Controllerless Networks

Reply
Occasional Contributor I

[IAP - VPN] local ping problem with distribute, l3

Hi.

 

I tested RAPNG demo with distributem, l3.

 

<deployment>

Contreller - internet - firewall(only PAT) - IAP - 10.254.0.0/25(distribute, L3)

 

I checked IAP table at Controller, and OK,

I checked dhcp-allocation at IAP, and OK.

 

It does ping IAP to local device, but not OK,

 

*exam. IAP(10.254.0.1/25) -> device(10.254.0.10)  | not OK.

 

But, it does devce(10.254.0.10) -> 10.254.0.1/25) | OK

 

Why doesn't local ping from IAP to device?

 

regard,

Contributor II

Re: [IAP - VPN] local ping problem with distribute, l3

any comments on this?

 

We are seeing simliar issues with Distrubuted L3 scopes, that the Clients on the Distributed L3 subnet cant reach other. We can reach all from the inside an over the VPN tunnel, and the clients on the L3 can reach coporate resources over the VPN tunnel and internet access without any issues, they just can reach each other on the same subnet.

 

But if we in the VPN routing policy force the L3 subnet to be routed locally with a route of X.X.X.X/XX -> 0.0.0.0./0 the clients can reach each other, is this really by design and how it is supposed to work?

 

any thoughts and comments are welcome.

Valued Contributor II

Re: [IAP - VPN] local ping problem with distribute, l3

Hi,

 

Yes, we need to add a policy in the VPN route to allow all the subnets which you want to allow through the tunnel, otherwise traffic will not be allowed through the tunnel.

 

This can be fixed by adding a route in the VPN tunnel routing table.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II

Re: [IAP - VPN] local ping problem with distribute, l3

Hi,

I guess maybe i was unclear or something, the problem isnt that the traffic not going through the tunnel the problem is that they cant reach other on the distributed L3 subnet localy out on the ap between wired and wireless on the same distributed subnet without forcing the ap to route it locally by adding the subnet to the vpn routing table and destination 0.0.0.0/0 which does this. Without that clients cant reach other between wired and wireless on the same distributed L3.

Occasional Contributor I

Re: [IAP - VPN] local ping problem with distribute, l3

I had been case open.

 

TAC tell me that expected issue, and it must be routing table for local ping.

 

Regards.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: