Wireless Access

Reply
Frequent Contributor II

connecting to wifi hosts from wired

When I use a vlan on the controller with an IP so it does the routing I can ping from the wireless laptop and ping the wireless laptop.

When I just drop the authenticated user into a layer 2 vlan that is routed by the core switch I can ping from the wireless laptop but I cannot ping to the wireless laptop.

My rule is "allow all". Nothing in the log showing drops, and no apparent state in the datapath session table...

Any ideas?
Retired Employee

Re: connecting to wifi hosts from wired


soapdish wrote:
When I use a vlan on the controller with an IP so it does the routing I can ping from the wireless laptop and ping the wireless laptop.

When I just drop the authenticated user into a layer 2 vlan that is routed by the core switch I can ping from the wireless laptop but I cannot ping to the wireless laptop.

My rule is "allow all". Nothing in the log showing drops, and no apparent state in the datapath session table...

Any ideas?



Case 1: 

Routing on controller 

 

client ((( AP ------ (vlan with IP address)controller ------- core 

 

client -> ping -> core : works  

core -> ping -> client : works

 

Case 2: Routing on core 

 

client ((( AP ------ (vlan)controller ------- core 


client -> ping -> core: works 

core -> ping -> client : does not work 

 

 

Could you run a traceroute from the wired client connected to the core going to the client IP and see where it is breaking? Is the link between the controller and core configured as trunk? 

 

--
HT
Aruba Employee

Re: connecting to wifi hosts from wired

  1. When you use the L2 VLAN for user, make sure of the user role the device is placed in using the show user-table. 
  2. Then do show rights <user role of the device>, to ensure that the user-role assigned to the device has all the right policies.  Make sure you have any any any allow and not just user any any  allow
  3. Since, you are saying that you are using a L2 VLAN, we can eliminating any NAT possibilities.
  4. First delete the arp table on the laptop on the wired side and then ensure that the ARP is being resolved for the wireless client
  5. Traceroute from the wired side - from where the ping is failing - to check at what interface the packet drop occurs. Once we know this we can  troubleshoot the problem from there.
  6. Use the show datapath session table command to see the session

Regards,

Sathya

 

 

Frequent Contributor II

Re: connecting to wifi hosts from wired

Guys,

 

 

I cannot believe I missed this and I cannot understand why it works with the routing on the controller:

 

Schoolboy error as follows:

  • Order of wireless preference not set correctly so laptop not associating with the correct SSID prior to login
  • Checkpoint secure client fw service bound to wifi adapter

The two together produced a problem with logging in (as there was no network for the pre-auth connectivity to access domain controllers etc), an issue  with DHCP - I need to take this up with our fw people, and an issue making connections to the Laptop NIC - i.e. ping (icmp echo) being dropped

 

Many thanks for all you help regardless, very much appreciated!!

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: