ExtremeWireless (Identifi)

Expand all | Collapse all

IdentiFi: wireless client can ping EWC, but can't ping gateway

Ronald Dvorak

Ronald Dvorak07-06-2017 11:42

  • 1.  IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 10:44
    Hello, everybody,

    At last, I've configured my clients to get correct IPs from DHCP server using relay.

    Everything looks fine, but I can't ping outside world from clients, (while could ping EWC).

    From EWC I can ping outside networks and can ping wireless clients.

    How could I allow wireless clients to reach their gateways?

    Access mode for all Roles is "Containment VLAN", all WLAN Topologies are EWC.

    Many thanks in advance,

    Ilya



  • 2.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 11:42
    Please provide a network diagram.


  • 3.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 12:38
    Check the MAC table on the X670, did the switch learn the client MAC on the port that is connected to ESA0 in VLAN38 or is the MAC learned in another VLAN?


  • 4.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 12:51
    I did - these are MACs of esa0:

    VR-Default 10.11.32.2 00:15:5d:0d:a6:1d 11 NO Vlan39 39 45
    VR-Default 10.10.32.2 00:15:5d:0d:a6:1d 0 NO Vlan38 38 45

    esa000:15:5D:0D:A6:1D V22(u), V38, V39 (this is copypaste from EWC)


  • 5.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 13:03
    Ok,so the switch doesn't learn the client MAC. Could you post a screenshot of the role settings for VLAN38 and also the rule config for that role.


  • 6.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).


  • 7.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 11:42
    Hi, Ronald,

    is it OK?



  • 8.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 11:42
    Are you able to ping the core = 10.10.32.1 from the client 10.10.32.6 ?


  • 9.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 11:42
    No, I am not able to ping a client from the Core.

    Wireless clients ping EWC and each other only.

    EWC could ping Core and wireless clients.

    This is my controller configuration:
    https://cloud.mail.ru/public/BYKk/4JdF7rZen


  • 10.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 13:03
    Yes, it doesn't.

    Please, see the attached screenshots below.

    There are no Policy Rules configured for any Roles.





  • 11.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Here you are:

    x670-CD1.1.1.1 # ping 10.10.32.2
    Ping(ICMP) 10.10.32.2: 4 packets, 8 data bytes, interval 1 second(s).
    16 bytes from 10.10.32.2: icmp_seq=0 ttl=63 time=5.095 ms
    16 bytes from 10.10.32.2: icmp_seq=1 ttl=63 time=5.725 ms
    16 bytes from 10.10.32.2: icmp_seq=2 ttl=63 time=5.646 ms
    16 bytes from 10.10.32.2: icmp_seq=3 ttl=63 time=6.078 ms

    --- 10.10.32.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% loss
    round-trip min/avg/max = 5/5/6 ms
    x670-CD1.1.1.2 # ping 10.11.32.2
    Ping(ICMP) 10.11.32.2: 4 packets, 8 data bytes, interval 1 second(s).
    16 bytes from 10.11.32.2: icmp_seq=0 ttl=63 time=1.734 ms
    16 bytes from 10.11.32.2: icmp_seq=1 ttl=63 time=0.991 ms
    16 bytes from 10.11.32.2: icmp_seq=2 ttl=63 time=0.877 ms
    16 bytes from 10.11.32.2: icmp_seq=3 ttl=63 time=5.503 ms

    --- 10.11.32.2 ping statistics ---
    4 packets transmitted, 4 packets received, 0% loss
    round-trip min/avg/max = 0/2/5 ms
    x670-CD1.1.1.3 #




    Ronald, I could do with Hyper-V whatever you tell me.

    Many thanks for your help!!!


  • 12.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Ronald?


  • 13.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Since you are using Hyper-V and tagged VLAN on the controller , did you apply the script (as per release notes) to HyperV to allow bypass tagged traffic?
    Also , other question : what NIC on HyperV server do you have ? I have seen issues when some non-default (non-Microsoft) drivers have to be applied to the NICs to work correctly with the wireless controller.


  • 14.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Hello, Yury!

    Tagged traffic is passing to EWC, we have applied the script and recreated interfaces in Hyper-V. I am not sure about drivers applied to NICs and find out an information about them on Monday.

    Some guys recommended me to change Access Control type in Roles from Containment VLAN to Allow. I did, but in this case wireless clients stops acquiring IP adresses from DHCP server.

    I will check it again on Monday.

    Thanks!


  • 15.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    llya,

    Is this still an issue for you or are you all set?



  • 16.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Hi Doug,

    Now it's OK, I've just reinstalled controller using your *.xml file.


  • 17.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Hi Ilya,

    I encounter the same problem as yours.
    May I know what is the root cause and the solution?


  • 18.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    I believe the VM environment was the issue in Ilia's case . Vince - what topology you are using - is that tunneling back to controller or bridging to AP? And second question (in case the firs answer will be : tunneling) - what controller do you use - hardware or VM . If VM - what type of VM - VmWare or HyperV.


  • 19.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    I'm using VM ESXi ver5.5

    There is a problem while configuring AP and Virtual Controller, here’s model details:

    Controller: Virtual Controller V2110

    AP: WS-AP3935i-ROW


    Scenario:

    -admin port: 192.168.18.X/24

    -physical port: 10.0.0.X/24, vlan 101

    -test_topology: 10.10.10.X/24,

    Gateway: 10.10.10.251
    vlan 10 [Mode: Bridge traffic at EWC]



    Problem:

    -AP is detected on controller.

    -Client connected to AP, but unable to access internet.



    Action Taken:

    -Verified on network, no issue.



    -Trace route from client to internet was timeout at controller.


  • 20.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Is promiscuous mode enabled as instructed in the V2110 Installation guide.


  • 21.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Are you able to ping the controller IP 10.10.10.x to the default GW


  • 22.  RE: IdentiFi: wireless client can ping EWC, but can't ping gateway

    Posted 07-06-2017 15:14
    Hi Ronald,

    The issue resolved. I found that not only promiscuous mode need to be enable, the rest of security need to be enabled and accept also.
    Thanks for your help.