Network Management

Greeting

I have a role that our computer technician receive whenever they log onto a laptop wich mostly allow them to talk to any/any/any.  For some reason, this does not seam to be enough for them to connect with WinVNC to another user laptop.

Common users have rules in their role saying that they can receive communication from the wired technicien vlan.  This works.

So now I realize that I should allow my mobility role TI to talk to the mere mortal role.  But I cannot figure how to say that.

The wired vlan has his own IP range, so this was easy.  However the mobility role can be in whatever IP range it please, depending on the site where the technicien currently is.

I guess I should force a VLAN for the TI role but I've never done that.  On the other hand the trainers were so proud to tell us to get away of the whole ip range paradigme that I guess there is a way to tell a role to accept communication from another role.

thanks

Dany Chouinard

Whenever something does not work, you should type "show datapath session table <ip address of client>" to see if your traffic is blocked by the controller's firewall.

There is no mechanism to block traffic from one role to another; you are right.

My only piece of advise is that unless you have a very, very good reason to block traffic, you should treat the wireless like wired traffic and then strategically weigh blocking traffic vs. the hassle of troubleshooting.

Thanks for the reply Collin.  That's a bummer.  I really thought there was such concept.

Our traffic is blocked by default.  So I'm trying to grant access to the technicians.  I do not want students to fiddle with WinVNC communication on either wired or wireless access.  But the TI role should be able to do it.  I guess I will have to assign a different VLAN to the technician then but I've never done that.  Can't be that hard isn't it ?

Dany Chouinard