Header Only - DO NOT REMOVE - Extreme Networks
Question

Only 1 VLAN Can Get Out To The Internet

  • 20 September 2019
  • 4 replies
  • 500 views

We have several VLAN's configured on the RFS-7220 Wireless Controller.



However, currently only VLAN 400 is able to get out to the Internet. When we assign any other VLAN to other profiles, the wireless clients get the correct local DHCP address, but they are NOT able to access the Internet.



I would like to set the 2nd network to VLAN 200, but when I do it can't go to the Internet. I inherited this equipment from a merger and I am not very familiar with it..but I am learning. Where would you define which VLAN can access the Internet on the Controller? Thanks in advance for your assistance!

4 replies

Userlevel 6
First, I'm confused as to why you would have both a guest and a secure WLAN both assigned to the same VLAN. Normally, when you have a guest WLAN, you have it assigned to its own VLAN for security reasons. As it is right now, guest users would be able to access LAN resources on the secured wired network. Or...is it this way because if you try to use some other VLAN tag for one of those two WLANs, the clients can't get Internet access?

When you say,
"However, currently only VLAN 400 is able to get out to the Internet. When we assign any other VLAN to other profiles, the wireless clients get the correct local DHCP address, but they are NOT able to access the Internet."
Are you saying that when you try to assign any other VLAN to either of these **WLAN** profiles that when a client connects to it that they aren't able to get out to the Internet?
When you do this and the clients get a lease, do they have a default route/default gateway as part of their lease?
Userlevel 4
We do not have sufficient information to advise on this issue.
Would suggest opening a case with GTAC.

We need to know:
  • Where DHCP is coming from (Controller or 3rd party server).
  • What device is doing the routing (controller or 3rd party device)
  • Is there a 3rd party firewall on vlan 400 possible dropping traffic.
We also would need to know if client can ping default gateway and defined DNS server for vlan 400.
Also are wired clients on vlan 400 able to get out to the internet.

Its possible default gateway and or DNS is not defined correctly in DHCP scoop for vlan 400.
DHCP is coming from the controller and defined by the VLAN configuration (see first picture).
The Controller is also doing the routing for the network.
I don't have a problem getting DHCP that works fine. The problem is when I assign any other VLAN to a profile besides 400 I don't get Internet access.

If you look at the 2nd picture I have both VLAN's as VLAN 400 and both Networks can go out to the Internet. When I assign VLAN 200 to the Corporate Network I get a DHCP address with the correct settings but I can't go out to Internet. My question was where is it defined on the Controller to allow Internet access for specific VLAN's. As I said earlier, we inherited this system and I am not completely familiar with it, so forgive me if my original question was confusing.
Userlevel 6
There's no specific setting that says 'allow this VLAN to get to the Internet.

If a WLAN is setup for local bridging mode (defined as part of the WLAN Profile), then the wireless client's traffic is simply tagged with the VLAN that is assigned in the WLAN Profile and then placed onto the AP's LAN connection. That's it.
Any failure of that traffic to reach the Internet at that point has nothing to do with the AP.

Reply