No traffic from AP to different VLANs (opposite site works)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2018 12:23 AM
Hello,
I've got a brand new APs with WiNG v 5.9 and in this case I'm using Enterprise UI and CLI to communicate with them. I'm struggling with setting up a Radius authentication on a specific SSID and after some time I think I've finally discovered my problem:
I can't ping from AP my Radius server which can be reached through a VPN tunnel, but I can ping and configure AP via https and ssh from this server without any problems (there are .in and .out policies on firewall).
The only thing I can ping are devices in the same VLAN, even when I add policies on a main firewall, for instance workstations ->devices, devices -> workstations, I can ping and access AP from workstation but I can't ping workstation from the AP.
Is there any way I can enable this traffic? It's really frustrating, turning off APs firewall didn't help at all.
Any help appreciated!
I've got a brand new APs with WiNG v 5.9 and in this case I'm using Enterprise UI and CLI to communicate with them. I'm struggling with setting up a Radius authentication on a specific SSID and after some time I think I've finally discovered my problem:
I can't ping from AP my Radius server which can be reached through a VPN tunnel, but I can ping and configure AP via https and ssh from this server without any problems (there are .in and .out policies on firewall).
The only thing I can ping are devices in the same VLAN, even when I add policies on a main firewall, for instance workstations ->devices, devices -> workstations, I can ping and access AP from workstation but I can't ping workstation from the AP.
Is there any way I can enable this traffic? It's really frustrating, turning off APs firewall didn't help at all.
Any help appreciated!
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2018 11:25 AM
Yep, the L2 MiNT connectivity has saved my butt (while working with customers) several times in the past! Incredibly handy function!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2018 11:23 AM
No worries Chris, sometimes dealing with problems on your own gives some satisfaction . It really saved the day, I mean it even saved the whole week. APs are located about 10 meters above the ground in a warehouse. Imagine my happiness when I brought the connection back and didn't have to rent and use an aerial platform 
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2018 10:52 AM
Sorry for the late reply, Adam.
Looks like MiNT saved the day again though. Perfect example of how MiNT can allow you to re-establish a connection to a AP/controller - even when there's no L3 access like in your situation.
Looks like MiNT saved the day again though. Perfect example of how MiNT can allow you to re-establish a connection to a AP/controller - even when there's no L3 access like in your situation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2018 06:56 AM
So, it looks like I solved it on my own . When you do something stupid like deleting IP address from VLAN 1 with disabled dhcp and tagged traffic, here is how to fix it:
Connect to another AP via SSH (for example with PuTTy):
login:
show mint neighbors
connect mint-id xx.xx.xx.xx>en #self #int vlan 1 (Replace VLAN ID 1 with your native vlan ID if different) #ip address !(Example: 192.168.2.10/24) #commit write #end #show ip int br (to verify that the IP address has been properly configured)And thats it  Maybe this will help someone
Connect to another AP via SSH (for example with PuTTy):
login:
show mint neighbors
connect mint-id xx.xx.xx.xx>en #self #int vlan 1 (Replace VLAN ID 1 with your native vlan ID if different) #ip address
