Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2019 09:08 PM
Hi All,
For the last 362 days, users can connect to the wireless and everything is fine. My hardware is the VX9000 and the AP7522. They are getting IP addresses, but cannot connect out. The wireless AP are connected through VLAN16. The switch port is tagged VLAN16. I plug in my laptop into the switch port, and I get internet traffic. It's the APs that cannot communicate out.
For the last 362 days, users can connect to the wireless and everything is fine. My hardware is the VX9000 and the AP7522. They are getting IP addresses, but cannot connect out. The wireless AP are connected through VLAN16. The switch port is tagged VLAN16. I plug in my laptop into the switch port, and I get internet traffic. It's the APs that cannot communicate out.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-27-2019 08:08 PM
Folks, updating you on the case. We found that 1 of the APs was faulty and decided to reserve the IP addresses. I factory reset it, hung it back up, let the controller control it and it happened again. Will DOA it now.
18 REPLIES 18
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2019 10:18 PM
Hi,
Don't you want to have WLAN bridged locally instead of tunneled to VX, what is officialy a no-go? Or is it tunneled to another endpoint device?
If your traffic is tunneled, the switch the controller/gateway is plugged into has to comply with the VLAN settings. Hypervisor virtual switch VLAN settings, and the DC switch underneath.
If you go for bridging mode local then it will make sense to test Internet connection from VLAN 16 on the AP-plugged switch.
Isn't that something you might want to adjust?
Hope that helps,
Tomasz
Edit: I see you wrote clients are getting IP address though, sorry for maybe introducing some confusion.
Don't you want to have WLAN bridged locally instead of tunneled to VX, what is officialy a no-go? Or is it tunneled to another endpoint device?
If your traffic is tunneled, the switch the controller/gateway is plugged into has to comply with the VLAN settings. Hypervisor virtual switch VLAN settings, and the DC switch underneath.
If you go for bridging mode local then it will make sense to test Internet connection from VLAN 16 on the AP-plugged switch.
Isn't that something you might want to adjust?
Hope that helps,
Tomasz
Edit: I see you wrote clients are getting IP address though, sorry for maybe introducing some confusion.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2019 09:53 PM
Hey Chris,
The WLANs are tunnel to the datacenter where the VX9000 resides.
The wireless clients have "no connection" and cannot ping the gateway and cannot ping other internal servers. The VX9000 does not a have a DNS entry. The palo alto has is the firewall and has DNS.
The WLANs are tunnel to the datacenter where the VX9000 resides.
The wireless clients have "no connection" and cannot ping the gateway and cannot ping other internal servers. The VX9000 does not a have a DNS entry. The palo alto has is the firewall and has DNS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2019 09:46 PM
In addition I Would also ensure that you have the best practice default firewall policy configured.
AP can potentially drop traffic if policy is too strict.
How to apply the best practices firewall policy to WiNG APs and controllers from CLI?
AP can potentially drop traffic if policy is too strict.
How to apply the best practices firewall policy to WiNG APs and controllers from CLI?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-24-2019 09:42 PM
So obviously something changed.
have you made any configuration changes on the controller that coincide with this new behavior?
If not, something changed somewhere else then.
Are the WLANs tunneled or locally bridged?
Do wireless clients have a default gateway as part of their DHCP lease?
Can the wireless clients see (PING) other systems internally?
Can they PING their default gateway?
Do they have DNS resolution?
have you made any configuration changes on the controller that coincide with this new behavior?
If not, something changed somewhere else then.
Are the WLANs tunneled or locally bridged?
Do wireless clients have a default gateway as part of their DHCP lease?
Can the wireless clients see (PING) other systems internally?
Can they PING their default gateway?
Do they have DNS resolution?
