cancel
Showing results for 
Search instead for 
Did you mean: 

Different Vlan not Communicate

Different Vlan not Communicate

Saravanamurthy_
Contributor
Hi,
I am using AP 7532, firmware is 5.9.2. I created two vlan (vlan1 & vlan2) & two SSID (Employee & Guest) in this AP. IP address are vlan1 & vlan2 as 192.168.10.10 & 192.168.2.10. SSID Employee is mapped to vlan1 and Guest is mapped to vlan2. after configuring i connected two client with different SSID. I reached guest to employee. but i cant employee to guest.

Below Client connected to SSID Employee. This Client ip address is 192.168.10.105.

2e98c941a668417bac7aeb6ddf8a1ea9_RackMultipart20180627-24158-14yt7o1-image_inline.png



Another Client connected to SSID Guest. that IP address is 192.168.2.20. so Client from 192.168.2.10 to 192.168.10.105 is pinging. but from 192.168.10.105 to 192.168.2.20 is not pinging.

7 REPLIES 7

RobertZ
Extreme Employee
let us start with configuring the firewall for best practice

How To: How to apply the best practices firewall policy to WiNG APs

Saravanamurthy_
Contributor
awaiting for the reply

Saravanamurthy_
Contributor
ap7532-18A21C#sh running-config

!

! Configuration of AP7532 version 5.9.2.0-032R

!

!

version 2.5

!

!

client-identity-group default

load default-fingerprints

!

ip access-list BROADCAST-MULTICAST-CONTROL

permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"

permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"

deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"

deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"

deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"

permit ip any any rule-precedence 100 rule-description "permit all IP traffic"

!

ip access-list default-B8500118A21C-nat

permit ip any any rule-precedence 1

!

mac access-list PERMIT-ARP-AND-IPv4

permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"

permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"

!

ip snmp-access-list default

permit any

!

firewall-policy default

no ip dos tcp-sequence-past-window

no stateful-packet-inspection-l2

ip tcp adjust-mss 1400

!

!

mint-policy global-default

!

meshpoint-qos-policy default

!

wlan-qos-policy Employee

rate-limit client to-air rate 5000

rate-limit client from-air rate 5000

qos trust dscp

qos trust wmm

!

wlan-qos-policy Guest

--More—

rate-limit client to-air rate 5000

rate-limit client from-air rate 5000

qos trust dscp

qos trust wmm

!

wlan-qos-policy default

qos trust dscp

qos trust wmm

!

radio-qos-policy default

!

wlan Employee

description Employee

ssid Employee

vlan 1

bridging-mode local

encryption-type ccmp

authentication-type none

no fast-bss-transition over-ds

wpa-wpa2 psk 0 Employee@123

use wlan-qos-policy Employee

!

wlan Guest

description Guest

ssid Guest

vlan 2

bridging-mode local

encryption-type ccmp

authentication-type none

no fast-bss-transition over-ds

wpa-wpa2 psk 0 Guest@123

use wlan-qos-policy Guest

!

dhcp-server-policy WiNGExpressDhcpSvrPolicy

dhcp-pool default-vlan2-pool

network 192.168.2.0/24

address range 192.168.2.11 192.168.2.20

default-router 192.168.2.10

dns-server 192.168.2.10 8.8.8.8

!

!

management-policy default

telnet

no http server

https server

ip address zeroconf secondary

ip dhcp client request options all

interface vlan2

description Guest

ip address dhcp

interface pppoe1

use firewall-policy default

use client-identity-group default

logging on

service pm sys-restart

router ospf

adoption-mode controller

!

rf-domain default

timezone Asia/Calcutta

country-code in

use nsight-policy default

!

ap7532 B8-50-01-18-A2-1C

use profile default-ap7532

use rf-domain default

hostname ap7532-18A21C

location default

ip name-server 8.8.8.8

ip name-server 4.2.2.2

ip default-gateway 192.168.10.1

interface vlan1

description "WAN Interface"

ip address 192.168.10.10/24

no ip dhcp client request options all

ip nat inside

no shutdown

interface vlan2

description Guest

ip address 192.168.2.10/24

ip nat inside

use dhcp-server-policy WiNGExpressDhcpSvrPolicy

virtual-controller

rf-domain-manager capable

ip dns-server-forward

ip nat inside source list default-B8500118A21C-nat precedence 1 interface vlan1 overload

no adoption-mode

!

!



end

Saravanamurthy_
Contributor
Now i share all my configuration details.
LAN:

ebf0dd825f3b408d90fb94a8b01c51b3_RackMultipart20180628-17161-1imf2tz-image_inline.png



WAN:

ebf0dd825f3b408d90fb94a8b01c51b3_RackMultipart20180628-28662-13wa5is-image_inline.png


Wireless:

ebf0dd825f3b408d90fb94a8b01c51b3_RackMultipart20180628-128682-1xc40px-image_inline.png


Services:

ebf0dd825f3b408d90fb94a8b01c51b3_RackMultipart20180628-8772-1k3ig2o-image_inline.png



Access Point:

ebf0dd825f3b408d90fb94a8b01c51b3_RackMultipart20180628-8772-sewroe-image_inline.png



GTM-P2G8KFN