Posted by What’s the beef?
It so turns out that most basic WiFi repeaters (i.e. a unit that connects to one WiFi network and broadcasts a new WiFi signal with the same or different SSID) don’t work too well with JunOS.
What you will see, after setting up a basic repeater, is that devices connected to it will be able to ping things on the local LAN but will not be able to ping the Juniper device or route traffic to the Internet via said Juniper device.
This is because the way that basic WiFi repeaters work is to put their own MAC Address into the packets they send out to the upstream Access Point. If you look in the arp table of a device on the network which can happily ping a device behind the WiFi repeater, you will see the Mac address of it is of the repeater itself and not of the WiFi interface on the device.
This is a problem because in newer JunOS releases, DHCP leases are issued with the “JDHCP” server. Unlike the older “DHCP” server implementation, JDHCP creates permanent / static ARP entries whenever it issues a DHCP lease to a device. That means that the Juniper device will always try to send traffic back directly to the MAC Address of the device. Since this doesn’t exist directly on the network (since it’s masked behind the WiFi repeater) this traffic doesn’t flow.
What’s the solution?
A few solutions appear to exist:
This Juniper KB article describes how you can switch back to using the older DHCP server. This doesn’t appear to work on my SRX 1500, which is running JunOS 22.4R3.
Use Wireless Distribution SystemWikipedia: A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access poi... (WDS). WDS is a technology which bypasses this traditional limitation of WiFi repeaters by creating a true Layer 2 bridge. Alas, WDS is unlikely to be supported on cheap devices but it is supported on OpenWrt et al. WDS, however, appears not to be a defined standard. I couldn’t get it to work between OpenWrt and Ubiquiti access points despite both of them supporting it.
Throw money at it. The Ubiquiti Unifi ecosystem supports wireless uplinks / meshing. If you have access points connected to hard-wired Ethernet, you can just plug another access point into PoE power and wirelessly adopt it into the Unifi network. It will get its uplink from the closest hard-wired AP. This type of meshing doesn’t have the issue of MAC address masking.
Any other ideas? Let me know.