Wireless Access

Reply
Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Disable peer blocking on 205H

I just started using my Aruba 205H AP and P2P gaming seems not to work anymore as well as wireless printing. I've checked all settings on the 205 and can't find any settings that enable/disable peer-peer communication. Does the 205H by default block P2P apps/communication? If so, how do I disable it?

Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: Disable peer blocking on 205H

On the SSID, make sure broadcast filtering is off.  Try that.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Re: Disable peer blocking on 205H


cjoseph wrote:

On the SSID, make sure broadcast filtering is off.  Try that.


Thank you. I changed it from ARP to Disabled, but still no success.

Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: Disable peer blocking on 205H

Do you have firewall policies assigned to users?  Please disable that.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Re: Disable peer blocking on 205H


cjoseph wrote:

Do you have firewall policies assigned to users?  Please disable that.


No. I haven't created any firewall rules nor did they previously exist.

Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: Disable peer blocking on 205H

Are the devices on the same subnet?  Can they ping each other?  publish your SSID configuration, because I am just guessing based on what you tell me.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Re: Disable peer blocking on 205H


cjoseph wrote:

Are the devices on the same subnet?  Can they ping each other?  publish your SSID configuration, because I am just guessing based on what you tell me.


Sorry, I forgot to mention that no I cannot ping other clients on the same subnet. The clients are not firewalled. Here are some dumps that I think may help:

 

*********************************************************************************************************
 1/12/2016 6:57:33 AM    Target: 00:0b:86:f5:ef:d6    Command: show datapath bridge 
*********************************************************************************************************
Datapath Bridge Devices
-----------------------------
Flags: F - source-filter, T - trusted, Q - tagged, I - IP
       S - split-tunnel, B - bridge, M - mesh, P - PPPoE
       C - content-filter, O - corp-access, h - to HAP, f - to FAP
       h - dhcp-redirect b - blocked by STP

Dev  Name                      VLANs  PVID  ACLs         FramesRx  FramesTx  Flags
---  ------------------------  -----  ----  -----------  --------  --------  --------
4    eth1                      1      3333  132/0     0        0         0  FB
5    eth2                      1      3333  132/0     0        0         0  FB
6    eth3                      1      3333  132/0     0        0         0  FB
7    bond0                     4095   1       0/0   106     1586      2176  FTQB
13   br0                       0      1     105/0     0     2567         0  IB
17   aruba000                  1      1     134/0     0     3269      4316  B
18   aruba100                  1      1     134/0     0      800      1712  B

Datapath Bridge Table Entries
-----------------------------
Flags: P - Permanent, D - Deny, R - Route, M - Mobile, X - Xsec, A - Auth
AP Flags: X - Awaiting 1X reply, B - Block all non-1X traffic, F - Force bridge role

      MAC          VLAN  Assigned VLAN  Destination  Flags  AP Flags  Bridge Role ACL
-----------------  ----  -------------  -----------  -----  --------  ---------------
00:0B:86:F5:EF:D6  3333  3333           local        P                              0
00:0B:86:F5:EF:D6  1     1              local        P                              0
C8:E0:EB:17:CB:2F  1     1              dev17                                       0
C8:F6:50:07:B6:F0  1     1              dev17                                       0
6C:70:9F:51:52:F8  1     1              dev17                                       0
40:E2:30:C0:20:87  1     1              dev18                                       0
D8:EB:97:B3:CA:EE  1     1              dev7                                        0

*********************************************************************************************************
 1/12/2016 6:56:42 AM    Target: 00:0b:86:f5:ef:d6    Command: show l3-mobility datapath 
*********************************************************************************************************

L3 Mobility Datapath Home Table
-------------------------------
Client Index  Client MAC  Home Vlan  Destinaton Device Index
------------  ----------  ---------  -----------------------
L3 Mobility Datapath Foreign Table
----------------------------------
Client Index  Client MAC  Home Vlan  VAP Vlan  Destinaton Device Index  HAP IP  Virtual Controller IP  Packets Forwarded
------------  ----------  ---------  --------  -----------------------  ------  ---------------------  -----------------
L3 Mobility Datapath Tunnel Table
---------------------------------
Tunnel Device  Remote Protocol  Dest IP  Clients  Idle Time  Rx Packets  Tx Packets  Rx Mcasts  Tx Mcasts  ARP Proxy Pkts  Tx Jumbo  MTU  Rx HB  Tx HB  MTU Reqs  MTU Resps  HB Mismatch  IP Mismatch  Type  Vlan Translations
-------------  ---------------  -------  -------  ---------  ----------  ----------  ---------  ---------  --------------  --------  ---  -----  -----  --------  ---------  -----------  -----------  ----  -----------------

*********************************************************************************************************
 1/12/2016 6:54:05 AM    Target: 00:0b:86:f5:ef:d6    Command: show ap bss-table 
*********************************************************************************************************

Aruba AP BSS Table
------------------
bss                ess               port  ip             phy    type  ch/EIRP/max-EIRP  cur-cl  ap name            in-t(s)  tot-t
---                ---               ----  --             ---    ----  ----------------  ------  -------            -------  -----
40:e3:d6:00:00:30  ThinkForYourself  ?/?   192.168.0.112  a-VHT  ap    132E/21/21        3       00:0b:86:f5:ef:d6  0        1h:10m:4s
40:e3:d6:00:00:20  ThinkForYourself  ?/?   192.168.0.112  g      ap    1/22/22           1       00:0b:86:f5:ef:d6  0        1h:10m:4s

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:2
Num Associations:4

*********************************************************************************************************
 1/12/2016 6:53:18 AM    Target: 00:0b:86:f5:ef:d6    Command: show access-rule-all 
*********************************************************************************************************

Access Rule Name :default_wired_port_profile
In Use           :Yes
Access Rules
------------
Dest IP  Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        IPv4/6    match       any                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable
Access Rule Name :wired-instant
In Use           :Yes
Access Rules
------------
Dest IP   Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------   ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
masterip  0.0.0.0    IPv4/6    match       http                                    permit                                                                        
masterip  0.0.0.0    IPv4/6    match       6:4343:4343                             permit                                                                        
any       any        IPv4/6    match       dhcp                                    permit                                                                        
any       any        IPv4/6    match       dns                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable
Access Rule Name :ThinkForYourself
In Use           :Yes
Access Rules
------------
Dest IP  Dest Mask  Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  --------  ----------  -------------------------  -----------  ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        IPv4/6    match       any                                     permit                                                                        
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
DPI error page URL: 
Bandwidth Limit   :downstream disable upstream disable
Guru Elite
Posts: 21,493
Registered: ‎03-29-2007

Re: Disable peer blocking on 205H

It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Re: Disable peer blocking on 205H


cjoseph wrote:

It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....


I agree. With my previous AP (Cisco 3700) AP there were no issues. The issue only happens with the 205. When I get the time I will attach the AP to a hub an run Wireshark to follow the packets.

Occasional Contributor II
Posts: 11
Registered: ‎06-25-2014

Re: Disable peer blocking on 205H


cjoseph wrote:

It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....



cjoseph wrote:

It is curious that you cannot ping those devices when on the same VLAN.  Something is happening, here....


My sincere apologies. I made 2 mistakes in my last test:

 

1. I had configured the wireless printer for another SSID (old Cisco access point) in order to print and neglected to configure it back for the Broadcast filtering test.

 

2. I pinged a client that had dropped off the network but was still in the association table.

 

I had just realzed the first mistake today so I ran both tests again it its working. Many thanks to you!!!!!!!

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: