+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 40
Wireless Networks Thread, Wireless VLAN clients can't access the Internet in Technical; We are just setting up a new Meraki Wireless setup, so far Created a new VLAN 10 on edge and ...
  1. #1

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Wireless VLAN clients can't access the Internet

    We are just setting up a new Meraki Wireless setup, so far
    Created a new VLAN 10 on edge and core switch, tagged the AP with VLAN 10 on the edge switch.
    Created a new DHCP scope.
    Put an IP helper for the core with IP of DHCP server.
    Tagged the port that the edge swicth goes to the core on VLAN 10.

    Client gets a DHCP IP, however can't access the internet, don't see it registering on the firewall when trying to access the Internet.

    All of our servers are on a different VLAN. A colleague has suggested the issue is to do with the clients not able to connect to our DNS servers.


    Any help would be very much appreciated.

  2. #2

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Do they have a route to your router? (and does the router know a route back to the client?!)

  3. #3

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    the core switch is our router if that answers your question, sorry not that clued up on networking if it doesn't. I can ping and remote onto the core switch as its configured as the gateway for the VLAN.

    vlan 10
    name "Wireless"
    ip helper-address 172.16.99.140
    ip address 172.15.0.1 255.255.248.0
    tagged A1,E12
    exit

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,937
    Thank Post
    886
    Thanked 1,692 Times in 1,471 Posts
    Blog Entries
    12
    Rep Power
    446
    What firewall are you using? Have you set that to allow traffic from the new subnet?

    I assume you have a static route on your core switch?

    By the way that IP address you are using for the VLAN is not in the private range. You should use a private address this will also cause you issues. Private ranges you can use - Verio Knowledgebase :: What is the difference between public and private IP addresses?
    Last edited by FN-GM; 20th February 2014 at 04:22 PM.

  5. Thanks to FN-GM from:

    ccadit (21st February 2014)

  6. #5

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Ok - that's all good then, make perfect sense.

    Does the core switch have a route out to the internet? (or your proxy / firewall etc.).

    I'm guessing by your config above that it's an HP switch - so you'd have something along the lines of:

    ip route 0.0.0.0 0.0.0.0 1.2.3.4

    Where 1.2.3.4 is the ip address of your edge firewall/proxy.

  7. #6

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    yes HP switch and this is in the config too
    ip route 0.0.0.0 0.0.0.0 firewall address

  8. #7

    Join Date
    Oct 2005
    Posts
    827
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Excellent - ok then next step is to see if the firewall knows about the VLAN.

    E.g. Does the firewall have a route back to VLAN 10?

    I suspect that the firewall just needs a route configuring so it knows how to get back to 172.15.0.0/21.

    Also - just read @FN-GMs post - he's quite right...
    Last edited by pantscat; 20th February 2014 at 04:28 PM. Reason: not looking properly.

  9. #8

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cisco ASA.
    I have created an inside rule from 172.15 network on http to outside world.
    I have a static route but not for this range could that be the problem?
    I wasn't aware that 172.15 wasn't private, could that be the issue?

  10. #9

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    We currently have a Braford NAC in and I tried to include my new DHCP range everywhere where the Bradford NAC wireless range was. What wodul I be looking for a firewall inside rule? I do have one which 172.15.0.0 network to any on HTTP allow.

  11. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,937
    Thank Post
    886
    Thanked 1,692 Times in 1,471 Posts
    Blog Entries
    12
    Rep Power
    446
    I wasn't aware that 172.15 wasn't private, could that be the issue? - Yep when you try to get to a web service hosted in the range of 172.15.0.1 - 172.15.7.254 it simply won't work.

    I have created an inside rule from 172.15 network on http to outside world. - Don't forget https.

    I have a static route but not for this range could that be the problem? - Shouldn't be. Static routes look at the destination IP not the source IP.

    Before you do anything change your IP range. By the way do you need that range to be so large?

  12. #11

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    edge config
    vlan 10
    name "Wireless"
    ip address 172.30.0.254 255.255.248.0
    ip helper-address 172.16.99.140
    tagged 24,28
    exit

    Core config
    vlan 10
    name "Wireless"
    ip helper-address 172.16.99.140
    ip address 172.30.0.254 255.255.248.0
    tagged A1,A5,E12
    exit

    still no difference though :-(

  13. #12

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    anyother bit of info it maybe important with my issue A1 is the port on the core that the firewall is plugged in to.

  14. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,937
    Thank Post
    886
    Thanked 1,692 Times in 1,471 Posts
    Blog Entries
    12
    Rep Power
    446
    Is there any reason why you have done that config on both core and edge? I would have thought the IP and stuff is only needed on the core.

  15. #14

    Join Date
    Nov 2011
    Location
    Middlesbrough
    Posts
    36
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    as suggested just changed edge config to:
    vlan 10
    name "Wireless"
    tagged 24,28
    exit

    everything is now working but too well in the sense I can cross to our 172.16 flat vlan which we wanted to avoid.

  16. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,937
    Thank Post
    886
    Thanked 1,692 Times in 1,471 Posts
    Blog Entries
    12
    Rep Power
    446
    Right to confirm you can get access to the internet? So the main issue is solved? Just want to make sure we are on the same page.

    When you setup a Layer 3 Vlan by default it will be able to route to all other vlans. To prevent this you can use Access Control Lists.

    Can you confirm you are using HP kit?
    Does your core switch support Access Control Lists / ACLS?
    On your main network, your .16 range, what do you want the wireless to access? DHCP and DNS i assume?

    Can anyone with HP experience tell me if the ACL's work similar to Cisco please? If it does i have some tried and tested ACL's that will work.

    Thanks
    Last edited by FN-GM; 20th February 2014 at 05:32 PM.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Block a game from accessing the internet
    By Giodo in forum Windows 7
    Replies: 3
    Last Post: 17th July 2013, 08:48 AM
  2. I can't access the content on Microsoft Office Online
    By boolyn in forum Office Software
    Replies: 0
    Last Post: 10th June 2013, 04:02 PM
  3. IMPERO: Some clients cant access the internet..
    By jamin100 in forum Network and Classroom Management
    Replies: 3
    Last Post: 30th November 2012, 03:21 PM
  4. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  5. How do your users access the Internet?
    By Bruce123 in forum Internet Related/Filtering/Firewall
    Replies: 10
    Last Post: 6th January 2011, 09:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •