PDA

View Full Version : Need help with Airport Express & College Network


SilverBeetle
Jul 21, 2004, 07:07 PM
I just purchased a AirPort Express and received it this week. Iím having more than a few problems getting it up and running though. I thought I would turn to the wonderful Mac community for help. Please help me.

Hereís a summary of my woes (you can read the entire story on my blog: http://karen.blogs.com -- and you can read my latest problem in my last post: http://karen.blogs.com/silverbeetle/2004/07/scratch_that_.html ):

Iím on a college network where you are only allowed to have one computer registered at a time. It registers your network card address and assigns you an IP. I hooked up my AirPort Express and had to re-register. It didnít work. I started getting error messages saying I needed to register, but then it wouldnít let me because it already had my address in the system. The next two days were spent switching between my computer and my airport trying to get it to work.

This morning I did some research and it seems like my best option is not to set up a new wireless network, but to use my AirPort Express as a bridge. This way it would be completely invisible to the college network and the network should register my airport cards address. My hunch was right and it finally worked. There was one problem though, my AirPort Express was completely unresponsive to my computer. I couldnít access it with the Airport Admin Utility or even access it through the setup assistant.

I figured I had no choice but to reset it, so I followed the directions and reset it to factory defaults. I changed the setting to use it as a bridge (I turned off IP assigning) and then the network started sending me error messages again. I will reregister it tonight and hopefully that will cure my wireless ills.

Is this the best way for me to do this? Is there a better way that I am unaware of? Also, it seems that by using it as a bridge, I am unable to use Airtunes. Is there a way to get this all running and keep my airtunes?

Any help or suggestions would be much appreciated.

Butler Trumpet
Jul 22, 2004, 11:05 PM
I go to Butler University in Indianapolis, and I work in Information Resources as a student tech. From being around all the computer people of Butler I know one thing... that is that a large network like a school is very very cautious about letting people use any kind of wireless that isnt set up through them. Your airport is probably having so many proplems because they get kinda pissed if you start to share your internet connection. Example, if at Butler if you turn on "internet sharring" in your system prefs so other people can connect to you and be online... a guy from IR will seriously find where you are and take you off the network. They really dont like people sharing net connections because it makes the network less secure, and that is basically what the network thinks you are doing. If you do ever get this to work, I would love to know how. And good luck :)

rand()
Jul 22, 2004, 11:56 PM
You should do as the other poster suggested - find out if it's alright that you set up a mini-wireless network. Sure, you can only support 10 users at a time, but that still makes many sys-admins queasy. Believe me, I work with a sys-admin who has a constant uneasy stomach. :o

Secondly, is your school's internet wired or wireless? My following suggestion is based on wired.

If it is okay, I believe the correct way is to have the Airport Express in Wireless Access Point mode. Hook the Ap.Ex. to the wired jack with plain old CAT5. You should then NOT be trying to connect to the "School Network," but to the Airport Express, which then routes the School Network to your computer.

If your school's internet is based on wireless (and I'm guessing it is), it must be Airport Extreme or Airport Express based, or bridging will not function - I believe this is the case, because a locked up ApEx sounds like a reasonable result of trying to bridge with a non-apple wireless lan. Or the ApEx was trying to bridge the wrong channel's - I'm not entirely sure how smart they are.

Now, technically there are ways to get other routers to work with Airport Express, but they involve flashing the Routers with new *unsupported by the vendors* software that supports Apple's implementation of the 802.11g bridging features. But it is EXTREMELY unlikely that a sys-admin is going to flash (and potentially wreck) his wireless routers so one student can have AirTunes.

Theoretically, once the 802.11g standards have settled, the bridging software will be available as a standard update to every router, including Airport Express's. But until then (if that day even comes), you're stuck.

There is one final solution. You can wirelessly connect to the school's network on your computer, and use a CAT5 to connect the computer to the Airport Express. In fact, with Internet Connection Sharing turned on, this would work as a WAP, then. It *should* still work the same, but until I get my hands on one, I won't be certain. But that kinda defeats the purpose of a Wonderful Wireless World, now, doesn't it?

Good Luck, and Good Listening,
rand()

--edit:
I thought of an additional reason it wouldn't work, if the original setup was wired. If the Wireless Access Point mode does not route - i.e. doesn't have it's own DHCP server, but instead simply acts as an access point for the network's native DHCP (or other address resolution) server, you're stuck too. The Network then needs the MAC of the ApEx (I believe), and the MAC of your Wireless card, and as you said, you can only have one active, online MAC at a time. I'm simply not sure if the AirPort Express has that capability or not.

iNetwork
Jul 23, 2004, 12:26 AM
Use it as a NAT router and all your woes should go away. A NAT router takes 1 ip and shares it among many. Say your only college ip address is 128.206.2.1, the APE (hehe good acronym for it) would obtain, theoretically, that ip address.

Now as you described, many universities are having you register MAC addresses of network interfaces to obtain access to their network. You want to go in and find the MAC addy of the APE and put that into your college system.

Basically in Broadband Sharing or NAT routing mode, the Univ is your ISP and you're making your own "home network" Just as I do with my cable connection. My Cable company only gives me 1 IP address and my APX holds it.

One of the down sides of only using an APE is that your connectivity speed to the campus lan is now 54mbps instead of 100mbps! Only APX has an additional lan port that will allow you to hook up a switch to get more private ip addresses. (ie 192.168.x.x)

SilverBeetle
Jul 23, 2004, 04:33 AM
Update:

I can get the network to register the ApEx address Ė it assigns it an IP and everything is wonderfully happy. I get wireless YAY! Iíve been successful getting it to work using it just as a bridge and also using it to set up a network and use NAT to share the address. Only problem Ė it doesnít last.

This morning I got it working (using it as a bridge Ė ie registering my airport cards address). It would let me connect to the internet just fine but wouldnít allow me to connect to any chat clients (Adium, AIM, iChat). I decided to surf around a bit and 5 minutes later I started getting redirected to pages telling me I needed to register. Since I had to re-register it anyway, I decided to follow the advice of a few people and set it up to register the ApEx mac address and use NAT to share an IP. Next round of registrations passes, it gets assigned an IP. Now itís working perfectly Ė I could access the web, chat clients, and use airtunes. Iím surfing around and soon I start getting redirected to pages telling me I had to register.

This time I was pretty pissed off so I closed the Powerbook and just left it be for about 2 hours. I come back to it and realize that now eveythings working fine. It continued working fine all evening until around midnight. I started getting redirected to pages telling me I needed to register. I couldnít access any webpages, or the iTunes music store, but Adium was still connected and I could use Airtunes. I talked on Adium till about 1 or 2 when I closed it to see if I could reconnect. After that, it wonít let me re-connect to Adium either. So now itís like I have no connection to the internet what-so-ever and it wants me to register my computer.

Itís not the ApEx because I can still use Airtunes. Anyone have any ideas as to why it would do this?

I can get it to register and work fine, but then all the sudden the network isnít recognizing me or something. It has my address in the system though because it wonít let me re-register the same address (which is why I have to keep switching what address I let it register. And, no, the system isnít blocking me, it just gives me an IP error instead of giving me the form to fill out to register).

I know itís not the school cutting off my access -- they just turn off your port when they do that. My port is still on or I wouldnít get redirected anywhere Ė it just wouldnít have a connection.

Thanks for all the advice Iíve received so far! It all works fine for a little bit Ė it just wonít stay. Now what? Any suggestions?

steve_bf
Jul 23, 2004, 06:04 AM
Does the APX have the "MAC clone" function? This will clone the mac address of the registered hardware onto the APX to make the network think it's actually talking to your powerbook. Many ISP's here in Australia allow only 1 mac address to access the ADSL connection, so all the wireless routers now have this MAC clone function.

It shouldn't really matter whether it's an Airport based or other system as they all work of the same protocol

iNetwork
Jul 23, 2004, 06:49 AM
It sounds like the university is having network issues. When I was back at MU, they always made network changes. If you were getting full access using the NAT function then your univ is telling you to re-register the mac addy, then something's up with them. Try pulling the APE out of the mix for an evening and just using your laptop as you normally would. If you don't have any problems then either a) they finally fixed their mac registration program. If that is the case try and re-register the mac addy of the APE using it as a NAT. If it still works on and off, they may have some sort of script that runs periodically looking for NAT devices. Then that script boots your NAT router off of the network and makes you re-register a valid device. The reason I know how these work is because I wrote one for the university. I hope this helps.

Earl Urly
Jul 23, 2004, 09:18 AM
..Why the bejeezus are you tiptoe-ing around your local IT group to do this?

They set the policy; if such tight measures are in place in the first place to keep you from fiendishly usurping their bits, they've probably been burned before. They're only going to eventually find you and nullify your connection anyway..

Why not do some social hacking and hang with them (unless they are particularly too pasty-faced or play too much Ministry) and find out why they are doing what they're doing? Maybe even flutter those eyelashes and get an 'exception' made for you because you know what you're doing and promise not to set up a satellite connection to share music with a bunch of sweaty migrant workers putting bootleg CD inserts into jewels somewhere in Macao? Last time I checked it was the 21st century.. people still use those muscles in their throats to communicate, I think. :D

"What did I tell you about those negative waves!?"
-Donald Sutherland to Don Rickles, Kelly's Heroes

rand()
Jul 23, 2004, 11:09 AM
I think your best option is to keep it with the AirPort Express MAC registered and in NAT mode. If it asks to register again, register always with the AirPort MAC.

Here's a question for you: does your school have a wireless AND a wired network? I would read your blog, but it's blocked for me here at work.

Check to see if the IP the school is handing the AirPort and the IP you've got on your Powerbook look like they're in the same subnet - i.e. the APX has something like 128.230.21.xxx and your Powerbook has the same 128.230.21.xxx - with only the last numbers changed on you. If so, then you aren't connecting through the AirPort. If you are connecting through your Airport, you'll likely see an IP of 192.168.1.xxx on the PB.

You likely did have it setup correctly. I would not be surprised if your University was working on their network (as was suggested earlier), and that's why it's so strangely intermittent.

Come back and let us know...
rand()

seamuskrat
Jul 23, 2004, 04:07 PM
Its a complicated issue. As APE is used for things other than internet access.

Option 1 : easy and less desirable
Connect Mac to university network via cable. You are wired, but fall with in their fair use policy. Have itunes connected to stereo and use location manage to change between Cat5 and wireless to stream music.

PROS: Legal form the university perspective.
CONS: Can't surf and stream at same time, cannot be wireless

Option 2:
APR to university network. Register the APE MAC address. I presume you are on a VLAN with DHCP, so the IP is assigned. The APE is the 'front' and the iBook is behind it. You could turn on the APE internal DCHP but that seems to be where the conflict arises. The problem is that the APE is assigning you a DHCP address based on its own configuration - much like many router assign 192.168.1.X the APE does this with another range. If possible, you need to pass thru to your machine the IP DHCP Assigns to you.

Option 3:
Get a LinkSys Router (important because APE can bridge to Linksys with some hacks) mimic the Mac MAC address or register the router. Then connect the accessories. Again against school policy but it will work.
Basically, yo have a draconian network using what I gather to be a Vlan system that is MAC address and possbly IP address based. The good news is by doing it that way they allow Macs. Some schools go with software based authentication and cannot be bothered to certify the Java mac client and Macs are left out.

Earl Urly
Jul 24, 2004, 01:23 AM
Update:

I can get the network to register the ApEx address Ė it assigns it an IP and everything is wonderfully happy. I get wireless YAY! Iíve been successful getting it to work using it just as a bridge and also using it to set up a network and use NAT to share the address. Only problem Ė it doesnít last.

Thanks for all the advice Iíve received so far! It all works fine for a little bit Ė it just wonít stay. Now what? Any suggestions?

Well, if you have NAT set up, you might want to look at the DHCP Lease time, which is down and to the right of the "Share a range of IP Addresses" radio button.. set it to something like 8 hours and see if things fall apart after that time period..

Also, you might also have to create a "DMZ.." This is a zone where if you assign yourself a fixed IP (but on the LOCAL network, like 10.0.1.222), the Airport will automatically forward all ports to that one address. Apps like Adium and iChat don't like changing IP addresses, even if they're on the private side of the network.

And you definitely need a semi-fixed IP for BitTorrent to work the best, but that's a whole 'nother ball of wax. :)

Your apps may be falling apart because deep inside your Airport there's a routine that says, "Hmmm, this machine has already had 10.0.1.5 for 2 hours, the default DHCP lease length.. okay, machine, you are now 10.1.1.7." iChat still thinks it's been assigned 10.1.1.5, so it sends out code that demands that someone speak to 10.1.1.5, but your Airport passes it on to your local network since it has changed your IP on the internal network, and since there's probably nothing (or something) assigned to that IP on your network, you're getting the register nags. Well, maybe it's not exactly like that but it may be close.

iNetwork
Jul 24, 2004, 03:04 AM
:mad: Its a complicated issue. As APE is used for things other than internet access.

Option 1 : easy and less desirable
Connect Mac to university network via cable. You are wired, but fall with in their fair use policy. Have itunes connected to stereo and use location manage to change between Cat5 and wireless to stream music.

PROS: Legal form the university perspective.
CONS: Can't surf and stream at same time, cannot be wireless

Option 2:
APR to university network. Register the APE MAC address. I presume you are on a VLAN with DHCP, so the IP is assigned. The APE is the 'front' and the iBook is behind it. You could turn on the APE internal DCHP but that seems to be where the conflict arises. The problem is that the APE is assigning you a DHCP address based on its own configuration - much like many router assign 192.168.1.X the APE does this with another range. If possible, you need to pass thru to your machine the IP DHCP Assigns to you.

Option 3:
Get a LinkSys Router (important because APE can bridge to Linksys with some hacks) mimic the Mac MAC address or register the router. Then connect the accessories. Again against school policy but it will work.
Basically, yo have a draconian network using what I gather to be a Vlan system that is MAC address and possbly IP address based. The good news is by doing it that way they allow Macs. Some schools go with software based authentication and cannot be bothered to certify the Java mac client and Macs are left out.
You obviously don't know what you're talking about..
Option 1 Problems. He could bridge his connection with his laptop. How to do this is a different ball of wax but it can be done. He can then access the internet and stream music to his APE.

Option 2 Problems. He only gets 1 ip addy from the university. I don't even know what you're trying to describe in the rest of this..2 devices on the same network cannot have the same ip...so he cannot just "pass through" the ip to his laptop. When your NAT router, which the APE is, assigns you an IP using DHCP, you get an address in the private address range. I suggest you pick up a networking book from cisco or someone else and read it.

Option 3 Problems. APE is a NAT router, why buy another??? And what in the heck to VLAN's have to do with this??? A VLAN is called a virtual Local Area Network. It is used to create seperate broadcast domains and they must be seperate subnets. I'm really not sure what you're talking about here. Of course his school uses DHCP servers, everbody with a large network uses them!!

I do have a CCIE, so obviously I knew something in order to obtain that certification...but I could be wrong.

SilverBeetle
Jul 24, 2004, 04:47 PM
Well, if you have NAT set up, you might want to look at the DHCP Lease time, which is down and to the right of the "Share a range of IP Addresses" radio button.. set it to something like 8 hours and see if things fall apart after that time period..

Also, you might also have to create a "DMZ.." This is a zone where if you assign yourself a fixed IP (but on the LOCAL network, like 10.0.1.222), the Airport will automatically forward all ports to that one address. Apps like Adium and iChat don't like changing IP addresses, even if they're on the private side of the network.

And you definitely need a semi-fixed IP for BitTorrent to work the best, but that's a whole 'nother ball of wax. :)

Your apps may be falling apart because deep inside your Airport there's a routine that says, "Hmmm, this machine has already had 10.0.1.5 for 2 hours, the default DHCP lease length.. okay, machine, you are now 10.1.1.7." iChat still thinks it's been assigned 10.1.1.5, so it sends out code that demands that someone speak to 10.1.1.5, but your Airport passes it on to your local network since it has changed your IP on the internal network, and since there's probably nothing (or something) assigned to that IP on your network, you're getting the register nags. Well, maybe it's not exactly like that but it may be close.

I thought about the DHCP lease time myself. Didnít think of it till yesterday, but better late than never. It was set to 4 hours, I reset it to 30 days just to make sure that wasnít a factor. I actually thought that might work but itís not.

Itís all still doing the same thing. Itíll be gold for a few hours tops then all the sudden it all goes to hell. Weird thing though, it will still retain some of the connections it had when it all went to hell. Like Iíll still be able to navigate on the last webpage I accessed, but no others Ė or Adium will still be connected.

I honestly thought maybe the school was detecting that there was something odd and screwing with my address, but about 3 times now, the connection has spontaneously started working again. Itís not being disconnected from the school network (because I get re-directed to registration pages). I have no earthly clue whatís going on Ė Iím at a loss and the end of my knowledge on the subject.

If you could explain to me how to set up a fixed IP like you mention here, Iíll gladly try it.

Thanks again, for all the advice so far. Iím still holding hope that I can get it to work. Iíd hate to give up on it after a week of trying.

iNetwork
Jul 25, 2004, 12:13 AM
If you keep getting re-registration pages, then your univeristy is kicking your APE's MAC address off. Your private network is fine. The problem lies with your UNIVERSITY. You either A) need to call them and ask them why you keep getting kicked off or B) just register your wired port on your laptop to see if they are having network problems. The problem is not your equipment, it's the university's. There's no NEED to have a static private IP address. Your network is working A-OK. You need to make some phone calls to see if what you're doing is allowed. It's probabally not, so this is why you keep getting re-registration pages. NO amount of tweeking on your end will fix this problem. PERIOD!!!

SilverBeetle
Jul 25, 2004, 04:50 AM
If you keep getting re-registration pages, then your univeristy is kicking your APE's MAC address off. Your private network is fine. The problem lies with your UNIVERSITY. You either A) need to call them and ask them why you keep getting kicked off or B) just register your wired port on your laptop to see if they are having network problems. The problem is not your equipment, it's the university's. There's no NEED to have a static private IP address. Your network is working A-OK. You need to make some phone calls to see if what you're doing is allowed. It's probabally not, so this is why you keep getting re-registration pages. NO amount of tweeking on your end will fix this problem. PERIOD!!!

If the universityís network is kicking my MAC address off, then how come if starts working again every once in a while (without me registering again)? Iím not trying to be sarcastic or rude here Ė Iím seriously asking.

Itís like if I sign onto AOL via dialup for a while Ė then the airport express will start working and then I can sign off of the dial up and be wireless but it doesnít last very long (read: mere minutes to 2 or 3 hours max). And as previously said Ė when it goes down, I still remain connected on Adium.

Is that consistent with the university kicking my MAC address off? (Again, not being rude in the least Ė I just want to understand whatís up here). And there are absolutely no problems if I register my wired port so itís not some weird network failures. How could the network ever see that it was a wireless device?

iNetwork
Jul 25, 2004, 04:58 AM
If the universityís network is kicking my MAC address off, then how come if starts working again every once in a while (without me registering again)? Iím not trying to be sarcastic or rude here Ė Iím seriously asking.

Itís like if I sign onto AOL via dialup for a while Ė then the airport express will start working and then I can sign off of the dial up and be wireless but it doesnít last very long (read: mere minutes to 2 or 3 hours max). And as previously said Ė when it goes down, I still remain connected on Adium.

Is that consistent with the university kicking my MAC address off? (Again, not being rude in the least Ė I just want to understand whatís up here). And there are absolutely no problems if I register my wired port so itís not some weird network failures. How could the network ever see that it was a wireless device?

1. Did you call them and ask if it was allowed or if they're having problems?
2. It's not your wireless setup. You stated earlier that you could get the current webpage you were on to come back up--that's because it's cached in the web browser. Many chat programs don't always check in and "tell you right when your connection dies" It's not a benchmark to see if your connectivity is valid. Also if you get the redirect page then it's coming through your APE-proving it works...
3. Redirect pages to register your MAC address means that again A. it's not allowed or B. They have problems
4. Mac addresses are given to manufacturers in groups. A good sysadmin can get a mac address and narrow it to manufacturer and product. There are also ways such as portscans, etc to detect a NAT router. University networks are also not Bulletproof, meaning they CAN and do break. There are tons of people who know more ways to screw up a network than bubba gump knows how to cook shrimp.

I'm unsubscribing from this thread now because you cannot listen.

Earl Urly
Jul 26, 2004, 11:30 AM
Before this trainwreck of a thread goes any further, here's how to set up a default host; this is what Apple terms (in that little old PDF that came with your AX, entitled "Designing Airport Networks..)

To set up a default host:
1 Open AirPort Admin Utility, select your base station, and click Configure

2 Click Show All Settings.

3 Click Base Station Options.

4 Select the ďEnable Default Host atĒ checkbox. The default IP address is 10.0.1.253.

Here, you save the settings and restart the AX. Meanwhile on your laptop:

5 Enter the same IP address on the host computer.

a Open the Network pane of System Preferences on the host computer.

b Choose AirPort from the Show pop-up menu.

c Choose Manually from the Configure IPv4 pop-up menu.

d Enter the same IP address you entered in the Enable Default Host pane of AirPort Admin Utility.

And wah-la, default host is enabled.

The good thing about default host is that it doesn't make the Airport use its own shaky routines to resolve IPs on your 'private network..' Everything the Airport gets via the LAN port just gets automatically forwarded to the machine you described as your default host. The bad news is that only one machine can benefit from this; if you ever have a friend who wants to hook up to your network you'll have to reset the Airport to a more friendly setup. But hey, that's why they let you save settings, right? ;)

Many webcam software manufacturers recommend this as this is the only way in most cases to get a server of any kind running behind an Airport.

I believe that this may help you because it's the next best thing other than configuring your machine as a bridge which didn't seem to help anyway.

Earl Urly
Aug 7, 2004, 08:34 PM
Okay, I'm calling it (picking up limp wrist)

This thread is now officially dead.

May it rest in peace.