Wireless Access

Goal is to have access to a locally statically assigned IP address on my 3rd party firewall's management interface that is connected to ENET1 on my IAP from my wireless clients.

My working set up on the IAP is...

- Port 0 is my uplink to my ISP modem (Trunked port).

- Port 1 is my Access port for plugging in a wired device, ie a laptop.

- I also have two SSID's that broadcast.

- All of this works, the IAP hands out IP addresses via DHCP correctly, I can access the internet from both wired and wireless, etc.

What I can't get to work...

- ENET 0 is my uplink to my ISP modem (Trunked port)

- My wireless connectivity still works.

- ENET 1 (Access port) is connected to the management interface of my firewall.

I have to manually configure this IP address locally on the firewall.  

So my assumptions are that by default, 172.31.98.0/23, is managed by the IAP.

I created a smaller DHCP scope on the IAP to be 172.31.98.0/26 under DHCP Servers (I only configured the top part - not Distributed, Centralized, Local Scopes because when I manually set the VLAN ID, everything gets disconnected so I am assuming the IAP is just managing this automatically)

Then statically assigned my firewall's management interface to 172.31.98.254, assuming that this range is still 'in scope' for the IAP.

I see the IP and MAC address of my firewall's management interface in the wired section of Wired Users of the IAP.

I can't ping nor access my firewall's management interface.

How can I have both the IAP hand out addresses via DHCP to my wireless clients, and then allow internet and wireless client access to a statically assigned address of my firewall using ENET 1?

Thanks in advance.

Hi!

Do you use the default virtually assigned subnet for your wireless clients? And in the working setup, do you also there use the same subnet from the virtually assigned network? In that setup, you should be able to ping across the wired station and the wireless station. Correct?

The "virtually assigned" in instant is a magic VLAN numer, I think it´s 3333 or something like that that is source-NAT:ed when going out of the IAP. I´d say if you want access accross wired and wireless on that subnet you need to keep them on the same VLAN with the same subnet mask so communication is possible on L2. Try putting your firewalls interface in DHCP client and see if it works then.

Cheers,

Thanks Christopher.

I do use the default virtually assigned subnet for my wireless clients, and this is the same for the working set up.  

I can ping across wireless to wired and vice versa when I plug a laptop into ENET1.  

I can't ping when I plug in my firewall's management interface with a locally statically assigned IP of 172.31.98.254.

I am unable to configure the management port of the firewall for DHCP.

Thx

Hi!

Make sure you have ping enabled on the interface of the firewall and that you use the same netmask as the virtually assigned subnet. Also make sure that the firewall correctly places a locally connected route to the subnet going out to the management interface.

You might also want to check the roles that you assign so that they allow the traffic you´re trying to do.

Cheers,

Thanks again.

I upgraded the firewall 3 revisions and was able to enable DHCP on the management port.

Also, I found a restriction that I set on the IAP in general for the management, to block all inbound traffic.  So if I wasn't able to get DHCP working for the management interface, I would have continued down that path.

Thanks for your help.