlan2) (172.17.0.37/24)

I’m really hoping that someone out there could explain to me what the purpose of this setup is. I don’t claim to be an expert, but I’ve been using Mikrotik for nearly 6 years now, and this is the first I’ve EVER seen or heard of anything like this.

Please, tell me this is a really wonky configuration and that I’m definitely not losing my mind.

Thanks,

nest · January 16, 2011, 4:14pm

Where is the problem? / What problem? If the system is working, then there is no problem? Well, at least your post does not state any problems. Just your lack of understanding of how this has been setup! LOL

It all depends on how the 2960 is configured. It appears that the setup is created so that there is a PoE interface on each AP, and some sort of administrative/maintenance/loopback interface connected to each AP. So, it falls back to how the 2960 is configured.

troy · January 18, 2011, 11:29am

You’re right, I don’t understand this setup, to me, it’s a blatant violation of KISS. I’m at a loss to explain how these parallel bridges create any advantage, and even the consultant who helped design the network scratched his head when I asked, giving a vague “well, how else are you going to connect two access points to the switch?” The original installer and the original operator are unavailable for comments.

And no, there aren’t any major problems, it just looks like a very delicate balancing job… an accident waiting to happen, especially considering that STP is not being used at the switch or on any MT unit. From what I’ve been told, the network has DOSed itself on more than one occassion. Imagine what would happen if just one bridge loop sets up with 80+ units sending out discovery packets. The activity lights on the switch go bonkers, the mac-servers don’t respond, and even the neighbor viewer (for windows) takes so many discovery packets, it actually flickers.

As for the switch configuration, it’s pretty straight forward, just a single VLAN (with customer VLANs allowed). I really don’t even know why they used such high-end switches in most of these locations… any 802.1q aware un-managed switch would have sufficed.

If it was a management interface, I still couldn’t see using 2 ethernet interfaces… I would bridge ether1/wlan1/wlan2, create a vlan on the bridge for the management interface. This isn’t the case.

If it was a bonded interface, I’d bridge bond1/wlan1/wlan2, and go from there. This isn’t the case either.

Maybe the original idea was redundancy.. but if you lose ether1, there goes your power. What good is ether2 doing for you?

I really am trying to keep an open mind about this, but any way I look at this thing, I just can’t see what the original intent was.

nest · January 18, 2011, 11:52pm

Neither can I now you have provided more info! Go with your knowledge and gut instinct and pull it apart and start again, but doing it your way this time!