Wireless Access

Reply
Contributor II
Posts: 71
Registered: ‎06-03-2014

AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

I have about 4 AP-105 to be deployed in my network. The clients receive IPs from a DHCP server service running on the PFsense firewall. This DHCP assigns to the clients the gateway IP of the CARP/virtual interface for the master and backup firewall. Unfortunately the clients  are having problems with the CARP. They cannot reach the CARP, no pings go through and the CARP interface IP cannot even be found in the ARP table of the clients.

 

Does anyone have an idea or a solution?

 

Thanks inadvance

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi Friend,

 

Let me understand your network,

 

1. What is the forwarding mode of the SSID ( VAP) where clients connected ?

 

2. Is the the controller ( LMS) able to ping the Gateway ( Client GW) ?

 

3. Is there any NATing enabled on the Client VLAN ?

 

Please clarify these points, 

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi,

 

Thanks very much for the quick response:

 

1. The VAP forwarding mode is in Access Mode

2. Yes it is able to ping the virtual gateway.

3. There is no NATing enabled on the client VLAN.

 

 

thanks

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi,

 

VAP Forwarding mode can not be Access mode, it can be either, Tunnel mode, Bridge Mode or Decrypt tunnel mode.

 

It is very important to know the forwarding mode and the VLAN to fix this issue,

 

to check the forwarding mode and VLAN use the following command,

 

VAP.JPG

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi,

 

Thanks for your reply, this is an IAP-105 with a Virtual controller IP.  Find attached file.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi Friend,

 

Here we don't need to know the uplink status and the IP address of the AP because AP do not have any issue, Clients are having issue hence we should know the forwarding mode of the VAP and the VLAN mapped to the VAP.

 

Please follow the above command and try to know the forwarding mode and the client VLAN.

 

without the above information we can not fix the issue.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

how are you instant APs connected to the network? on a trunk port, can they reach all VLANs they need to reach? how are your clients assigned to a network / VLAN? please share you config.

 

PS: dhanraj_puduch… this isn't a controller based setup, so you can't check the VAPs.

Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi, unfortunately the terminal doesnt accept the above command for checking the forwording mode. I get an error in command with "wlan".

 

 

Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi,

 

I have just 1 VLAN (management vlan 1) and all ports are allowed. The ports are trunk ports and have access to the vlan. The clients were first being assigned IPs from the DHCP Server (PFSENSE). Now  the IAP assigns IPs to the clients.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: AP 105 problems with PFSENSE CARP (Virtual) Gateway IP

Hi,

 

I completely misunderstood this as the controller based deployment, now realised that you are using IAP not the controller based APs :)

 

please ignore that command it is not applicable for the IAP.

 

please verify the uplink, it was showing as the access link, please ensure the following things are in place,

 

1. what is the VLAN mapped to the SSID ?

 

2. try to change the IAP uplink as the trunk as shown bellow.

 

select "More-->Wired"

IAP uplink1.JPG

 

Select "Default_Wired_Port_Profile ( Profile which is mapped to the 0/0) and select Edit :

 

IAP uplink.JPG

Apply the required changes ,

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: