Wireless Access

Reply
Occasional Contributor II

Aruba IAP : Users are unable to ping the gateway

Hi Guy's

 

I have an Aruba IAP 225, DHCP server is configured for certain VLAN in the IAP itself, An open SSID is created and associated with that VLAN.

 

Users are getting IP address when they connect to the SSID but they are not even able to ping the gateway, but we could easily ping the gateway from IAP itself.

 

Then, From IAP i could also ping internet using only IP-addresses but ping is dropped when we use hostname.

 

We can see that, DNS resolution is failing and we are using global DNS 8.8.8.8 as DNS

 

Any idea what could be the problem, Any help is much appreciated.

 

Re: Aruba IAP : Users are unable to ping the gateway

What are your role acls? do you allow icmp and dns in your role?


#AirheadsMobile
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Frequent Contributor I

Re: Aruba IAP : Users are unable to ping the gateway

When you say "certain VLAN", do you mean the VLAN is inside the IAP or exist in the network/wired side?

If the later, check your routing config.

 

For IAP can't access hostname, check your ISP dns server, in some cases, ISP won't allow DNS using other servers (especially in indonesia)

 

-Yopianus Linga-

Occasional Contributor II

Re: Aruba IAP : Users are unable to ping the gateway

Hi Guy's, Thanks for your time.

 

@pmonrado, The role is authenticated and yes both ICMP and DNS are allowed.

 

@Yopianus Linga, The VLAN is present in wired side and on IAP we have configured DHCP scope for that particular VLAN

 

The problem is that, Once users are connected to SSID they are not even able to ping the gateway of that VLAN, But the same is possible from IAP.

 

Re: Aruba IAP : Users are unable to ping the gateway

Hey, might be worth letting us know a little about how the IAP is connected? Is the IAP on a trunk port, what is the native VLAN and what is the VLAN for the client in question? Where is the default gateway for the client located, is this on the core switch or a firewall? Do you have any restrictions  or ACL's on the default gateway which deny ICMP from certain VLAN's or subnets? Do the clients have an ARP entry for the default gateway?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Aruba IAP : Users are unable to ping the gateway

Hi Zalion0,

 

i.  No, IAP is connected to access port that has VLAN '372' tagged into it

 

ii. Native VLAN is VLAN-1, and the VLAN in question is VLAN-372

 

iii.  Clients (VLAN) gateway is on core-switch and no traffic is being restricted. Network has full access to internet and other resources

iv. Do the clients have an ARP entry for the default gateway?

     I didnt get this.

Re: Aruba IAP : Users are unable to ping the gateway

Is using an Access Port as opposed to a Trunk port by design?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Aruba IAP : Users are unable to ping the gateway

Having a similar issue. Deployed 10 IAP225s using one as a virtual controller. Users connect and browse fine until they roam to another wap. The issue exists on an open ssid as well as a password protected ssid. They join the other wap strongly, but can not at that point ping gateway. APs are all on trunks with the proper vlan tagged. Clients just seem to prefer the first WAP they connect to. I checked in the switch (juniper ex) to see if it was blocking mac moves, but the switch is allowing and logging mac moves to other interfaces. Really scratching my head here. Going to try deleting and readding ssids tonight.

Have started a tac case but so far everything seems well as far as signal and connection.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: