Wireless Access

Hi Airheads

I hope you can help, I've had a bit of trouble configuring something I thought would be fairly straight forward.  I have a customer with a centralised master controller and remote locals.  The customer would like, and has at other remote sites, the corporate ssid configured as a routed subnet with the controller as the Default gateway and also the dhcp server.

The client authenticates successfully and receives an ip address but cannot ping its default gateway, the interface on the controller.  The controller also can't ping the client.  I've not assigned the vlan to a port as it's to be routed and I forced the vlan interface to be up with the operstate up command, I could then ping the interface from the core so routing is in place however I still can't ping the client and the client has no connectivity.  Am I missing a step?  Should the vlan be assigned to a port?  The other local sites which work have been assigned to the main trunk port but this doesn't seem correct to me as the subnet should be routed.

Any advice greatly appreciated.

Thanks

Mark

Do you have diagram of how your networks is setup ?

That VLAN should be assign to the trunk of your Master and also to all your remote locations

It is possible to put your clients on a VLAN that only lives on the controller and have the controller route the traffic appropriately.   A couple of things to verify on your end:

- Ensure the VLAN has inter-vlan routing enabled (ip routing comand within the VLAN intefaces)

- Check what role the clients are in and what firewall policies are being applied (show rights <NameofRole>)

- Since you are not applying the VLAN to a port, ensure the default gateway for the controller is in the core and not on this same VLAN

- Ensure the client is being assigned the proper VLAN/mask.   You should not have to force the inteface up as you stated; once a client is connected, it will become active.

Also, in most deployment scenarios it is not recommended to have the controller act as the client gateway.  

Clembo,

    I've always been a little unsure of how the IP routing command on a VLAN works, if I configure this on a single VLAN does this mean it can communicate with all other VLANs configured or only if I configure it on another VLAN. i.e. if its configured on two are these the only two that will pass traffic between each other?

Many thanks for your replies Clembo and Victor.  

Unfortunately I do not have a network diagram Victor, I was going to describe the network but will spare you the description as everything appears to be working.  

I deployed a new site for the customer yesterday, same setup as the previous site, local 650 etc.. and everything worked.  I checked the site I had an issue with and saw client associarted and authenticated and I could ping this the local controller and then new site I was setting up.  I suspect there was an issue with the customer's laptop when we initially tested, I know he'd been doing some funky routing on it the previous day.

Clembo - everything you mentioned was verified, I should say a very good check list for anyone else looking into configuring this scenario, which confused me greatly as everything looked like it should have been working.  Funky routes on the testing laptop would explain this.

Thanks again for replying.

Mark