cancel
Showing results for 
Search instead for 
Did you mean: 

users connected to the VX9000 and AP7522 cannot connect to the internet

users connected to the VX9000 and AP7522 cannot connect to the internet

boy141
New Contributor II
Hi All,

For the last 362 days, users can connect to the wireless and everything is fine. My hardware is the VX9000 and the AP7522. They are getting IP addresses, but cannot connect out. The wireless AP are connected through VLAN16. The switch port is tagged VLAN16. I plug in my laptop into the switch port, and I get internet traffic. It's the APs that cannot communicate out.
1 ACCEPTED SOLUTION

boy141
New Contributor II
Folks, updating you on the case. We found that 1 of the APs was faulty and decided to reserve the IP addresses. I factory reset it, hung it back up, let the controller control it and it happened again. Will DOA it now.

View solution in original post

18 REPLIES 18

Tomasz
Valued Contributor II
Hi,

Don't you want to have WLAN bridged locally instead of tunneled to VX, what is officialy a no-go? Or is it tunneled to another endpoint device?
If your traffic is tunneled, the switch the controller/gateway is plugged into has to comply with the VLAN settings. Hypervisor virtual switch VLAN settings, and the DC switch underneath.
If you go for bridging mode local then it will make sense to test Internet connection from VLAN 16 on the AP-plugged switch.
Isn't that something you might want to adjust?

Hope that helps,
Tomasz

Edit: I see you wrote clients are getting IP address though, sorry for maybe introducing some confusion.

boy141
New Contributor II
Hey Chris,

The WLANs are tunnel to the datacenter where the VX9000 resides.
The wireless clients have "no connection" and cannot ping the gateway and cannot ping other internal servers. The VX9000 does not a have a DNS entry. The palo alto has is the firewall and has DNS.

Daren_Ellis
Extreme Employee
In addition I Would also ensure that you have the best practice default firewall policy configured.
AP can potentially drop traffic if policy is too strict.

How to apply the best practices firewall policy to WiNG APs and controllers from CLI?

ckelly
Extreme Employee
So obviously something changed.
have you made any configuration changes on the controller that coincide with this new behavior?
If not, something changed somewhere else then.

Are the WLANs tunneled or locally bridged?
Do wireless clients have a default gateway as part of their DHCP lease?
Can the wireless clients see (PING) other systems internally?
Can they PING their default gateway?
Do they have DNS resolution?
GTM-P2G8KFN