Wireless Access

Has there been any routing changes? Can you confirm the firewall has a correct route back to the guest subnet?

see next post

Hi,

No routing change.  Guest is L-2 user-> AP -> controller -> FW, and FW is the gateway.  FW access tracker shows correct guest user IP, and guest traffic is passing. 

Thanks for looking.

Type "show datapath session table <ip address of guest>" to see what traffic is being sent back and forth.

Sounds odd, I assume your User Roles are as per they were before and working? If you run a packet capture on the client do you see the internet traffic returning at all?

does this look like it working? 

(WC01) #show datapath session table 10.18.1.149


Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal
       r - Route Nexthop
       A - Application Firewall Inspect
       B - Permanent, O - Openflow

Source IP       Destination IP  Prot SPort DPort  Cntr    Prio ToS Age Destination TAge Packets    Bytes      Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------  --------- ---------------
209.85.164.233  10.18.1.149     6    443   46646  1/2     0    24  13  tunnel 598  155  2          2852
54.246.89.117   10.18.1.149     6    443   38610  1/2     0    24  6   tunnel 598  1d4  4          5704
10.18.1.149     74.125.192.188  6    39989 443    1/2     0    24  4   tunnel 598  189  0          0          TC
209.85.164.233  10.18.1.149     6    443   46583  1/2     0    24  37  tunnel 598  2d3  2          2852
10.18.1.149     54.246.89.117   6    38610 443    1/2     0    24  28  tunnel 598  1d4  0          0          TC


192.12.31.97    10.18.1.149     6    5223  46854  1/2     0    24  33  tunnel 598  22b  0          0
74.125.192.188  10.18.1.149     6    443   39989  1/2     0    24  4   tunnel 598  189  0          0
10.18.1.149     64.233.186.188  6    39475 443    1/2     0    24  28  tunnel 598  1005 0          0          TC
209.85.164.233  10.18.1.149     6    443   46649  1/2     0    24  7   tunnel 598  10d  0          0
209.85.164.233  10.18.1.149     6    443   46591  1/2     0    24  31  tunnel 598  28c  0          0


64.233.186.188  10.18.1.149     6    443   39475  1/2     0    24  28  tunnel 598  1005 0          0
209.85.164.233  10.18.1.149     6    443   46580  1/2     0    24  51  tunnel 598  3da  1          1426
10.18.1.149     209.85.164.233  6    46583 443    1/2     0    24  41  tunnel 598  2d3  0          0          TC
10.18.1.149     209.85.164.233  6    46591 443    1/2     0    24  32  tunnel 598  28c  0          0          TC
10.18.1.149     209.85.164.233  6    46580 443    1/2     0    24  51  tunnel 598  3da  0          0          TC


10.18.1.149     192.12.31.97    6    46854 5223   1/2     0    24  34  tunnel 598  22b  0          0          TC
10.18.1.149     209.85.164.233  6    46649 443    1/2     0    24  8   tunnel 598  10d  0          0          TC
10.18.1.149     209.85.164.233  6    46646 443    1/2     0    24  17  tunnel 598  155  0          0          TC

(WC01) 

I think you need to do more troubleshooting.  There is nothing that I can see from this client's traffic.  What is the default gateway for this client?

Gateway is 10.18.0.1.

and what is that device?