Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Disable peer blocking on 205H

This thread has been viewed 3 times

  • 1.  Disable peer blocking on 205H

    Posted Jan 11, 2016 01:19 PM

    I just started using my Aruba 205H AP and P2P gaming seems not to work anymore as well as wireless printing. I've checked all settings on the 205 and can't find any settings that enable/disable peer-peer communication. Does the 205H by default block P2P apps/communication? If so, how do I disable it?


    #AP205


  • 2.  RE: Disable peer blocking on 205H

    EMPLOYEE
    Posted Jan 11, 2016 01:31 PM

    On the SSID, make sure broadcast filtering is off.  Try that.



  • 3.  RE: Disable peer blocking on 205H

    Posted Jan 11, 2016 09:50 PM
    @cjoseph wrote:

    On the SSID, make sure broadcast filtering is off.  Try that.

    Thank you. I changed it from ARP to Disabled, but still no success.



  • 4.  RE: Disable peer blocking on 205H

    EMPLOYEE
    Posted Jan 11, 2016 11:35 PM

    Do you have firewall policies assigned to users?  Please disable that.



  • 5.  RE: Disable peer blocking on 205H

    Posted Jan 11, 2016 11:46 PM
    @cjoseph wrote:

    Do you have firewall policies assigned to users?  Please disable that.

    No. I haven't created any firewall rules nor did they previously exist.



  • 6.  RE: Disable peer blocking on 205H

    EMPLOYEE
    Posted Jan 11, 2016 11:49 PM

    Are the devices on the same subnet?  Can they ping each other?  publish your SSID configuration, because I am just guessing based on what you tell me.



  • 7.  RE: Disable peer blocking on 205H

    Posted Jan 12, 2016 10:02 AM
    @cjoseph wrote:

    Are the devices on the same subnet?  Can they ping each other?  publish your SSID configuration, because I am just guessing based on what you tell me.

    Sorry, I forgot to mention that no I cannot ping other clients on the same subnet. The clients are not firewalled. Here are some dumps that I think may help:

     

    *********************************************************************************************************
 1/12/2016 6:57:33 AM    Target: 00:0b:86:f5:ef:d6    Command: show datapath bridge 
*********************************************************************************************************
Datapath Bridge Devices
-----------------------------
Flags: F - source-filter, T - trusted, Q - tagged, I - IP
       S - split-tunnel, B - bridge, M - mesh, P - PPPoE
       C - content-filter, O - corp-access, h - to HAP, f - to FAP
       h - dhcp-redirect b - blocked by STP

Dev  Name                      VLANs  PVID  ACLs         FramesRx  FramesTx  Flags
---  ------------------------  -----  ----  -----------  --------  --------  --------
4    eth1                      1      3333  132/0     0        0         0  FB
5    eth2                      1      3333  132/0     0        0         0  FB
6    eth3                      1      3333  132/0     0        0         0  FB
7    bond0                     4095   1       0/0   106     1586      2176  FTQB
13   br0                       0      1     105/0     0     2567         0  IB
17   aruba000                  1      1     134/0     0     3269      4316  B
18   aruba100                  1      1     134/0     0      800      1712  B

Datapath Bridge Table Entries
-----------------------------
Flags: P - Permanent, D - Deny, R - Route, M - Mobile, X - Xsec, A - Auth
AP Flags: X - Awaiting 1X reply, B - Block all non-1X traffic, F - Force bridge role

      MAC          VLAN  Assigned VLAN  Destination  Flags  AP Flags  Bridge Role ACL
-----------------  ----  -------------  -----------  -----  --------  ---------------
00:0B:86:F5:EF:D6  3333  3333           local        P                              0
00:0B:86:F5:EF:D6  1     1              local        P                              0
C8:E0:EB:17:CB:2F  1     1              dev17                                       0
C8:F6:50:07:B6:F0  1     1              dev17                                       0
6C:70:9F:51:52:F8  1     1              dev17                                       0
40:E2:30:C0:20:87  1     1              dev18                                       0
D8:EB:97:B3:CA:EE  1     1              dev7                                        0

*********************************************************************************************************
 1/12/2016 6:56:42 AM    Target: 00:0b:86:f5:ef:d6    Command: show l3-mobility datapath 
*********************************************************************************************************

L3 Mobility Datapath Home Table
-------------------------------
Client Index  Client MAC  Home Vlan  Destinaton Device Index
------------  ----------  ---------  -----------------------
L3 Mobility Datapath Foreign Table
----------------------------------
Client Index  Client MAC  Home Vlan  VAP Vlan  Destinaton Device Index  HAP IP  Virtual Controller IP  Packets Forwarded
------------  ----------  ---------  --------  -----------------------  ------  ---------------------  -----------------
L3 Mobility Datapath Tunnel Table
---------------------------------
Tunnel Device  Remote Protocol  Dest IP  Clients  Idle Time  Rx Packets  Tx Packets  Rx Mcasts  Tx Mcasts  ARP Proxy Pkts  Tx Jumbo  MTU  Rx HB  Tx HB  MTU Reqs  MTU Resps  HB Mismatch  IP Mismatch  Type  Vlan Translations
-------------  ---------------  -------  -------  ---------  ----------  ----------  ---------  ---------  --------------  --------  ---  -----  -----  --------  ---------  -----------  -----------  ----  -----------------

*********************************************************************************************************
 1/12/2016 6:54:05 AM    Target: 00:0b:86:f5:ef:d6    Command: show ap bss-table 
*********************************************************************************************************

Aruba AP BSS Table
------------------
bss                ess               port  ip             phy    type  ch/EIRP/max-EIRP  cur-cl  ap name            in-t(s)  tot-t
---                ---               ----  --             ---    ----  ----------------  ------  -------            -------  -----
40:e3:d6:00:00:30  ThinkForYourself  ?/?   192.168.0.112  a-VHT  ap    132E/21/21        3       00:0b:86:f5:ef:d6  0        1h:10m:4s
40:e3:d6:00:00:20  ThinkForYourself  ?/?   192.168.0.112  g      ap    1/22/22           1       00:0b:86:f5:ef:d6  0        1h:10m:4s

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:2
Num Associations:4

*********************************************************************************************************
 1/12/2016 6:53:18 AM    Target: 00:0b:86:f5:ef:d6    Command: show access-rule-all 
*********************************************************************************************************

Access Rule Name :default_wired_port_profile
In Use           :Yes
Access Rules
------------
Dest IP  Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        IPv4/6    match       any                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable
Access Rule Name :wired-instant
In Use           :Yes
Access Rules
------------
Dest IP   Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------   ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
masterip  0.0.0.0    IPv4/6    match       http                                    permit                                                                        
masterip  0.0.0.0    IPv4/6    match       6:4343:4343                             permit                                                                        
any       any        IPv4/6    match       dhcp                                    permit                                                                        
any       any        IPv4/6    match       dns                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable
Access Rule Name :ThinkForYourself
In Use           :Yes
Access Rules
------------
Dest IP  Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        IPv4/6    match       any                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable


  • 8.  RE: Disable peer blocking on 205H
    Best Answer

    EMPLOYEE
    Posted Jan 12, 2016 12:53 PM

    It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....



  • 9.  RE: Disable peer blocking on 205H

    Posted Jan 12, 2016 01:11 PM
    @cjoseph wrote:

    It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....

    I agree. With my previous AP (Cisco 3700) AP there were no issues. The issue only happens with the 205. When I get the time I will attach the AP to a hub an run Wireshark to follow the packets.



  • 10.  RE: Disable peer blocking on 205H
    Best Answer

    Posted Jan 12, 2016 06:07 PM
    @cjoseph wrote:

    It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....

    @cjoseph wrote:

    It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....

    My sincere apologies. I made 2 mistakes in my last test:

     

    1. I had configured the wireless printer for another SSID (old Cisco access point) in order to print and neglected to configure it back for the Broadcast filtering test.

     

    2. I pinged a client that had dropped off the network but was still in the association table.

     

    I had just realzed the first mistake today so I ran both tests again it its working. Many thanks to you!!!!!!!