IdentiFi: wireless client can ping EWC, but can't ping gateway


Userlevel 4
Hello, everybody,

At last, I've configured my clients to get correct IPs from DHCP server using relay.

Everything looks fine, but I can't ping outside world from clients, (while could ping EWC).

From EWC I can ping outside networks and can ping wireless clients.

How could I allow wireless clients to reach their gateways?

Access mode for all Roles is "Containment VLAN", all WLAN Topologies are EWC.

Many thanks in advance,

Ilya

21 replies

Userlevel 7
Please provide a network diagram.
Userlevel 4
Ron wrote:

Please provide a network diagram.

Hi, Ronald,

is it OK?

Userlevel 7
Ron wrote:

Please provide a network diagram.

Are you able to ping the core = 10.10.32.1 from the client 10.10.32.6 ?
Userlevel 4
Ron wrote:

Please provide a network diagram.

No, I am not able to ping a client from the Core.

Wireless clients ping EWC and each other only.

EWC could ping Core and wireless clients.

This is my controller configuration:
https://cloud.mail.ru/public/BYKk/4JdF7rZen
Userlevel 7
Check the MAC table on the X670, did the switch learn the client MAC on the port that is connected to ESA0 in VLAN38 or is the MAC learned in another VLAN?
Userlevel 4
I did - these are MACs of esa0:

VR-Default 10.11.32.2 00:15:5d:0d:a6:1d 11 NO Vlan39 39 45
VR-Default 10.10.32.2 00:15:5d:0d:a6:1d 0 NO Vlan38 38 45

esa000:15:5D:0D:A6:1D V22(u), V38, V39 (this is copypaste from EWC)
Userlevel 7
Ok,so the switch doesn't learn the client MAC. Could you post a screenshot of the role settings for VLAN38 and also the rule config for that role.
Userlevel 4
Ron wrote:

Ok,so the switch doesn't learn the client MAC. Could you post a screenshot of the role settings for VLAN38 and also the rule config for that role.

Yes, it doesn't.

Please, see the attached screenshots below.

There are no Policy Rules configured for any Roles.

Userlevel 7
I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).
Userlevel 4
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Here you are:

x670-CD1.1.1.1 # ping 10.10.32.2
Ping(ICMP) 10.10.32.2: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.10.32.2: icmp_seq=0 ttl=63 time=5.095 ms
16 bytes from 10.10.32.2: icmp_seq=1 ttl=63 time=5.725 ms
16 bytes from 10.10.32.2: icmp_seq=2 ttl=63 time=5.646 ms
16 bytes from 10.10.32.2: icmp_seq=3 ttl=63 time=6.078 ms

--- 10.10.32.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 5/5/6 ms
x670-CD1.1.1.2 # ping 10.11.32.2
Ping(ICMP) 10.11.32.2: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.11.32.2: icmp_seq=0 ttl=63 time=1.734 ms
16 bytes from 10.11.32.2: icmp_seq=1 ttl=63 time=0.991 ms
16 bytes from 10.11.32.2: icmp_seq=2 ttl=63 time=0.877 ms
16 bytes from 10.11.32.2: icmp_seq=3 ttl=63 time=5.503 ms

--- 10.11.32.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/2/5 ms
x670-CD1.1.1.3 #




Ronald, I could do with Hyper-V whatever you tell me.

Many thanks for your help!!!
Userlevel 4
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Ronald?
Userlevel 5
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Since you are using Hyper-V and tagged VLAN on the controller , did you apply the script (as per release notes) to HyperV to allow bypass tagged traffic?
Also , other question : what NIC on HyperV server do you have ? I have seen issues when some non-default (non-Microsoft) drivers have to be applied to the NICs to work correctly with the wireless controller.
Userlevel 4
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Hello, Yury!

Tagged traffic is passing to EWC, we have applied the script and recreated interfaces in Hyper-V. I am not sure about drivers applied to NICs and find out an information about them on Monday.

Some guys recommended me to change Access Control type in Roles from Containment VLAN to Allow. I did, but in this case wireless clients stops acquiring IP adresses from DHCP server.

I will check it again on Monday.

Thanks!
Userlevel 7
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

llya,

Is this still an issue for you or are you all set?
Userlevel 4
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Hi Doug,

Now it's OK, I've just reinstalled controller using your *.xml file.
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Hi Ilya,

I encounter the same problem as yours.
May I know what is the root cause and the solution?
Userlevel 5
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

I believe the VM environment was the issue in Ilia's case . Vince - what topology you are using - is that tunneling back to controller or bridging to AP? And second question (in case the firs answer will be : tunneling) - what controller do you use - hardware or VM . If VM - what type of VM - VmWare or HyperV.
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

I'm using VM ESXi ver5.5

There is a problem while configuring AP and Virtual Controller, here’s model details:

Controller: Virtual Controller V2110

AP: WS-AP3935i-ROW


Scenario:

-admin port: 192.168.18.X/24

-physical port: 10.0.0.X/24, vlan 101

-test_topology: 10.10.10.X/24,

Gateway: 10.10.10.251
vlan 10 [Mode: Bridge traffic at EWC]



Problem:

-AP is detected on controller.

-Client connected to AP, but unable to access internet.



Action Taken:

-Verified on network, no issue.



-Trace route from client to internet was timeout at controller.
Userlevel 7
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Is promiscuous mode enabled as instructed in the V2110 Installation guide.
Userlevel 7
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Are you able to ping the controller IP 10.10.10.x to the default GW
Ron wrote:

I think there it's a configuration issue on the HyperV. The thing is from the above posts it's not clear what IPs you ping = what is working. Could you please run the following and let me know the result.. - from the X670 ping 10.10.32.2 and 10.11.32.2 - from the controller, in the GUI with the ping utility checkmark the advanced option and select topology VLAN 38 as the ping source interface and ping 10.10.32.1 (the IP of the X670 in VLAN38).

Hi Ronald,

The issue resolved. I found that not only promiscuous mode need to be enable, the rest of security need to be enabled and accept also.
Thanks for your help.

Reply