Wireless Access

Reply
Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Connectivity between wired and wireless clients

We recently bought the Aruba IAP 175.

There are some clients outside (in a guardshack) that need access to our network.

Right now the people on the guardshack are on VLAN 60.

The AP is on VLAN 21.

We set it so when the client connects they get on VLAN 21.

 

If two wireless clients are connected they can ping each other.

If there is one wireless client and one client connected to the core (on VLAN 21) they cannot ping each other.

It seems that traffic is getting to the AP but the ap gets lost as to where it needs to be routed.

The wireless client cannot access the AP web interface (or ping the AP).

The client wired into the core (on VLAN 21) can ping and access the AP and the web interface.

 

When I do a ping it shows Destination Host Unreachable.

 

Any ideas?

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Connectivity between wired and wireless clients

 

Do you have any ACLs tied to the user role or port ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Re: Connectivity between wired and wireless clients

We do have ACLs set up.

However right now I have the AP set up to a port in the core and the wired client in the port next to it which are both on the same VLAN (21).

 

ACLs should not effect that because no traffic is being passed anywhere except between the client and the AP.

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Connectivity between wired and wireless clients

 

Is the issue of the wireless user reaching the wired user ?Instant_2013-11-05_11-12-02.png

 

How do you have your ssid network setup Virtual assigned or network assigned ?

 

Instant_2013-11-05_11-14-45.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Re: Connectivity between wired and wireless clients

Yes that is our issue. The wireless client cannot reach the wired user and vice versa.

 

It is network assigned.

 


*********************************************************************************************************
 11/5/2013 10:56:50 AM    Target: d8:c7:c8:c8:47:ac    Command: show datapath user
*********************************************************************************************************
Datapath User Table Entries
---------------------------
Flags: P - Permanent, W - WEP, T- TKIP, A - AESCCM
       R - ProxyARP to User, N - VPN, L - local, I - Intercept
FM(Forward Mode): S - Split, B - Bridge, N - N/A

       IP              MAC           ACLs    Contract   Location  Age    Sessions   Flags     Vlan  FM
---------------  -----------------  -------  ---------  --------  -----  ---------  -----     ----  --
10.20.1.8        D8:C7:C8:C8:47:AC   105/0      0/0     0         0        0/65535  P           1   N
172.31.98.1      D8:C7:C8:C8:47:AC   105/0      0/0     0         413      0/65535  P        3333   B
0.0.0.0          D8:C7:C8:C8:47:AC   105/0      0/0     0         0        0/65535  P           1   N

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Connectivity between wired and wireless clients

[ Edited ]

If you have it configure as network assigned you should then be able to use that same VLAN on your uplink and connect a wired client on the wireless VLAN and see if you can reach a device on the wired VLAN to eliminate the IAP from the equation 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Re: Connectivity between wired and wireless clients

I was able to connect to users to the vlan and they were able to successfully ping each other.

So it looks like something is misconfigured on the IAP...

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Connectivity between wired and wireless clients

 

 

You should define an ACL that allows those two segments to communicate on your user-role or in the port profile

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Re: Connectivity between wired and wireless clients

I set up an ACL in the wired port profile for my new network.

I used the command show access-rule-all and here is my result:

Access Rule Name :GuardShack
In Use           :Yes
Access Rules
------------
Dest IP  Dest Mask  Dest Match  Protocol (id:sport:eport)  Action  Log  TOS  802.1P  Blacklist  Mirror  DisScan  ClassifyMedia
-------  ---------  ----------  -------------------------  ------  ---  ---  ------  ---------  ------  -------  -------------
any      any        match       any                        permit                                                
Vlan Id           :0
ACL Captive Portal:disable
CALEA             :disable

 

The VLAN ID didn't change to 21 when I typed it in using show access-rule-all but it shows up when I use the web interface.

 

The wireless client can connect to the AP but cannot ping it.

Both the wired client and wireless cannot talk with each other.

Occasional Contributor I
Posts: 7
Registered: ‎11-05-2013

Re: Connectivity between wired and wireless clients

I used the show ip route command and got this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.31.98.0     0.0.0.0         255.255.254.0   U         0 0          0 br0
10.20.0.0       0.0.0.0         255.255.0.0     U         0 0          0 br0
0.0.0.0         10.20.1.1       0.0.0.0         UG        0 0          0 br0

 

I never entered that first line.

I think that my routes are wrong but I can't find out where to change them from the CLI or the web interface nor can I find the documentation for it.

 

Also, the AP cannot ping the wireless client even though it's in the association table.

Search Airheads
Showing results for 
Search instead for 
Did you mean: