Problem with Bonjour Services and Airport Extreme In Bridge Mode
I am using an Airport Extreme (802.11n) Base Station in an office environment with about 20 users. I have a firewall in the office which handles DHCP, so the Airport is in Bridge Mode and does not distribute its own IP addresses. The base station is connected to the rest of the network via its WAN port, which in turn is connected to a switch along with all the other wired clients. Wireless security is set to WPA/WPA2 Enterprise and authentication is done via RADIUS against a Leopard Server. Wide-area Bonjour is not enabled.
The issue is that sometimes (not always), wireless clients are unable to browse or use bonjour services. On a wireless machine, iChat will show no other users on the network (not even other wireless users running iChat), even though many users can see each other in iChat on the wired network. Wireless users also cannot print to Bonjour printers, while wired users have no problem. The printers are network-based, not USB, though they are connected to the base station's WAN ports, which are acting as a hub with the rest of the network in this case. Thus, I am especially perplexed by the fact the wired clients can see them fine while wireless clients cannot.
I have noticed that occasionally, iChat on wireless machines will inexplicably start working for a little while, only to stop working a short time later. My company also has another office with an identical network setup, and I have heard that a similar issue exists there, though reports seem to indicate that the problem is more occasional, i.e. Bonjour services work more often than they don't.
So what's the deal? Is this a bug of some kind in the Airport firmware? Do I need to configure Wide-Area Bonjour to get wireless clients to talk to each other and the rest of the network? If so, why? Shouldn't all the machines on the wired and wireless network be able to talk to each other, since NAT is not enabled on the base station? For what it's worth, the firewall does not control traffic within the internal network, so it's not an issue with ports being blocked. All regular IP-based services work, just not Bonjour. Any ideas or troubleshooting advice are welcome.
The issue is that sometimes (not always), wireless clients are unable to browse or use bonjour services. On a wireless machine, iChat will show no other users on the network (not even other wireless users running iChat), even though many users can see each other in iChat on the wired network. Wireless users also cannot print to Bonjour printers, while wired users have no problem. The printers are network-based, not USB, though they are connected to the base station's WAN ports, which are acting as a hub with the rest of the network in this case. Thus, I am especially perplexed by the fact the wired clients can see them fine while wireless clients cannot.
I have noticed that occasionally, iChat on wireless machines will inexplicably start working for a little while, only to stop working a short time later. My company also has another office with an identical network setup, and I have heard that a similar issue exists there, though reports seem to indicate that the problem is more occasional, i.e. Bonjour services work more often than they don't.
So what's the deal? Is this a bug of some kind in the Airport firmware? Do I need to configure Wide-Area Bonjour to get wireless clients to talk to each other and the rest of the network? If so, why? Shouldn't all the machines on the wired and wireless network be able to talk to each other, since NAT is not enabled on the base station? For what it's worth, the firewall does not control traffic within the internal network, so it's not an issue with ports being blocked. All regular IP-based services work, just not Bonjour. Any ideas or troubleshooting advice are welcome.
MacBook (Black), Mac OS X (10.5.2), Core Duo 2GHz, 2GB RAM