Wireless Access

Hello guys 

I'm installing an VMC standalone on customer side and have a strange issue.

DHCP are on the windows domain controller for all VLANs. 

I have two SSIDs:

Test 1 ; VLAN 10 ; default Role: authenticated

Test 2 : VLAN 20 ; default Role : logon

On both SSIDs the clients get an IP from the DHCP. Afterwards they cannot ping the gateway or other internal stuff even the internet.

Have someone an idea what the issue can be?

Thanks in advanced.

On the controller the user is connected to, type "show datapath session table <ip address of user>" to see if traffic is being blocked.

Thanks for replay and sorry for the late response.

The traffic is not shown in the datapath table session:

 #show datapath session table 192.168.1.149


Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       u - Upstream Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal
       r - Route Nexthop, h - High Value
       A - Application Firewall Inspect
       B - Permanent, O - Openflow
       L - Log

Source IP       Destination IP  Prot SPort DPort Cntr     Prio ToS Age Destination TAge Packets    Bytes      Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------  --------- ---------------
192.168.1.149      192.168.1.255      17   137   137    0/0     0    0   1   tunnel 14   8f   46         3588       FC
192.168.1.149      224.0.0.252     17   49755 5355   0/0     0    0   0   tunnel 14   2    2          104        FC
192.168.1.149      224.0.0.252     17   64857 5355   0/0     0    0   0   tunnel 14   5    0          0          FC
192.168.1.149      224.0.0.252     17   61096 5355   0/0     0    0   1   tunnel 14   12   0          0          FC
192.168.1.149      224.0.0.252     17   63715 5355   0/0     0    0   0   tunnel 14   2    2          104        FC

192.168.1.255      192.168.1.149      17   137   137    0/0     0    0   9   tunnel 14   90   0          0          FY

Do you have another idea?

That output does not match your command.  Is your user in the user table on the controller?

Sorry, I forgot to change th IP Address. ;)

The user is listet on the User Table.

What are the ACLS on the client's role?

Can the client ping the default gateway?

I tried with the default "authentication" role (see the Picture in the Attachment).

No I can't reach any device in the network. Even the DHCP Server who gave the IP address.

It's the first time I use a Virtual MC. All other installation are physical Applicances.

Remove the first rule.  It is blocking everything.

It's not possible:

I did try with a new role only with one rule "any any permit" already. With the same result. I can try it again...

I tried with the new rule again.

That is my ruleset:

Use it on the Wifi Profile:

User assign to the new rule:

I get the IP Address from the DHCP Server, but I can't pint the default gateway even the DHCP Server...

there are no ARP entries in the arp-table as well.

It's realy strange.

I have another SSID - used default VLAN 1, with no issue!

I assign the controller an IP address on this network (192.168.1.11).

Now, I can ping from the client (192.168.1.160) the controller (192.168.1.11) but not the DHCP server (192.168.1.10) or another device (192.168.1.52)

Other clients in the same Wifi it works as well. I guess there is an issue with the firewall on the controller. Is there an option to disable it completely?

Your first post mentions this being a virtual mobility controller; and you later say that SSIDs on VLAN 1 work fine.     Do you have the VLAN tagging setup properly on the both the VMC interface as well as the host server environment? 

Please share the port/vlan configuration for the interface you are using on the controller as well as the host server.

Yes, that's true. My configuration on the VMC:

vlan 4 description "clients"
vlan 334 description "public-wifi"
!
controller-ip vlan 1
interface mgmt
    ip address 192.168.61.250 255.255.255.0
!
!
ip default-gateway mgmt 192.168.61.10
!
interface gigabitethernet 0/0/0
    description "GE0/0/0"
    trusted
    trusted vlan 1-4094
    no poe
    switchport mode trunk
    switchport trunk native vlan 1000
    no spanning-tree
!

interface gigabitethernet 0/0/1
    description "GE0/0/1"
    shutdown
    trusted
    trusted vlan 1-4094
    no poe
    no spanning-tree
!

interface gigabitethernet 0/0/2
    description "GE0/0/2"
    shutdown
    trusted
    trusted vlan 1-4094
    no poe
    no spanning-tree

I requested the ESXi printscreen from the customer. 

So, I got the printscreens from the customer:

Thanks for helping!

I have to say i have been STRUGGLING with what seems to be the exact situation. I was excited to fine this discussion and sad to see it ended without a resolution.... any chance you found the solution and wish to share it?

Your disappointment is noted.

Please open a new thread so we can address your specific issue.  This thread is 3 years old, so we are closing it.