Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

connecting to wifi hosts from wired

This thread has been viewed 0 times

  • 1.  connecting to wifi hosts from wired

    Posted Apr 03, 2012 12:05 PM
    When I use a vlan on the controller with an IP so it does the routing I can ping from the wireless laptop and ping the wireless laptop.

    When I just drop the authenticated user into a layer 2 vlan that is routed by the core switch I can ping from the wireless laptop but I cannot ping to the wireless laptop.

    My rule is "allow all". Nothing in the log showing drops, and no apparent state in the datapath session table...

    Any ideas?


  • 2.  RE: connecting to wifi hosts from wired

    Posted Apr 03, 2012 01:07 PM
    @soapdish wrote:
    When I use a vlan on the controller with an IP so it does the routing I can ping from the wireless laptop and ping the wireless laptop.

    When I just drop the authenticated user into a layer 2 vlan that is routed by the core switch I can ping from the wireless laptop but I cannot ping to the wireless laptop.

    My rule is "allow all". Nothing in the log showing drops, and no apparent state in the datapath session table...

    Any ideas?



    Case 1: 

    Routing on controller 

     

    client ((( AP ------ (vlan with IP address)controller ------- core 

     

    client -> ping -> core : works  

    core -> ping -> client : works

     

    Case 2: Routing on core 

     

    client ((( AP ------ (vlan)controller ------- core 


    client -> ping -> core: works 

    core -> ping -> client : does not work 

     

     

    Could you run a traceroute from the wired client connected to the core going to the client IP and see where it is breaking? Is the link between the controller and core configured as trunk? 

     



  • 3.  RE: connecting to wifi hosts from wired

    Posted Apr 03, 2012 01:16 PM
    1. When you use the L2 VLAN for user, make sure of the user role the device is placed in using the show user-table. 
    2. Then do show rights <user role of the device>, to ensure that the user-role assigned to the device has all the right policies.  Make sure you have any any any allow and not just user any any  allow
    3. Since, you are saying that you are using a L2 VLAN, we can eliminating any NAT possibilities.
    4. First delete the arp table on the laptop on the wired side and then ensure that the ARP is being resolved for the wireless client
    5. Traceroute from the wired side - from where the ping is failing - to check at what interface the packet drop occurs. Once we know this we can  troubleshoot the problem from there.
    6. Use the show datapath session table command to see the session

    Regards,

    Sathya

     

     



  • 4.  RE: connecting to wifi hosts from wired

    Posted Apr 04, 2012 03:01 AM

    Guys,

     

     

    I cannot believe I missed this and I cannot understand why it works with the routing on the controller:

     

    Schoolboy error as follows:

    • Order of wireless preference not set correctly so laptop not associating with the correct SSID prior to login
    • Checkpoint secure client fw service bound to wifi adapter

    The two together produced a problem with logging in (as there was no network for the pre-auth connectivity to access domain controllers etc), an issue  with DHCP - I need to take this up with our fw people, and an issue making connections to the Laptop NIC - i.e. ping (icmp echo) being dropped

     

    Many thanks for all you help regardless, very much appreciated!!