Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

No Internet on guest Wi-Fi

This thread has been viewed 14 times

  • 1.  No Internet on guest Wi-Fi

    Posted Apr 17, 2018 12:43 PM

    I'm having trouble getting my Aruba Instant WAPs to play nice on the network. I have a Unifi switch and pfSense firewall.

     

    The guest Wi-Fi is set up in the controller on a 172.16/24 net and VLAN 99 with DHCP from the network. The LAN is a 10/24 net and the default VLAN.

     

    Wi-Fi devices can get an IP on the correct network, but can't get out to the Internet, nor even ping the default gateway.

     

    The Unifi switch is set up with a LAN and Guest network, with the appropriate networks and VLANs. There are no restrictions on the firewall on the guest LAN interface.

     

    Since the WAPs'/controller's management IP is on the LAN, the switch ports they're connected to are set for VLAN trunking (all networks).

     

    I'm stumped. Anyone have an extra clue they can toss my way?

     

    Thanks.



  • 2.  RE: No Internet on guest Wi-Fi

    EMPLOYEE
    Posted Apr 17, 2018 12:53 PM

    Start with the local guest subnet. What is the DHCP server that guest client devices report are assigning IP addresses? Is this the server you expect it to be?



  • 3.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 02:31 PM

    Hi Charlie,

     

    Yep, the DHCP server is the correct one.

     

    What's next?

     

    Brad



  • 4.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 02:50 PM

    If you hard wire a laptop in that VLAN on a switchport, is the traffic going through ?

    Also, what role is the device into on the IAP ?

    Cheers,



  • 5.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 03:02 PM

    Thanks, Overclock.

     

    I'm working from remote, so it'll be a bit of work to test an ethernet connection on that VLAN, but that's a good idea.

     

    The WiFi network is setup as guest, although I've tried with it set to corporate, too. I can't see any restrictions based on the guest assignment, though.



  • 6.  RE: No Internet on guest Wi-Fi

    EMPLOYEE
    Posted Apr 17, 2018 02:54 PM

    What is the DHCP server?



  • 7.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 03:00 PM

    172.16.36.1, which is the correct interface on the firewall.

     

    I should clarify that we have two physical interfaces on the firewall, both of which are plugged into the same switch.

     

    My expectation is that assigned VLAN 99 to the Guest interface on the firewall, combined with assigning VLAN 99 to the Guest Wi-Fi network in the IAP, along with VLAN trunk ports on the switch for the APs, would solve this.



  • 8.  RE: No Internet on guest Wi-Fi

    EMPLOYEE
    Posted Apr 17, 2018 03:08 PM
    @PCSBradwrote:

    172.16.36.1, which is the correct interface on the firewall.

     

    I should clarify that we have two physical interfaces on the firewall, both of which are plugged into the same switch.

     

    My expectation is that assigned VLAN 99 to the Guest interface on the firewall, combined with assigning VLAN 99 to the Guest Wi-Fi network in the IAP, along with VLAN trunk ports on the switch for the APs, would solve this.

    Okay, guest devices are connected to the VLAN and get an IP address of 172.16.36.x, the the firewall that's at 172.16.36.1, correct?

     

    Is 172.16.36.1 the default gateway that you're trying to ping unsuccessfully as well?



  • 9.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 03:13 PM
    @cclemmerwrote:
    @PCSBrad

    Okay, guest devices are connected to the VLAN and get an IP address of 172.16.36.x, the the firewall that's at 172.16.36.1, correct?

     

    Is 172.16.36.1 the default gateway that you're trying to ping unsuccessfully as well?

     Yes, guests are on VLAN 99 and are getting 172.16.36/24 IPs from the firewall (and default gateway) at 172.16.31.1.



  • 10.  RE: No Internet on guest Wi-Fi

    EMPLOYEE
    Posted Apr 17, 2018 03:23 PM

     

     Yes, guests are on VLAN 99 and are getting 172.16.36/24 IPs from the firewall (and default gateway) at 172.16.31.1.

    Guests are getting IP addresses from 172.16.36.x/24, but the default gateway is not on their local subnet (172.16.31.1)??



  • 11.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 03:44 PM
    @cclemmer

    Guests are getting IP addresses from 172.16.36.x/24, but the default gateway is not on their local subnet (172.16.31.1)??

    Sorry - fat-fingered the address. IPs and gateway are 172.16.36.1.

     

    I've also verified that wired connections on VLAN 99 are getting 172.16.36/24 IPs and are able to get out to the net.

     

    That strongly implies it's not the VLAN config, in the switch at least, or any filtering at the firewall.



  • 12.  RE: No Internet on guest Wi-Fi

    Posted Apr 17, 2018 04:26 PM

    What role is the affected user into ?

     

    Also, once you give us the role name, share output of this command : show access-rule-all



  • 13.  RE: No Internet on guest Wi-Fi

    EMPLOYEE
    Posted Apr 17, 2018 04:30 PM
    @PCSBradwrote:

    That strongly implies it's not the VLAN config, in the switch at least, or any filtering at the firewall.

    If the client is able to get an IP address from the firewall/router, it should also be able to ping the same firewall/router IP unless something is filtering. 

     

    As was mentioned, verify the user role that the Instant AP is placing your guest user into, and possibly verify that it's an any/any/allow for troubleshooting. That would rule out the firewall on Instant.