Controllerless Networks

Hi,

 

I have home-network without VLANs. There are some SOHO Switches and some acceesspoints. I'm not sure if this is an instant controller - but I'm sure it's called virtual controller and one of the accesspoints always act as controller.

 

Now I have problems to access devices via Intra SSID traffic. This should mean that there are two wireless devices connected to the same SSID. I can browse the internet (so they are successully connected) but I'm not able to print on my samsung C480FW (also connected to the wireless network).

 

This is my simple config:

version 8.3.0.0-8.3.0
syslocation Virtual
virtual-controller-country AT
virtual-controller-key XXX
name blablabla
virtual-controller-ip 192.168.1.250
terminal-access
ntp-server at.pool.ntp.org
clock timezone Vienna 01 00
rf-band all

allow-new-aps
allowed-ap 24:f2:7f:XX:XX:XX
allowed-ap 24:f2:7f:XX:XX:XX
allowed-ap 24:f2:7f:XX:XX:XX
allowed-ap 24:f2:7f:XX:XX:XX
allowed-ap 44:48:c1:XX:XX:XX



arm
 wide-bands 5ghz
 80mhz-support
 min-tx-power 18
 max-tx-power 127
 band-steering-mode prefer-5ghz
 air-time-fairness-mode default-access
 client-aware
 scanning


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless


extended-ssid





hash-mgmt-password
hash-mgmt-user admin password hash XXX

time-range Kids7-21 periodic daily 07:00 to 21:00


wlan access-rule HomeNet
 index 0
 rule any any match any any any permit

wlan access-rule default_wired_port_profile
 index 1
 rule any any match any any any permit

wlan access-rule wired-SetMeUp
 index 2
 rule masterip 0.0.0.0 match tcp 80 80 permit
 rule masterip 0.0.0.0 match tcp 4343 4343 permit
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit

wlan access-rule Kids
 index 3
 rule any any match any any any permit

wlan ssid-profile HomeNet
 enable
 index 0
 type employee
 essid HomeNet
 wpa-passphrase xxx
 opmode wpa2-psk-aes
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter none
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

wlan ssid-profile Kids
 enable
 time-range Kids7-21 enable
 index 1
 type employee
 essid Kids
 wpa-passphrase xxx
 opmode wpa2-psk-aes
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter arp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

auth-survivability cache-time-out 24



wlan external-captive-portal
 server localhost
 port 80
 url "/"
 auth-text "Authenticated"
 auto-whitelist-disable
 https


blacklist-time 3600
auth-failure-blacklist-time 3600



ids
 wireless-containment none


wired-port-profile wired-SetMeUp
 switchport-mode access
 allowed-vlan all
 native-vlan guest
 no shutdown
 access-rule-name wired-SetMeUp
 speed auto
 duplex auto
 no poe
 type guest
 captive-portal disable
 no dot1x

wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 1
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable
 no dot1x


enet0-port-profile default_wired_port_profile

uplink
 preemption
 enforce none
 failover-internet-pkt-lost-cnt 10
 failover-internet-pkt-send-freq 30
 failover-vpn-timeout 180


airgroup
 enable
 multi-swarm
 enable-guest-multicast

airgroupservice airplay
 enable
 description AirPlay

airgroupservice airprint
 enable
 description AirPrint

airgroupservice Sonos
 enable
 id urn:schemas-upnp-org:service:GroupRenderingControl:1
 id urn:schemas-sonos-com:service:Queue:1
 id urn:schemas-upnp-org:service:AVTransport:1
 id urn:schemas-upnp-org:service:RenderingControl:1
 id urn:schemas-tencent-com:service:QPlay:1
 id urn:schemas-upnp-org:service:GroupManagement:1
 id urn:schemas-upnp-org:service:ZoneGroupTopology:1
 id urn:schemas-upnp-org:service:DeviceProperties:1
 id urn:schemas-upnp-org:service:MusicServices:1
 id urn:schemas-upnp-org:service:AlarmClock:1
 id urn:schemas-upnp-org:device:ZonePlayer:1
 id urn:schemas-upnp-org:service:SystemProperties:1
 id urn:schemas-upnp-org:service:ContentDirectory:1
 id urn:schemas-upnp-org:service:ConnectionManager:1
 id urn:smartspeaker-audio:service:SpeakerGroup:1
 id urn:schemas-upnp-org:service:AudioIn:1
 id urn:schemas-upnp-org:device:EmbeddedNetDevice:1
 id urn:schemas-upnp-org:service:EmbeddedNetDeviceControl:1
 id urn:schemas-upnp-org:service:HTControl:1
 id urn:schemas-upnp-org:service:VirtualLineIn:1

airgroupservice itunes
 enable

airgroupservice AmazonTV
 enable

airgroupservice "DLNA Media"
 enable

airgroupservice "DLNA Print"
 enable

airgroupservice DIAL
 enable

airgroupservice allowall
 enable

cluster-security
 allow-low-assurance-devices

 

 

The printer has a fixed IP Address 192.168.1.200.

I can ping, samsung software can find the printer but Windows is not able to print on this printer...

 

When logging in to VC via console when printing:

XXX# show airgroup blocked-service-id

AirGroup Blocked Service IDs
----------------------------
Origin  Service ID  #response-hits
------  ----------  --------------
Num Blocked Service-ID:0
XXX# show airgroup blocked-queries

AirGroup dropped Query IDs
--------------------------
Service ID     #query-hits  Thread Num
----------     -----------  ----------
_homekit._tcp  27           1
_airport._tcp  1            1
Num dropped Query IDs:2
XXX#

 

 

What I saw in show airgroup servers verbose is the Rec-dropped on the IP of the printer.

 

AirGroup Servers
----------------
MAC                IP             Type       Host Name          Service     VLAN  Wired/Wireless  Role      Group  Name  AP-Name            Rec-dropped  Rec-filtered  Rec-responded  Last-query        Query Throttled  Resp Throttled  CPPM-Req  CPPM-Rsp  CoA  CPPM Dev-Added  CPPM Dev-Deleted
---                --             ----       ---------          -------     ----  --------------  ----      -----  ----  -------            -----------  ------------  -------------  ----------        ---------------  --------------  --------  --------  ---  --------------  ----------------
00:11:32:08:c2:96  192.168.1.220  mDNS,DLNA  DiskStation        DLNA Media  1     wired                                  2OGBuero           2            0             169            Jul 09 20:48:05   0                0               0         0         0
                                                                Sonos
                                                                airprint
                                                                itunes
                                                                sharing
00:0e:58:da:3e:18  192.168.1.16   mDNS,DLNA  sonos000E58DA3E18  DLNA Media  1     wired                                  2OGBuero           0            0             11             Jul 09 20:48:05   0                0               0         0         0
                                                                Sonos
                                                                allowall
00:0e:58:da:15:f2  192.168.1.12   mDNS,DLNA  sonos000E58DA15F2  Sonos       1     wired                                  2OGBuero           0            0             4              Jul 09 20:47:42   0                0               0         0         0
                                                                DLNA Media
                                                                allowall
00:0e:58:c7:59:a2  192.168.1.28   mDNS,DLNA  sonos000E58C759A2  DLNA Media  1     wired                                  2OGBuero           0            0             4              Jul 09 20:48:05   0                0               0         0         0
                                                                Sonos
                                                                allowall
84:25:19:2e:cc:38  192.168.1.200  mDNS,DLNA  SEC8425192ECC38    airprint    1     wireless        Heimnetz               2OGBuero           60           0             22             Jul 09 20:47:47   0                0               0         0         0
                                                                allowall
                                                                DLNA Print
4c:ef:c0:7d:13:8d  192.168.1.61   mDNS,DLNA  192-168-1-61       DIAL        1     wireless                               24:f2:7f:cf:d3:de  0            0             0                                0                0               0         0         0
                                                                AmazonTV
00:0e:58:c7:59:a6  192.168.1.32   DLNA                          DLNA Media  1     wired                                  2OGBuero           0            0             0                                0                0               0         0         0
                                                                Sonos
Num Servers: 19.

 

 

 

So back to my original question:

- How to configure this system that EVERYTHING is passed like a 25€ accesspoint?

- I wan't to allow traffic within the SSID and also from and to wired network (I have SOMETIMES some problems with SONOS Audiosystem too)

 

Can this have todo with:

wired-port-profile default_wired_port_profile
 switchport-mode trunk ?????????????
 allowed-vlan all
 native-vlan 1  ???????????????????
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable
 no dot1x

 

So what is "No VLAN" and why is standard switchport-mode trunk?

 

 

Thank you very much!

 

regards

Susan

 

 

What SSID(s) is/are the Windows laptop and the wireless printer connected to?

 

For a small single VLAN PSK network, it may be best to disable AirGroup since all devices share the same VLAN and there is no filtering of mDNS services between users.

Hi,

 

both are in the HomeNet SSID.

How can I disable Airgroups to pass all traffic?

 

regards

Susan

From the webui, under configuration -> Services, ensure that AirGroup services (Bonjour, DLNA, Guest Bonjour multicast, etc) are disabled.

 

What firmware version is your IAP running? I can provide screen shots for that version of code.

Nevermind. From the config you posted, you're running 8.3.0.0.

 

Attached shows the two screens to walk through to get to the settings.

Hi,

 

So disable Airgroup Services will mean that it "bridge" the packets from Wifi to LAN, LAN to Wifi or Wifi to Wifi?

 

So no "intelligence" there trying to understand what going on, change IP-Addresses or other data in the packets?

 

I'll try that (not possible at the moment) and I'll come back if it doesn't help...

 

Thank you!

 

 

AirGroup accomplishes two things. It provides a unicast response to mDNS queries so that multicast traffic is reduced. As a side effect of that, it allows for service advertisement for devices that are on different subnets from the clients that want to access those services. Since you're setup has everything on one VLAN, then the cross subnet functionality is not needed. Also, you have broadcast filtering disabled, so the mDNS queries should work without intervention.