Controllerless Networks

Reply
Highlighted
Contributor I

AP515 IAP unable to browse to certain websites/services

We are testing an AP515 as an Instant AP. We have set up the unit with basic settings, one SSID with WPA2 personal encryption. We are using networked defined VLAN and IP addressing on an existing network that works. We are able to connect and get network access but are unable to browse to certain websites like google and other google services (youtube etc) but other websites work fine. We have tried tweaking the policies and adding explicit any to any allow rules and various services but doesn't seem to change anything. Anyone know why this might happen?

 

We are using AP515 in the same environment as campus APs on a cluster and don't experience anything like this. I have tested IAP in another environment and it worked fine with basic settings although was on an older model of AP. Is there something different about 515s or the IAP software they run?

 

Thanks.

Highlighted
Frequent Contributor II

Re: AP515 IAP unable to browse to certain websites/services

Hi,

Have you tried with Unrestricted access on the network configuration?

Screenshot_1.jpg


Daniel Méndez Vargas
ACMP, ACCP
Highlighted
Contributor I

Re: AP515 IAP unable to browse to certain websites/services

Hi thanks for reply. We have tried with this unrestricted setting and still same results.

Highlighted
MVP Guru

Re: AP515 IAP unable to browse to certain websites/services

Are you able to resolve the URL of the problematic sites, to confirm DNS is working? Is there any difference in the sites such as HTTP or HTTPS? Any transparent proxies upstream?

 

Grab one of the IPs of the URLs which is failing and check the datapath session. You might see Y flag which means there is no syn.

 

show datapath session | include [IP OF WEB SITE]

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Contributor I

Re: AP515 IAP unable to browse to certain websites/services

Thanks for reply. DNS is working ok as lookups resolve. If we browse to a URL for example youtube.com in Chrome it attempts to connect to http without redirecting to https. If we add https in it will partially load the webpage but lots of content won't load within the page. Other pages like google search or reddit won't load at all. No proxy involved on our network. Firefox and Chrome show connection reset errors so presume is something to do with traffic or TCP messing up but is beyond my knowledge.

 

I will check the datapatch command now. Thanks.

 

 

Highlighted
Contributor I

Re: AP515 IAP unable to browse to certain websites/services

We are indeed seeing the 'no SYN' flag for sessions to websites. I understand this means there is an issue with the 3 way handshake?

Highlighted
MVP Guru

Re: AP515 IAP unable to browse to certain websites/services

That is correct, this means the AP is not seeing a reply. Can you check again the upstream devices.

Sent from my iPad

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: