This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

users connected to the VX9000 and AP7522 cannot connect to the internet

users connected to the VX9000 and AP7522 cannot connect to the internet

Go to solution
boy141
New Contributor II

‎09-24-2019 09:08 PM

Hi All,

For the last 362 days, users can connect to the wireless and everything is fine. My hardware is the VX9000 and the AP7522. They are getting IP addresses, but cannot connect out. The wireless AP are connected through VLAN16. The switch port is tagged VLAN16. I plug in my laptop into the switch port, and I get internet traffic. It's the APs that cannot communicate out.
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
boy141
New Contributor II

‎09-27-2019 08:08 PM

Folks, updating you on the case. We found that 1 of the APs was faulty and decided to reserve the IP addresses. I factory reset it, hung it back up, let the controller control it and it happened again. Will DOA it now.

View solution in original post

0 Kudos
18 REPLIES 18

Go to solution
Tomasz
Valued Contributor II

‎09-24-2019 10:18 PM

Hi,

Don't you want to have WLAN bridged locally instead of tunneled to VX, what is officialy a no-go? Or is it tunneled to another endpoint device?
If your traffic is tunneled, the switch the controller/gateway is plugged into has to comply with the VLAN settings. Hypervisor virtual switch VLAN settings, and the DC switch underneath.
If you go for bridging mode local then it will make sense to test Internet connection from VLAN 16 on the AP-plugged switch.
Isn't that something you might want to adjust?

Hope that helps,
Tomasz

Edit: I see you wrote clients are getting IP address though, sorry for maybe introducing some confusion.
0 Kudos

Go to solution
boy141
New Contributor II

‎09-24-2019 09:53 PM

Hey Chris,

The WLANs are tunnel to the datacenter where the VX9000 resides.
The wireless clients have "no connection" and cannot ping the gateway and cannot ping other internal servers. The VX9000 does not a have a DNS entry. The palo alto has is the firewall and has DNS.
0 Kudos

Go to solution
Daren_Ellis
Extreme Employee

‎09-24-2019 09:46 PM

In addition I Would also ensure that you have the best practice default firewall policy configured.
AP can potentially drop traffic if policy is too strict.

How to apply the best practices firewall policy to WiNG APs and controllers from CLI?
0 Kudos

Go to solution
ckelly
Extreme Employee

‎09-24-2019 09:42 PM

So obviously something changed.
have you made any configuration changes on the controller that coincide with this new behavior?
If not, something changed somewhere else then.

Are the WLANs tunneled or locally bridged?
Do wireless clients have a default gateway as part of their DHCP lease?
Can the wireless clients see (PING) other systems internally?
Can they PING their default gateway?
Do they have DNS resolution?
0 Kudos
GTM-P2G8KFN