Hey All -
First, I'd like to say I'm not entirely convinced this is an IAP related issue but it was suggested (by others) that it could be since it only appears to surface on wirelessly connected devices.
The issue is that there appears to be some sort of ICMP redirect occuring. If you are on the wireless LAN and attempting to ping a device on the same LAN subnet that is connected via ethernet the following is returned:
--
ping 192.168.0.252
PING 192.168.0.252 (192.168.0.252): 56 data bytes
36 bytes from PFSENSE (192.168.0.254): Redirect Host(New addr: 192.168.0.252)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 c0 0054 e34c 0 0000 40 01 140e 192.168.0.66 192.168.0.252
64 bytes from 192.168.0.252: icmp_seq=0 ttl=64 time=3.118 ms
36 bytes from PFSENSE (192.168.0.254): Redirect Host(New addr: 192.168.0.252)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 c0 0054 b243 0 0000 40 01 4517 192.168.0.66 192.168.0.252
64 bytes from 192.168.0.252: icmp_seq=1 ttl=64 time=3.161 ms
^C
--
Wired devices pinging other wired devices have a normal ping reply:
--
ping 192.168.0.252
PING 192.168.0.252 (192.168.0.252): 56 data bytes
64 bytes from 192.168.0.252: icmp_seq=0 ttl=63 time=55.501 ms
64 bytes from 192.168.0.252: icmp_seq=1 ttl=63 time=31.535 ms
64 bytes from 192.168.0.252: icmp_seq=2 ttl=63 time=26.582 ms
^C
--
To recap, all devices are on 1 small LAN:
PF Sense Router - 192.168.0.0/24
4 IAP 225s obtaining their IP via DHCP (from 192.168.0.254 - PFsense)
24 Port PoE switch - 192.168.0.1
What is also odd here is that during a traceroute from a wirelessly connected device the PFSense router (192.168.0.254) appears:
traceroute to 192.168.0.201 (192.168.0.201), 64 hops max, 52 byte packets
1 192.168.0.254 (192.168.0.254) 42.051 ms 23.188 ms 22.835 ms
2 192.168.0.201 (192.168.0.201) 28.646 ms 29.944 ms 25.897 ms
On any wired connected device that hop is missing:
traceroute to 192.168.0.201 (192.168.0.201), 64 hops max, 52 byte packets
1 192.168.0.201 (192.168.0.201) 28.646 ms 24.644 ms 27.947 ms
Any ideas on what is occuring here and why it only appears to be impacting devices connected wirelessly behind the IAPs?
Thanks
#AP225