Wireless Access

Hi, Friends,

 

I have configured RAP with "Main-SSID" and "Backup-SSID".  Main-SSID is configured as Forward Mode = Tunnel,  Remote AP Operation = Standard.

While Backup-SSID is configured as Forward Mode = Bridge,  Remote AP Operation = Backup

 

Now RAP has successfully connected with controller and start broadcasting Main-SSID. Its working fine. When i disconnect the controller from the network, the Main-SSID is no longer available and start broadcasting Backup-SSID. Clients are also connecting successfully to Backup-SSID. BUT they can not browser internet. They can ping google.com but they cannot access it via web browser.
 

Same DNS server has been configured in both cases.

 

Please advice

Hi

How r'u?

 

Which user role/access roles the users getting in the Bridge SSID?

please screenshot | or print output logs.

 

rgrds.

 

Me

Hi Kdisc

I am good. How are you dear?

 

Which user role/access roles the users getting in the Bridge SSID?

How can i get this log. i mean when i disconnect the controller from the network it doesn't show any user. Please advice

What is the purpose of the 2 SSIDs, is it to have redundancy in case the controller goes offline?

 

Is there security on your SSIDs? Backup operation only supports Open/PSK
Have you tried Always instead of Backup? for Remote-AP Operation

 

User is able to ping google by typing www.google.ca? or by IP Address?

What happens if you put the IP address in the browser? Can they get to it?

Where do the DNS Servers come from? Are they public ones like Google or OpenDNS?

Change the VAP vlan to 1 to make sure the user gets an ip address from the same subnet as the AP (hopefully there is DHCP on that subnet).  I am not sure if you wanted the user to get an ip address from the AP or not...  If you do, the VAP vlan from the backup must match the DHCP VLAN in the AP system profile of the AP.  Also the user role must be something that source-nats the traffic out of the AP, not just authenticated.

 

U can see in the VAP settings.

example of screen shots of clients that connected to RAP -bridge mode-

u may notice - the user role...

 

 

Tell me what do u see there :]

 

Issue is he completely disconnects the controller and the Backup-SSID kicks after  about 30 sec or so.

 

He cannot check anythign on the controller...

Issue is he completely disconnects the controller and the Backup-SSID kicks after about 30 sec or so.

He cannot check anythign on the controller...

Exactly... 100% correct

Hello

On the Backup SSID doesnt look its the problem but as you said"i got the same DNS for both"

You could be pinging DNS cause its on the cache.... but remenber that on the remote site you have to put a DNS server they can reach in excample a local DNS server on the remote site and if you don thave it then you will have to put an public DNS server...

 

The other thing you need to check as it already said, its the role you are assigning to those users on that backup SSID... you wont be able to see it ofcourse on the table because you are disconected from the controller... but look whats the initial role you giving them on that AAA profile.

Where do you check this?

Well go to configuration and then go to AAA profile tab, then after it look for the AAA profile of the Backup ssid... and then there you look whats the initial role

After that

Go to access control and look for the name of that role you saw on the initial role, and look what permissions you got for it on the ACL which you will find inside it.

 

Are you using WPA2 PSK on the backup SSID?

 

Cheers

Carlos

Backup SSID is open and no PSK is configured on that...

 

Initial role is defined "Authenticated" for testing purposes and Policies defined in authenticated role is "allow all".