+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 40
Wireless Networks Thread, Wireless VLAN clients can't access the Internet in Technical; Originally Posted by FN-GM Can anyone with HP experience tell me if the ACL's work similar to Cisco please? If ...
  1. #16

    Join Date
    Oct 2005
    Posts
    855
    Thank Post
    52
    Thanked 117 Times in 107 Posts
    Rep Power
    75
    Quote Originally Posted by FN-GM View Post
    Can anyone with HP experience tell me if the ACL's work similar to Cisco please? If it does i have some tried and tested ACL's that will work.

    Thanks
    Yep - they certainly do.

    The proper procurve HP switches (and not the rebranded 3Com stuff) will happily use Cisco style ACLs. For example:

    remark "Allow access from iPad VLAN-120 to DHCP and DNS"
    10 permit udp 10.120.0.0 0.0.0.255 10.1.10.1 0.0.0.0 eq 68
    20 permit udp 10.120.0.0 0.0.0.255 10.1.10.0 0.0.0.3 eq 53
    30 permit tcp 10.120.0.0 0.0.0.255 10.1.10.0 0.0.0.3 eq 53
    40 permit udp 10.120.0.0 0.0.0.255 10.1.10.8 0.0.0.0 eq 53
    50 permit tcp 10.120.0.0 0.0.0.255 10.1.10.8 0.0.0.0 eq 53
    Last edited by pantscat; 21st February 2014 at 08:13 AM.

  2. #17

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    Do you have a default route configured anywhere for this VLAN? The default route should be within the subnet range of your VLAN. For instance if you're using 172.17.10.0 with 255.255.255.0, then default route might be 172.17.10.254.

  3. #18

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    With the suggested changes from yesterday by removing the ip settings from the edge switch i'm able to browse the internet via ip not dns, even the dns settings are in the scope, but they dont seem to be getting propogate via DHCP any ideas anyone?
    If I manually put in googles DNS server name resolution works.

    Edge:
    vlan 10
    name "Wireless"
    no ip address
    tagged 24,28
    exit

    Core:
    vlan 10
    name "Wireless"
    ip helper-address 172.16.99.140
    ip address 172.17.0.254 255.255.248.0
    tagged A1,A5,E12
    exit
    Last edited by ccadit; 21st February 2014 at 10:33 AM.

  4. #19

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by ccadit View Post
    With the suggested changes from yesterday by removing the ip settings from the edge switch i'm able to browse the internet via ip not dns, even the dns settings are in the scope, but they dont seem to be getting propogate via DHCP any ideas anyone?
    If I manually put in googles DNS server name resolution works.

    Edge:
    vlan 10
    name "Wireless"
    no ip address
    tagged 24,28
    exit

    Core:
    vlan 10
    name "Wireless"
    ip helper-address 172.16.99.140
    ip address 172.17.0.254 255.255.248.0
    tagged A1,A5,E12
    exit
    How do you have your DHCP settings configured for this VLAN? It doesn't seem that you have either a default gateway or DNS servers set in DHCP. All I see above are the switch VLAN settings. This is only half the solution.

  5. #20

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    using ip helper address 172.16.99.140 which is the DHCP server
    Capture.PNG

  6. #21

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Gateway is 172.17.0.254 the ip of our core

  7. #22

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by ccadit View Post
    using ip helper address 172.16.99.140 which is the DHCP server
    Capture.PNG
    I don't understand your name server settings. Is your router (172.17.0.254) a DNS server? And why is Google DNS your primary DNS server? You don't need to resolve internal DNS names?

  8. #23

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by seawolf View Post
    I don't understand your name server settings. Is your router (172.17.0.254) a DNS server? And why is Google DNS your primary DNS server? You don't need to resolve internal DNS names?
    I only put in 172.17.0.254 and yes thats our core switches IP, just to see if it would show up when I did ipconfig /all on client as its on the same subnet, I have put Googles DNS as its for BYOD wireless clients who don't need to know about internal names and idealy we would prefer if BYOd didnt touch our servers, if at all possible. Hope that makes sense now.

  9. #24

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by ccadit View Post
    I only put in 172.17.0.254 and yes thats our core switches IP, just to see if it would show up when I did ipconfig /all on client as its on the same subnet, I have put Googles DNS as its for BYOD wireless clients who don't need to know about internal names and idealy we would prefer if BYOd didnt touch our servers, if at all possible. Hope that makes sense now.
    Can you show me the scope for the 172.16.0.0 VLAN?

  10. #25

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    here it is:
    Capture.PNG

  11. #26

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    So, your clients are getting a DHCP address properly, but not the DNS settings (as you seemed to indicate manually configuring 8.8.8.8 in your client DNS settings works)?

  12. #27

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    yes thats correct, if I give the clients manually the address of our proxy server they can get to the internet too.

  13. #28

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175

    Wireless VLAN clients can't access the Internet

    Just looking at your original post. Have you tagged the ports on the core switch to the end point switch for the VLAN used for your switches (if you have one). We use a NET VLAN (2) that all of our switches as well as the firewall reside on. Also, have you untagged the ports going to the end point switch on the default VLAN (1)?

  14. #29

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 286 Times in 218 Posts
    Blog Entries
    1
    Rep Power
    175
    Also, if you don't have a NET VLAN that you have untagged the Meraki AP onto, then I would think it would also need to be untagged on the default VLAN.

  15. #30

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    The port that the Edge switch is plugged in to to the core is tagged for the wireless VLAN and untagged for the default VLAN.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Block a game from accessing the internet
    By Giodo in forum Windows 7
    Replies: 3
    Last Post: 17th July 2013, 08:48 AM
  2. I can't access the content on Microsoft Office Online
    By boolyn in forum Office Software
    Replies: 0
    Last Post: 10th June 2013, 04:02 PM
  3. IMPERO: Some clients cant access the internet..
    By jamin100 in forum Network and Classroom Management
    Replies: 3
    Last Post: 30th November 2012, 03:21 PM
  4. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  5. How do your users access the Internet?
    By Bruce123 in forum Internet Related/Filtering/Firewall
    Replies: 10
    Last Post: 6th January 2011, 09:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •