Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller can't reach internet

This thread has been viewed 4 times

  • 1.  Controller can't reach internet

    Posted Aug 25, 2017 10:38 AM
      |   view attached

    i've created 3 vlans on the controller , vlan 15 which is the controller switch ip "APs will use this ip for conversion process" also i've created another 2 vlans , vlans 5 and 10 , these 2 vlas will carry the traffic of 2 ssid , they are trunked to a switch , and the switch uplink the traffic of these 2 vlans to 2 separate intefaces of a fortigate firewall , these 2 interfaces of the firewall acts as a dhcp server for clients . the issue here is the controller can reach the internet from only one vlan interface at a time , the vlan inteface which has a default gateway with the least cost "the gateway here is the lan interface of the fortigate firewall " . i tried to make on the controller one vlan with static ip and other vlan takes ip dynamically from the firewall , but also faced the same problem . could you please tell me how to make the controller reach the internet form vlans so the clients on both SSID can reach the internet ?



  • 2.  RE: Controller can't reach internet

    EMPLOYEE
    Posted Aug 25, 2017 10:45 AM

    Logical Diagram, please.

     

    You should not have two default gateways.  You should have a single default gateway to the firewall (if the firewall leads to the internet).  You should then have static routes to any other subnet that you need to reach that is not directly connected to the controller.

     



  • 3.  RE: Controller can't reach internet

    Posted Aug 25, 2017 11:22 AM
      |   view attached

    i tried to have only one default gw but only the vlan in the same subnet of this gateway can reach the internet .

    find the logical diagram . the controller is connected to the first switch andd trunk in vlan 5 and 10 , access in vlan 15



  • 4.  RE: Controller can't reach internet

    EMPLOYEE
    Posted Aug 25, 2017 11:28 AM

    The controller can only reach the internet from the fortigate firewall.  Ok.

     

    Are you trying to simply add the 4g router to a working setup?  I cannot determine if this is working and you are trying to add the 4g router or that nothing is working....



  • 5.  RE: Controller can't reach internet

    Posted Aug 25, 2017 11:30 AM

    this router works with the other router in a singe wan load-balance interface . this setup was working well while operating the access points without the controller  , 



  • 6.  RE: Controller can't reach internet

    EMPLOYEE
    Posted Aug 25, 2017 11:34 AM

    If the fortigate was the default gateway for the previous setup, you should continue using that as the default gateway.  There should not be a separate VLAN for access points....  That could be what is complicating things.  You should have the access points in the same VLAN as the controller management ip address.  Even if your access points point to a different ip address on the controller, they still need to be able to reach the controller's management ip address, so it is a waste of a VLAN to create a VLAN for APs.



  • 7.  RE: Controller can't reach internet

    Posted Aug 25, 2017 11:37 AM

    the controller's switch ip is in vlan 15 , APs IPs are in vlan 15 . 

    we have 2 networks one for guset "vlan 10 " and one for management "vlan 5" , 



  • 8.  RE: Controller can't reach internet

    EMPLOYEE
    Posted Aug 25, 2017 01:38 PM

    What is management VLAN5 for?  Put the APS and the controller into VLAN5 and make the controller DG the ip address of the firewall on VLAN5.