- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
08-25-2017 06:53 AM
Controllers: 7200s, AP-105, AOS 6.5
I have a remote site with two Wi-Fi networks: Employee is bridge, and guest is tunnel. All APs at site are terminated at the HQ controller. Recently switch upgrade at this site causes guest not working. Nothing change at the controller. Althought I can see guests connect, getting correct IP addresses and DNSs but when user open web browser or any apps, nothing work. I can even see the guest users on firewall logs that show traffic is passing.
Any ideas or suggestions? I cannot be at the site, and no IP personnel available at site, just typical user. Note that employee Wi-Fi is working normal.
Regards,
Boys Town
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 07:06 AM
Has there been any routing changes? Can you confirm the firewall has a correct route back to the guest subnet?
ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 07:13 AM - edited 08-25-2017 07:20 AM
see next post
Boys Town
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 07:15 AM
Hi,
No routing change. Guest is L-2 user-> AP -> controller -> FW, and FW is the gateway. FW access tracker shows correct guest user IP, and guest traffic is passing.
Thanks for looking.
Boys Town
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 07:28 AM
Type "show datapath session table <ip address of guest>" to see what traffic is being sent back and forth.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 07:33 AM
Sounds odd, I assume your User Roles are as per they were before and working? If you run a packet capture on the client do you see the internet traffic returning at all?
ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 08:08 AM
does this look like it working?
(WC01) #show datapath session table 10.18.1.149 Datapath Session Table Entries ------------------------------ Flags: F - fast age, S - src NAT, N - dest NAT D - deny, R - redirect, Y - no syn H - high prio, P - set prio, T - set ToS C - client, M - mirror, V - VOIP Q - Real-Time Quality analysis I - Deep inspect, U - Locally destined E - Media Deep Inspect, G - media signal r - Route Nexthop A - Application Firewall Inspect B - Permanent, O - Openflow Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags --------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- --------------- 209.85.164.233 10.18.1.149 6 443 46646 1/2 0 24 13 tunnel 598 155 2 2852 54.246.89.117 10.18.1.149 6 443 38610 1/2 0 24 6 tunnel 598 1d4 4 5704 10.18.1.149 74.125.192.188 6 39989 443 1/2 0 24 4 tunnel 598 189 0 0 TC 209.85.164.233 10.18.1.149 6 443 46583 1/2 0 24 37 tunnel 598 2d3 2 2852 10.18.1.149 54.246.89.117 6 38610 443 1/2 0 24 28 tunnel 598 1d4 0 0 TC 192.12.31.97 10.18.1.149 6 5223 46854 1/2 0 24 33 tunnel 598 22b 0 0 74.125.192.188 10.18.1.149 6 443 39989 1/2 0 24 4 tunnel 598 189 0 0 10.18.1.149 64.233.186.188 6 39475 443 1/2 0 24 28 tunnel 598 1005 0 0 TC 209.85.164.233 10.18.1.149 6 443 46649 1/2 0 24 7 tunnel 598 10d 0 0 209.85.164.233 10.18.1.149 6 443 46591 1/2 0 24 31 tunnel 598 28c 0 0 64.233.186.188 10.18.1.149 6 443 39475 1/2 0 24 28 tunnel 598 1005 0 0 209.85.164.233 10.18.1.149 6 443 46580 1/2 0 24 51 tunnel 598 3da 1 1426 10.18.1.149 209.85.164.233 6 46583 443 1/2 0 24 41 tunnel 598 2d3 0 0 TC 10.18.1.149 209.85.164.233 6 46591 443 1/2 0 24 32 tunnel 598 28c 0 0 TC 10.18.1.149 209.85.164.233 6 46580 443 1/2 0 24 51 tunnel 598 3da 0 0 TC 10.18.1.149 192.12.31.97 6 46854 5223 1/2 0 24 34 tunnel 598 22b 0 0 TC 10.18.1.149 209.85.164.233 6 46649 443 1/2 0 24 8 tunnel 598 10d 0 0 TC 10.18.1.149 209.85.164.233 6 46646 443 1/2 0 24 17 tunnel 598 155 0 0 TC (WC01)
Boys Town
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 08:20 AM
I think you need to do more troubleshooting. There is nothing that I can see from this client's traffic. What is the default gateway for this client?
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 10:45 AM
Gateway is 10.18.0.1.
Boys Town
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Remote guest canot go to the Internet
Re: Remote guest canot go to the Internet
08-25-2017 12:27 PM
and what is that device?
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator