Anyone can make a mistake, so, retried, now, with printouts as evidence.
In summary, both of my observations in previous post are correct (with exception of “LAN1 port is still on 10.0.8.0/24” should be “LAN1 port is still on 192.168.2.0/24” since I changed AR750’s internal LAN prefix).
Implementation:
Border router/WLC/AP is FWF-61e, on 192.168.1.2. It acts as DHCP and DNS Server for internal network. 61e’s " wire_less_ssw" is a logical bridge between internal ethernet switch and WLC.
AR750’s Wired WAN (eth0.2) is 94:83:C4:xx:xx:0E has DHCP reservation on border router for 192.168.1.110
AR750’s Wireless WAN (wlan-sta) is 94:83:C4:xx:xx:0F has DHCP reservation on border router for 192.168.1.109
Before changes, in AR750S’ away from “Router” Network Mode, laptop’s connected to AR750S’ connections:
Connected by wire to LAN1:
$ ipconfig
:
Ethernet adapter built-in’i219-LM:
IPv4 Address. . . . . . . . . . . : 192.168.2.218
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
Connected by Wireless, SSID GL-AR750S-30e
$ ipconfig
:
Wireless LAN adapter built-in’8260:
Connection-specific DNS Suffix . : lan
IPv4 Address. . . . . . . . . . . : 192.168.2.238
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
Now, changes… Setting AR750S to “Extender” Network mode:
Connect laptop by Wireless to SSID GL-AR750S-30e
$ ipconfig /renew
Windows IP Configuration
No operation can be performed on built-in’i219-LM while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
DHCP fails!! Obviously, no connectivity without IP address.
Set laptop’s wireless interface to static IP 192.168.1.199/24.
$ ipconfig
Windows IP Configuration
:
Wireless LAN adapter built-in’8260:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.199
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
Connectivity to border router and other LAN devices resumes.
In Wireshark, I can see AR750S sending ARPs, spoofing itself with border router (192.168.1.2):
Frame 9: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface \Device\NPF_{43FB9F59-544B-4AAE-B5A6-5A0E4C30749D}, id 0
Interface id: 0 (\Device\NPF_{43FB9F59-544B-4AAE-B5A6-5A0E4C30749D})
Encapsulation type: Ethernet (1)
Arrival Time: Jan 11, 2020 09:43:15.979993000 AUS Eastern Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1578696195.979993000 seconds
[Time delta from previous captured frame: 0.358920000 seconds]
[Time delta from previous displayed frame: 0.358920000 seconds]
[Time since reference or first frame: 2.764617000 seconds]
Frame Number: 9
Frame Length: 42 bytes (336 bits)
Capture Length: 42 bytes (336 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:arp]
[Coloring Rule Name: ARP]
[Coloring Rule String: arp]
Ethernet II, Src: GlTechno_01:23:0e (94:83:c4:xx:xx:0e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: GlTechno_01:23:0e (94:83:c4:xx:xx:0e)
Type: ARP (0x0806)
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: GlTechno_01:23:0e (94:83:c4:XX:XX:0e)
Sender IP address: 192.168.1.2 (192.168.1.2)
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 192.168.1.110 (192.168.1.110)
(See attachment for more)
On laptop:
$ arp -a
Interface: 192.168.1.199 — 0x6
Internet Address Physical Address Type
192.168.1.2 94-83-c4-xx-xx-0e dynamic
So, as seen from its own wireless network, AR750S’s spoofing itself as border router 192.169.1.2.
On border router:
FWF61E4Q16001082 # get system admin status
username: admin
login local: ssh
login device: wire_less_ssw:192.168.1.2:22
login remote: 192.168.1.109:54442
login vdom: root
login access profile: super_admin
login started: 2020-01-11 10:27:22
current time: 2020-01-11 10:27:56
and
FWF61E4Q16001082 # get system arp
Address Age(min) Hardware Addr Interface
192.168.1.109 0 94:83:c4:x:xx:0f wire_less_ssw
So, AR750S is NAT’ing, even though supposed to be bridging (and spoofing, as seen on its own internal wireless network).
Now… Let’s try wired connection, disconnect from WiFi and connecting laptop to AR750S’ LAN1:
DHCP works!
$ ipconfig
:
Ethernet adapter built-in’i219-LM:
Connection-specific DNS Suffix . : lan
IPv4 Address. . . . . . . . . . . : 192.168.2.218
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
Administrative connection to border router is OK, and again, “login remote” is from 192.168.1.109, but this is expected, because it seems wired connection is still operating in routed mode, despite “Network Mode” in GUI being set to “Extender”.
Lots of time wasted documenting above, since, undoubtedly, GL.iNet’s engineers know all that.
The real problem is that GL.iNet hasn’t properly documented function of “Extender” Network Mode, leaving to end-user to speculate.