10-01-2013 07:05 AM
It seems that users locally on a controller cannot ping each other or connect to each other. I cannot ping the user from the controller and users cannot ping the VRRP address. However, from outside the office I can ping the users. Users are not blocked from outside connections ( Internet surfing is fine and outlook is fine) . And they can print with no issues. I noticed that the ARP table looks a little different on this controller. Users IP address is 10.1.1.200 but the Mac address for it is the controller Mac and not their device.
all other controllers in the company (over 150) are good. ARP table on these controllers match the user IP to the Mac of the laptop.
anyone seen this issue?
10-01-2013 07:17 AM - edited 10-01-2013 07:19 AM
Have you checked the role/policy that they user gets? Are they allowed to ping/connect to the addresses/clients?
Do you have any ACL on the uplink ports?
Is the VRRP address on the same subnet as the users?
Do you have intervlan routing turned on?
Are you using NAT for the clients?
10-01-2013 07:21 AM
role for the user is a trusted role as they are the Corp user and authenticated.
they are allowed to ping. all controllers have the same config and acl settings.
no ACL on the port, we have an ACL on the Guest direct internet port.
VRRP is the same as the user VLAN
in the ARP table users mac address is the controller and not the user device.
i will have to look at inervlan routing.
10-01-2013 07:58 AM - edited 10-01-2013 08:08 AM
Intervlan routing will not be your issue if your clients are on the same vlan. The ARP table not showing up correctly is the biggest issue at this point. If the switch doens't know the correct mac address of your clients then it won't forward traffic from client to client.
I'd open a ticket at this point. When you get a solution please post it here.
I did run in to an issues with the mac address table a while back but I can't remember if it was the same or what we did to fix it. Sorry.
What version of code are you on?
I don't think this is the issue since it would be happening everywhere but you can turn off intra client traffic under the SSID. Look for "Deny inter user traffic"
10-14-2013 11:47 AM
After troubleshooting I turned off one on the controllers to see if it would help.
well it did. Pinging worked and intervlan communication came up.
I changed the IP address on the downed controller and when it came up communication was fine.
seemed it was an IP error on the controller?
Not sure but now it works.