Why does Airport Extreme disable LAN interfaces in client mode?

airport client

Solution 1:

Short Answer

This is a security-related limitation of the 802.11 standard. The 802.11n-capable AirPort Express has a fancy feature to work around this limitation, but the AirPort Extremes and Time Capsules do not.

Long Answer

The IEEE 802.11 standard requires the Access Point (AP) to require each wireless station (STA) to authenticate and "associate" to the AP before the AP can process real network traffic from the STA. STAs are identified by their wireless Media Access Controller (MAC) address (a.k.a. "AirPort ID", hardware address, etc.).

Simple network bridge devices don't change the MAC addresses on network frames. So if the AirPort Extreme tried to simply bridge traffic from the wired Ethernet devices on its LAN ports, those frames would still have those wired devices' source MAC addresses on them, and since those MAC addreses had never authenticated and associated with the AP, the AP would drop those frames for security reasons. Because this mode of joining an AP doesn't allow the Extreme to bridge frames from wired clients on its LAN port, the Extreme disables its LAN port to help users get the hint.

The 802.11 spec provides a standard way around this. It's called Wireless Distribution System (WDS). But WDS was under-specified in the 802.11 spec, lacks several important mechanisms, and various vendors' implementations aren't guaranteed to interoperate. So Apple chose to only officially support WDS between Apple AirPort Extreme, Express, and Time Capsule devices. So this isn't a solution for you if your AP is non-Apple. It's possible you could set it up manually and it may happen to work just fine, but Apple won't help you if it doesn't.

With the 802.11n-capable Extremes, Expresses, and Time Capsules, Apple provided an Apple-enhanced version of WDS that they just call "Extend the network", to provide the needed protocol mechanisms that bog-standard 802.11 WDS lacks. But again, no third party devices do this, so it's just and Apple-to-Apple thing.

The 802.11n-capable AirPort Express (note: not Extreme, just Express) has one special advantage here. It can do something an 802.11 engineer might call "Proxy STA" mode, where it not only joins a third-party AP was a STA, but it also spoofs the MAC addresses of all the wired Ethernet devices out its LAN port and performs 802.11 authentication and association as a proxy for those wired Ethernet devices, which allows the Express to bridge frames from those clients without the AP dropping them for security reasons. To the AP, all those MAC addresses looks like separate wireless clients; it has no idea that the Express is actually proxying for them all.

Related

Why is my S key intermittently typing ß inßtead of s <----See
Regular expression to match EOF
word2vec: negative sampling (in layman term)?
How do I remove a big file wrongly committed in git [duplicate]
How do you skip a unit test in Django?
Input and output numpy arrays to h5py
sequelize findAll sort order in nodejs
JQuery Datatables : Cannot read property 'aDataSort' of undefined
unable to resolve dependency tree error for creating new angular project
Two divs, one fixed width, the other, the rest
Python argparse: Make at least one argument required
Can someone explain the traverse function in Haskell?