Controllerless Networks

Hi all,

 

Weird problem, I have an IAP-115 deployment with 18 APs. Running 6.4.2.6-4.1.1 code. We have an SSID configured to use the internal DHCP server of the VC. We configured web filtering for adult/pornography websites to deny access and have an 'allow all' policy below that. 

 

When we try to browse to any website, the pages will not load or will load extremely slowly. If I move the allow all to the top, web pages load instantly. Tested DNS and ICMP to the internet successfully, pings had low latency. Tested on multiple devices and browsers. 

 

Any reason this might be happening? We want to use the IAP as a content filter, but not if it's going to prevent web browsing to approved sites.

 

Thanks.

You mention 4.1.1.x  What is the X?  If you are not running .8, you should be to fix any apprf issues.

We are running 4.1.1.8

 

We began with code 6.4.2.0 and the filtering was not working, so we upgraded to the latest GA release (above) thinking it would solve the problem, but it has not. Not sure what else to try.

 

I verified we could reach the web filtering cloud by testing a website in the CLI and it categorized it correctly.

My guess would be to check to make sure the DNS server is robust. Beyond that I would just be guessing without the tech support.

ok, they are using Windows Server (not sure which one) and I have never had this issue with it like this before. I may open a TAC case to investigate. I figured I would just give it a try here first. Was hoping it was a code bug and could migrate to previous code, but doesn't seem like that's the case.

 

Thanks for the help.

You said you have the VC giving out addresses and of course Natting using the magic VLAN.  Have you tried just sending the traffic out without the magic VLAN?

customer has flat network with every user and device in VLAN1 (/16). Customer currently does not own a layer 3 device to do routing between VLANs, so we need to use the IAP to keep the Guest network seperate.

Mharing,

 

That could be your issue.  For high performance instant networks, you normally want to try to isolate the management network of those devices.  How many devices do you think are on that /16?

Hi everybody. I am facing the same problem with IAP205 running 6.4.2.6-4.1.1.8.

 

When I enable the web filter, the navigation does not happen and the page does not load or loads slowly, even if the web page is allowed to access.

 

I am not sure about what IP addresses that IAP use to check and request the category. As I read in the OpenDNS's web site, their DNS servers are 208.67.220.220 and 208.67.222.222. I have a router allowing this traffic and I could check the packets reaching the OpenDNS's servers and going back to the router without resctrictions.

Please open a tac case so that this can be observed on your environment.

Colin Joseph.

 

Thanks for replying. I will open the case as well.

 

I have justa a last question. Is there a license in order to enable the content filtering?

 

Thanks in advance.

with IAPs, there are no licenses.

Thank you,

Michael Haring | Network Engineer
Comm Solutions Company | 140 Quaker Lane | Malvern, PA 19355
Direct: (610) 246-6037 | Fax: (610) 889-0484 | Tech Support: (610) 889-790
mharing@commsolutions.com | www.commsolutions.com

[cid:image003.jpg@01D0E0AC.2F6A5980]

REGISTER FOR COMM SOLUTIONS EVENTS

Connect with Comm Solutions Facebook LinkedIn Twitter Blog
Named CRN Tech Elite 250/ CRN SP500/ CRN Fast Growth 150/ Aruba Networks East Partner of the Year
Aruba Networks ClearPass Partner of the Year/ Palo Alto Networks Mid-Atlantic Partner of the Year

---

@mharing wrote:
with IAPs, there are no licenses.

---

not yet, but these filtering services won't remain free forever.