Solved: Wifi Subnet has NO internet

ReubenVGonzales · ‎04-11-2019

Cisco Wifi (VLAN30, 172.16.30.254)----Cisco Router(10.10.10.254)----Sonicwall (10.10.10.250)

I have a Cisco wireless AP. I can connect to it with any wireless device. I am getting an IP from the Cisco Router which is giving vlan 30 the subnet 172.16.30.0/24. But I am unable to get further than that.

The Cisco AP can ping out to the Cisco router subnet at 10.10.10.254. The router can ping the Sonicwall at 10.10.10.250. But the wireless subnet cannot ping the Sonicwall and the Sonicwall can't ping the AP 172 subnet.

Any suggestions?

Jaderson Pessoa · ‎04-11-2019

@ReubenVGonzales Hello,

Does your router has a default route defined? "Gateway of last resort is not set"

Does your sonicwall has a router back to this network 172.16.30.0/24?

Does your sonicwall has a rule on lan allowing this network 172.16.30.0/24? After check rule, check NAT settins.

Thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

luis_cordova · ‎04-11-2019

Hi @ReubenVGonzales ,

Does the router have the two networks learned in its routing table?

Does the Sonicwall device have a path to the AP network?

Do the final devices connected to the AP have the correct gateway?

In the Sonicwall is the AP network enabled to go out ti internet?

Regards

ReubenVGonzales · ‎04-11-2019

Question #1 - Yes.This is the output of show IP route:

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C 10.1.1.0/24 is directly connected, Vlan100
L 10.1.1.1/32 is directly connected, Vlan100
C 10.1.10.0/30 is directly connected, Vlan90
S 10.1.10.1/32 is directly connected, Vlan90
L 10.1.10.2/32 is directly connected, Vlan90
C 10.10.10.0/24 is directly connected, Vlan1
L 10.10.10.254/32 is directly connected, Vlan1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.30.0/24 is directly connected, Vlan30
L 172.16.30.254/32 is directly connected, Vlan30

Question #2: Do you mean physical? The router that manages the 172.16.30.0/24 AP network is directly connected to port X0 of the Sonicwall. This is the same interface the 10.10.10.0/24 network is connected to as well. There is an "Any to Any" NAT policy set.

Question #3: Yes. The end points show the correct gateway of 172.16.30.254.

Question #4: I do have an address object for that network and I have created a NAT policy to be allowed access to X1 which is my WAN since this is a guest network only.

Jaderson Pessoa · ‎04-11-2019

@ReubenVGonzales Hello,

Does your router has a default route defined? "Gateway of last resort is not set"

Does your sonicwall has a router back to this network 172.16.30.0/24?

Does your sonicwall has a rule on lan allowing this network 172.16.30.0/24? After check rule, check NAT settins.

Thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Jaderson Pessoa · ‎04-11-2019

Thanks for mark as solved.

Good lucky ^^

Jaderson Pessoa
*** Rate All Helpful Responses ***

ReubenVGonzales · ‎04-11-2019

Thank you very much. Setting the "gateway of last resort" on the Cisco router AND updating the route policy on the Sonicwall fixed the issues.

paul driver · ‎04-11-2019

Hello

Is the sonic fw actually aware of the AP subnet, does it have route for that subnet to reply to.
I think if you apply debug from the ap or the routers lan interface to the sonicfw and ping again you will see the reason in the error codes.

access-list 100 permit ip host 172.16.30.254 host 10.10.10.250
access-list 100 permit ip host 10.10.10.250 host 172.16.30.254

debug ip packet detail 100
debug ip arp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul