Hello,\n\nI deployed a wireless network between our University's buildings. As\naccess point, I used a Cisco Aironet 1200 with 802.11b/g radio module.\n\nThe setup is somehow like this:\n\nInternet -> Router <- LAN -> Router2 <-(- ... AP ... -) Client 1, 2, 3,\n...., N\n\nThe client wireless equipment is Cisco's Linksys WET 11 v2 (802.11b).\nThe AP is configured as AP root, has the ethernet interface not used. I\nchoose this deployment because I have no technical solution to go with\na LAN link in AP's place. Router2 is a Linux 2.6.x box. Router2 has no\nfilters, ip forwarding enabled, all policies set to ACCEPT (no\nfirewall).\n\nOn the ethernet ports of Client 1,2,3... are routers (linux boxes)\nalso, that provides NAT and do traffic separation, firewall filtering\netc.\n\nClient X's and Router2 interface from the AP side have IP addresses s\nin the same IP subclass (a /28 block). This setup has the following\nproblem:\n- if from Client X's linux box ping Router2, it respond.\n- (1) if from Client X's linux box ping an IP from LAN, doesn't\nresponds. (LAN have different IP subclass - a /26 block)\n- (2) if from a LAN computer ping the Client X's box, it responds and\nfrom now on the Client X's ping in that LAN IP works.\n- (1) and (2) is the same with any IP from the Internet, also - I\ntested with some other servers where I have access to.\n\nOk. Now, I gone deeper into the problem. A tcpdump session on the\nClinet X's linux box shows the IP packets with correct source IP,\ncorrect destination IP, and the MAC addresses of the frame: src: the\nlinux box source MAC, destination Router2 "to AP" interface MAC:\n\nturbo:~# tcpdump -i eth1 -qtennl icmp\ntcpdump: verbose output suppressed, use -v or -vv for full protocol\ndecode\nlistening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes\n00:48:54:6d:49:51 > 00:02:b3:b2:12:ed, IPv4, length 98: IP X.X.X.244 >\n22.214.171.124: icmp 64: echo request seq 1708\n\nOn the "to AP" ethernet interface of the Router2, comes:\n00:48:54:6d:49:51 > ff:ff:ff:ff:ff:ff, IPv4, length 98: IP X.X.X.244 >\n126.96.36.199: icmp 64: echo request seq 1708\n\nSo, the frame comes with the destination MAC changed into\nFFFF.FFFF.FFFF (broadcast MAC).\n\nThe Cisco Aironet 1200 is configured in IRB Bridging mode - built in,\ncan't be changed. Uses IOS software version 12.2 (13) JA4 (I see from\nthe image: c1200-k9w7-mx.122-13.JA4) The dot11 interface and fast\nethernet interface are in the bridge-group 1\n\nWhat I assume is:\nThe cisco checks the packets/frames in routing mode, sees the\ndestination to not known IP address (not associated) and changes the\nMAC to broadcast. If one packet comes from outside, learns the source\nIP and the communication goes well. Anyway, sometime it starts to work\nwell to all the internet destinations.\n\nWhat is wrong with it? Also, I assigned one IP from Router2 and\nclient's IP block to the AP on bvi1 interface and uses ip\ndefault-gateway to set the gateway to Router2. No result. I just want\nthat packets to flow trough the AP and no routing decision to be made.\nIf not possible, how to configure it to work in my desired deployment?