Wireless Access

I have about 4 AP-105 to be deployed in my network. The clients receive IPs from a DHCP server service running on the PFsense firewall. This DHCP assigns to the clients the gateway IP of the CARP/virtual interface for the master and backup firewall. Unfortunately the clients  are having problems with the CARP. They cannot reach the CARP, no pings go through and the CARP interface IP cannot even be found in the ARP table of the clients.

Does anyone have an idea or a solution?

Thanks inadvance

Hi Friend,

Let me understand your network,

1. What is the forwarding mode of the SSID ( VAP) where clients connected ?

2. Is the the controller ( LMS) able to ping the Gateway ( Client GW) ?

3. Is there any NATing enabled on the Client VLAN ?

Please clarify these points, 

Please feel free for any further help on this.

Hi,

Thanks very much for the quick response:

1. The VAP forwarding mode is in Access Mode

2. Yes it is able to ping the virtual gateway.

3. There is no NATing enabled on the client VLAN.

thanks

Hi,

VAP Forwarding mode can not be Access mode, it can be either, Tunnel mode, Bridge Mode or Decrypt tunnel mode.

It is very important to know the forwarding mode and the VLAN to fix this issue,

to check the forwarding mode and VLAN use the following command,

Please feel free for any further help on this.

Hi,

Thanks for your reply, this is an IAP-105 with a Virtual controller IP.  Find attached file.

Hi Friend,

Here we don't need to know the uplink status and the IP address of the AP because AP do not have any issue, Clients are having issue hence we should know the forwarding mode of the VAP and the VLAN mapped to the VAP.

Please follow the above command and try to know the forwarding mode and the client VLAN.

without the above information we can not fix the issue.

how are you instant APs connected to the network? on a trunk port, can they reach all VLANs they need to reach? how are your clients assigned to a network / VLAN? please share you config.

PS: dhanraj_puduch… this isn't a controller based setup, so you can't check the VAPs.

Hi,

I have just 1 VLAN (management vlan 1) and all ports are allowed. The ports are trunk ports and have access to the vlan. The clients were first being assigned IPs from the DHCP Server (PFSENSE). Now  the IAP assigns IPs to the clients.

Hi, unfortunately the terminal doesnt accept the above command for checking the forwording mode. I get an error in command with "wlan".

Hi,

I completely misunderstood this as the controller based deployment, now realised that you are using IAP not the controller based APs :)

please ignore that command it is not applicable for the IAP.

please verify the uplink, it was showing as the access link, please ensure the following things are in place,

1. what is the VLAN mapped to the SSID ?

2. try to change the IAP uplink as the trunk as shown bellow.

select "More-->Wired"

Select "Default_Wired_Port_Profile ( Profile which is mapped to the 0/0) and select Edit :

Apply the required changes ,

Please feel free for any further help on this.

version 5.0.3.0-1.1.0
virtual-controller-country DE
virtual-controller-key cff5adbf014426cfb9547bc010dfaad80ea4ee1ce5595390f1
name Instant-C9:B1:B7
terminal-access


rf-band all

allow-new-aps
allowed-ap d8:c7:cd:de:gt:y6
allowed-ap d8:c7cd:de:gt:y6
allowed-ap d8:c7:cd:de:gt:y6
allowed-ap d8:c7:cd:de:gt:y6
allowed-ap d8:c7:cd:de:gt:y6


mgmt-user admin e459252c207483972e0aa9b077beb5decc6bc17a857df186

wlan ssid-profile wlan1
index 0
type employee
essid wlan1
wpa-passphrase b34cd25c5af6d9e461fce99f25671394b117494b299f1b5f
opmode wpa2-psk-aes
vlan guest
rf-band all
captive-portal disable

wlan ssid-profile wlan2
index 1
type employee
essid wlan2
wpa-passphrase 270b4a7bdeac1347efa7a5f9a0292ca41ec431be0b87c469
opmode wpa2-psk-aes
rf-band all
captive-portal disable

enet-vlan guest



wlan access-rule wlan1
index 0
rule any any match any any any permit

wlan access-rule wlan2
index 1
rule any any match any any any permit

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"

[edit] saw too late you did a whole lot of other things, do you still have this issue?