Wireless Access

Hi Guys

Hope everybody having good day

 

I' have created 4 Vlan on the controller

 

Vlan 2 : is edge vlan / uplink to internet (2.2.2.2/24) natoutside

Vlan 7 : is vlan to private network (7.7.7.2/24) natinside

Vlan 4: AP management (4.4.4.1/24) intervlan routing (Internal DHCP)

Vlan 5 : User traffic (5.5.5.1/24) intervlan routing (Internal DHCP)

 

* Getaway for the controller is on Vlan 2 (Ip Route .0.0.0/0 [0/1] via 2.2.2.1*)

* Controller Ip is still on the default vlan 172.16.0.254 * Vlan 3 is private network which airwave on it

*  the communication between the private vlan through the firewall

 

My question is :-

 

* User on Vlan 5 can't access internet what is the issue 

* is it possible that the airwave and controller can communicate to each other through the private vlans

 

i have attached simple diagram for more information

 

Thank you in advance for the answers

The default gateway on VLAN 5 is responsibie for delivering traffic to the internet.  What is that device?

Vlan 5 is internal vlan on the controller , 5.5.5.1 the the ip of the interface vlan 

 

dhcp pool for vlan 5 is configured on the controller 

 

 

Clients on that VLAN will have access to the internet in two situations:

 

"ip nat inside" or source nat is enabled on interface vlan 5 OR

Your border firewall has a route pointing to the controller for subnet 5.5.5.x AND will allow 5.5.5.x traffic to go to the internet.

my firewall has already static route to allow 5.5.5.x traffic to go through 

 

 

It needs a static route pointing at the controller's ip address for the 5.5.5.x subnet.

that what is appear when i run show ip route 

 

Gateway of last resort is 2.2.2.1 to network 0.0.0.0 at cost 1

S* 0.0.0.0/0 [0/1] via 2.2.2.1*
C 172.16.0.0/24 is directly connected, VLAN1
C 4.4.4.0/24 is directly connected, VLAN 4
C 5.5.5.0/24 is directly connected, VLAN 5
C 7.7.7.0/24 is directly connected, VLAN 7
C 2.2.2.2.0/24 is directly connected, VLAN2

 

i can't see why i need to add an ip route ?

 

thanks 

No. The controller's default gateway should be the internet firewall. If the controller is the default gateway for the 5.5.5.x network, the firewall needs to know how to deliver packets coming back from the internet to that subnet, so the firewall needs a route for that subnet pointing to the IP address of the controller

the firewall has this route already 

Ok. The firewall needs a route to the controller for the 5.5.5.x subnet. Do you have that in place?

Yes i have , and i can see it network 5.5.5.0 routed to 2.2.2.2 

What is 2.2.2.2?

So you have any basic networking functional? Can the controller ping internet addresses?

it's aruba controller interface vlan 2 ip which is connected to fiewall interface on vlan 2 

2.2.2.2 >>> controller 

2.2.2.1 >> Fw 

 

2.2.2.1 is default getway for the controller  

yes i can ping and traceroute public address