Solved

Users connected via rfs are unable to ping internet or gateway

  • 5 May 2020
  • 6 replies
  • 525 views

Hello,

I have the following scenario.

Wireless windows 10 client >>Extreme AP621 >> Extreme controller NX5500 version 5.9.4.0-020R >> Meraki firewall
Problem.
I have created a vlan on Meraki (vlan 22) with ip 192.168.22.1. Controller is directly connected into a access vlan on Meraki vlan 22.
Users are able to connect to ssid, but are unable to ping gateway or internet.

 

Controller config

NX5500#sh run
!
! Configuration of NX5500 version 5.9.4.0-020R
!

wlan 22
 ssid "test"
 vlan 22
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 XXXXXXXXX
!
wlan work
 ssid work
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 XXXXXXXXX


nx5500 xxxxxxxxxxxxxxxxxx
 use profile default-nx5500
 use rf-domain xxxxxx
 hostname NX5500Secondary
 ip default-gateway 192.168.12.1
 interface vlan1
  ip address 192.168.12.3/24
 cluster name Cluster
 cluster mode standby
 cluster member ip 192.168.12.2
 cluster member ip 192.168.12.3
!
nx5500 XXXXXXXXXXXXXXXXXXXX
 use profile default-nx5500
 use rf-domain xxxxxxxxx
  ip default-gateway 192.168.12.1
 interface ge2
  switchport mode access
  switchport access vlan 22
 interface vlan1
  ip address 192.168.12.2/24
 interface vlan22
  description "test"
  ip address 192.168.22.2/24
 cluster name Cluster
 cluster mode active
 cluster member ip 192.168.12.2
 cluster member ip 192.168.12.3

ap7522 XXXXXXXXXXX
 use profile anyap-XXX-SITE
 use rf-domain XXXX
 hostname AP1
 interface vlan1
  ip address 192.168.12.10/24

 

icon

Best answer by Nilac 6 May 2020, 09:54

Hello Nilac,

Let's address one thing at a time:

VLAN22

This is the VLAN that is mapped to the WLAN. The NX knows about it but the APs don’t seem to have it configured per what I see above. 

1 - On the NX5500 and in profile anyap-TEST-SITE configure VLAN 22

#conf t

#profile anyap-TEST-SITE

#interface vlan 22

2 - Allow said vlans through the ge 1 port

#..

#Interface ge 1

#switchport mode trunk

#switchport trunk allowed vlan 1,22

#com wr

3 - If the wireless clients are assigned static IP addresses add the DGW and DNS IP addresses to the AP profile however if they are pulling DHCP IP addresses, this information will be provided by the DHCP server to the wireless clients and you won’t need to do anything else. 

4 - Make sure that VLANs 1 and 22 are also allowed through the switchports the APs are connected to. 

I hope this helps

 

Christoph

 


Thank you very much Christoph for you`re detailed answer. I will schedule a maintainance hour to set things up.
5 stars for you`re profesionalism!

View original

6 replies

Userlevel 5

The WLANs are locally bridged, so the AP needs to carry VLAN 22 via 802.1q (trunk port) with VLAN 1. The NX will only carry VLAN 1 for adoption/management. 

Userlevel 6

Since bridging mode is set to local, traffic is handled by the APs and those should learn about the default gateway as well. If using DHCP, the following line should be included in the native VLAN settings:

  ip dhcp client request options all
 

If only using static IPs, then you will either need to add the default gateway to the AP profile (on the controller) or add it to each AP as an override in the VLAN interface settings (again on the controller). In this case you will need to configure the DNS IP address/es as well. 

 

These instructions may help: 

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-a-new-or-replace-an-existing-default-gateway-IP-on-a-WiNG-virtual-controller-from-CLI

I hope this helps,

 

Chris

The WLANs are locally bridged, so the AP needs to carry VLAN 22 via 802.1q (trunk port) with VLAN 1. The NX will only carry VLAN 1 for adoption/management. 


Dear Christopher, thank you for you`re answer. So do i have to configure the port from the switch where the Access point is connected from access (vlan 1) to trunk with vlan 1 and 22?

Or should i need to make modifications on the RFS aswell on the AP config.

Since bridging mode is set to local, traffic is handled by the APs and those should learn about the default gateway as well. If using DHCP, the following line should be included in the native VLAN settings:

  ip dhcp client request options all
 

If only using static IPs, then you will either need to add the default gateway to the AP profile (on the controller) or add it to each AP as an override in the VLAN interface settings (again on the controller). In this case you will need to configure the DNS IP address/es as well. 

 

These instructions may help: 

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-a-new-or-replace-an-existing-default-gateway-IP-on-a-WiNG-virtual-controller-from-CLI

I hope this helps,

 

Chris

Dear Christpher,

Thank you for youre paticence, please bear with me a little bit.
I am pretty new with Extreme equipments.

This is what i have now:

ap7522 XXX
 use profile anyap-TEST-SITE
 use rf-domain TEST
 hostname AP58
 interface vlan1
  ip address 192.168.12.58/24
  no ip dhcp client request options all

profile anyap anyap-TEST-SITE
 no autoinstall configuration
 no autoinstall firmware

auto-provisioning-policy TEST
 adopt anyap precedence 10 profile anyap-TEST-SITE rf-domain TEST any

--------
I don`t want to affect users from vlan1, this is a working critical enviroment.

I want to do this individually. Should i go under each AP and set :
ip default-gateway 192.168.22.1
ip dhcp client request options all  ?
Access points use static ip address, but clients are using dhcp.

Userlevel 6

Hello Nilac,

Let's address one thing at a time:

VLAN22

This is the VLAN that is mapped to the WLAN. The NX knows about it but the APs don’t seem to have it configured per what I see above. 

1 - On the NX5500 and in profile anyap-TEST-SITE configure VLAN 22

#conf t

#profile anyap-TEST-SITE

#interface vlan 22

2 - Allow said vlans through the ge 1 port

#..

#Interface ge 1

#switchport mode trunk

#switchport trunk allowed vlan 1,22

#com wr

3 - If the wireless clients are assigned static IP addresses add the DGW and DNS IP addresses to the AP profile however if they are pulling DHCP IP addresses, this information will be provided by the DHCP server to the wireless clients and you won’t need to do anything else. 

4 - Make sure that VLANs 1 and 22 are also allowed through the switchports the APs are connected to. 

I hope this helps

 

Christoph

 

Hello Nilac,

Let's address one thing at a time:

VLAN22

This is the VLAN that is mapped to the WLAN. The NX knows about it but the APs don’t seem to have it configured per what I see above. 

1 - On the NX5500 and in profile anyap-TEST-SITE configure VLAN 22

#conf t

#profile anyap-TEST-SITE

#interface vlan 22

2 - Allow said vlans through the ge 1 port

#..

#Interface ge 1

#switchport mode trunk

#switchport trunk allowed vlan 1,22

#com wr

3 - If the wireless clients are assigned static IP addresses add the DGW and DNS IP addresses to the AP profile however if they are pulling DHCP IP addresses, this information will be provided by the DHCP server to the wireless clients and you won’t need to do anything else. 

4 - Make sure that VLANs 1 and 22 are also allowed through the switchports the APs are connected to. 

I hope this helps

 

Christoph

 


Thank you very much Christoph for you`re detailed answer. I will schedule a maintainance hour to set things up.
5 stars for you`re profesionalism!

Reply