Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

iap clients cannot reach internet

This thread has been viewed 1 times

  • 1.  iap clients cannot reach internet

    Posted Sep 28, 2014 09:38 PM

    I have a small 3 IAP network connecting to a basic switch and into a cisco ASA for internet.

     

    The IAPs are giving dhcp addresses in the 192.168.212.0/24 network using the default dhcp scope. The IAPs are on mgmt network 192.168.12.0.

     

    Noone connecting to the .212 network can reach the internet. I can ping the 212 gateway, the .12 gateway, but cannot get passed that. The guy that setup the firewall says there isn't anything wrong with his config, but i'm hesitant. 

     

    I'm 99% sure its a routing issue, but i want to make sure i'm not missing anything.

    I found this route in the ASA that appears to be sending traffic to a dead end (12.201):

    ###

    route Public 192.168.212.0 255.255.255.0 192.168.12.201 1

    ###

     

    I have not received a response yet about it.

    any other things I can check while waiting on a response?



  • 2.  RE: iap clients cannot reach internet

    Posted Sep 28, 2014 10:18 PM
    Yes if there's not a statement in the firewall to allow a reverse path then you won't be able to get to the Internet.


  • 3.  RE: iap clients cannot reach internet

    Posted Sep 29, 2014 10:06 PM

    Still fighting this. No entries in the arp table of the firewall for the 212 network. Everything else is there.

     

    Firewall can ping wireless clients. Wireless clients can ping inside gateway. 

     

    routing table is:

    C 192.168.12.0 255.255.255.0 is directly connected, ATLPublic
    S 192.168.212.0 255.255.255.0 [1/0] via 192.168.12.50, ATLPublic
    C 96.x.x.y4 255.255.255.252 is directly connected, outside
    C 192.168.4.0 255.255.255.0 is directly connected, Office
    S* 0.0.0.0 0.0.0.0 [1/0] via 96.x.x.y5, outside

     

    I've changed the static route from 12.1, to 12.2(ap01), to 12.50(VAC).  Still no connection.



  • 4.  RE: iap clients cannot reach internet

    Posted Sep 30, 2014 08:57 AM

    From what I know, when you use the default dhcp scope of the IAP, all your WiFi client traffic comes out to Internet NATTED by the IAPs. So you sholud see the traffic of your WiFi client comes out with the IP addresses of the IAPs. And so, in the firewall, you have to permit the traffic from the IAPs IP to reach Internet.

    In fact I suppose that the .212 network exists only on your IAPs, right?

     

     


    [If you found my post helpful, please give kudos]

     

     

    Thanks,

    Massimo



  • 5.  RE: iap clients cannot reach internet

    Posted Sep 30, 2014 09:07 AM

    yes, thats correct.

     

    I did not know about the NATting. But anyone using the .12 addresses (including aps) can reach the internet. Its only the 212 network that cannot.