I have a cisco 871w wireless router/switch. I have an ssid set up and clients can connect and access network/internet resources EXCEPT for anything other wireless device on the access point.
From a wireless client (ipad, iphone, or laptop) i can ping the bvi interface.
I can ping the gateway
I can ping anything outside of the 871w.
From outside the access point...i can ping the wireless device.
However...i cannot ping from 1 wireless device to another on the same access point.
I know there are no firewalls or access lists involved. I saw some references to making sure the bridge-group subscriber-loop-control is configured (is by default).
I have the same problem on an 881w device as well...so i figure it must be something i am not doing.
Here is the config:
Current configuration : 5658 bytes
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 51200 warnings
no aaa new-model
dot11 ssid INTERNAL
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.30.200 192.168.30.254
ip dhcp pool INTERNAL
network 192.168.30.0 255.255.255.0
dns-server 10.1.5.11 10.1.5.33
no ip domain lookup
ip domain name yourdomain.com
vtp mode transparent
ip address 10.1.4.102 255.255.255.0
ip nat outside
no ip address
encryption vlan 1 mode wep optional
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root access-point
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
no ip address
ip nat inside
ip tcp adjust-mss 1452
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.4.253
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
bridge 1 protocol ieee
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
i m not very familiar with the wifi command set of the 871W.
Yet this seems like p2p blocking on a wism blade or like ap isolation on a wifi home router.
Both of these settings will prevent clients to communicate directly with each other.
So the question is how to disable this on the 871W, if at all possible.
i will try and check for a solution, i have an 871W here to test with.
i have build a test network (with an 871W) with the same config as yours. i had no issues connecting a client to another client directly. So its not a matter of p2p- blocking or ap isolation. Some routing issue maybe?
Could it be that on the other box, there is no route back?
thanks for following up. You are able to have 2 devices connected to the same ap connecting to eachother? Could you upload the test config that you used?
Their is a route back....the clients are able to get to other subnets and the other subnets can connect to the wireless clients.
i did not save the config and shut the 871 down yesterday when i left.
I dont have much time upcoming weeks, but i will try to rebuild.
Anyway, what we learned its not a p2p blocking issue or ap isolation issue.
That okay...i will tear it down and rebuild it again. It has to be something i have done then.
I really appreciate your looking at it though.
I rebuild your setup exaclty as you posted and again the wifi clients could ping eachother. So there s no need for me to upload the config i guess, as it is the same.
Btw, i run c870-advipservicesk9-mz.124-24.T7.bin (upgraded the boxes 3 weeks ago to this fw).
Maybe do can try an upgrade of the fw?
Btw, also check if the client firewalls are off for a test or at least allow traffic from one to another on the client firewalls.
In our test we turned them off.