08-09-2013 03:58 PM
I have configurations set to not enable wireless isolation.
I have configured the wireless vlan# to be the same as the primary production vlan#.
I can ping both wireless hosts from the router, but cannot ping from host to host (making it look like wireless isolation is in fact in effect).
(client1 is an ipad) (from router 192.168.70.1)
PING 192.168.70.70 (192.168.70.70): 56 data bytes
64 bytes from 192.168.70.70: icmp_seq=0 ttl=64 time=52.2 ms
64 bytes from 192.168.70.70: icmp_seq=1 ttl=64 time=165.3 ms
64 bytes from 192.168.70.70: icmp_seq=2 ttl=64 time=81.5 ms
64 bytes from 192.168.70.70: icmp_seq=3 ttl=64 time=101.6 ms
--- 192.168.70.70 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 52.2/100.1/165.3 ms
(client2 is a laptop) (from router 192.168.70.1)
PING 192.168.70.137 (192.168.70.137): 56 data bytes
64 bytes from 192.168.70.137: icmp_seq=0 ttl=128 time=1.1 ms
64 bytes from 192.168.70.137: icmp_seq=1 ttl=128 time=126.8 ms
64 bytes from 192.168.70.137: icmp_seq=2 ttl=128 time=145.9 ms
64 bytes from 192.168.70.137: icmp_seq=3 ttl=128 time=165.8 ms
--- 192.168.70.137 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.1/109.9/165.8 ms
From client#2 attempting to ping client#1:
Pinging 192.168.70.70 with 32 bytes of data:
Reply from 192.168.70.137: Destination host unreachable.
Reply from 192.168.70.137: Destination host unreachable.
Reply from 192.168.70.137: Destination host unreachable.
Reply from 192.168.70.137: Destination host unreachable.
Ping statistics for 192.168.70.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Client#2 and client#1 are reporting similar IPv4 configs. Default gateway is 192.168.70.1 (the router), DHCP was successful, netmask matches.
Security mode on the wireless IS set (WPA2), but the checkbox for wireless isolation is not checked.
Firewall IS enabled, and rules are set for specific vlans (two ports have been allocated for two other vlans, and there are rules for talking between the vlans. I cannot set an 'allow any' rule for talking within a vlan (but shouldn't need to).
In this instance: vlan1 has a network on it (wired only) on port 4. Vlan 111 has a network on it (wired only) on port 3. Ports 1, 2, and the wireless SSID configured are all set for vlan70.
router is running current (I think) firmware:
PID VID RV220W-A V01
Current Firmware Version 1.0.4.17
Issuing a reboot (and making no other changes) suddenly has it work... at least for a little while.
I first found this problem with a network printer. Everything was great, but I usually couldn't connect to it. Occasionally a few pings would sneak through, but generally even though it was reachable from the router, no one else could reach it (wired or wireless) from vlan 70. A reboot made it reachable, though it failed not long after. I fixed it in that case by moving the printer to a wired connection, but that is a crap solution.
Is wireless isolation something that just suddenly starts happening (isolating any given wirelessly connected host from others on its segment) over time? If so, that's a heck of a bug.
After reboot from client#2:
Pinging 192.168.70.70 with 32 bytes of data:
Reply from 192.168.70.70: bytes=32 time=34ms TTL=64
Reply from 192.168.70.70: bytes=32 time=2ms TTL=64
...
Reply from 192.168.70.70: bytes=32 time=101ms TTL=64
Ping statistics for 192.168.70.70:
Packets: Sent = 54, Received = 54, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 236ms, Average = 90ms
08-12-2013 02:30 PM
Hi Paul, thank you for using our forum, my name is Luis I am part of the Small business Support community. I apologize for your inconvenience, in this case I advise you to try to use a low security level or short password to test the connectivity. If the issue continues you could also follow this article bellow.
https://supportforums.cisco.com/docs/DOC-29821
I hope you find this answer useful
Greetings,
Luis Arias.
Cisco Network Support Engineer.
08-12-2013 03:00 PM
I think you may have misread. The devices are authenticating, they can always reach internet hosts. What they can't do is reach other hosts on the same subnet. If it was a WPA2 or passphrase issue, I would not be able to freely reach outside websites, games, servers, etc.
The issue is that after an uncertain interval, wireless hosts will no longer talk (within the same subnet) to other wireless or wired hosts. They retain outside access, etc. Rebooting the router, with no other configuration changes, restores their ability to talk host to host in the same subnet(for instance, to access a NAS connected by rj45. Or a printer).
Nothing in your linked resource even comes close to addressing this, and seems entirely focused on resolving interference, poor signal, or compatibility across standards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide