Can't ping default gateway

rodrigohcsilva · ‎01-23-2014

Hi,

I've configured a WLAN. I can seccessfully connect a client machine, it receives a DHCP address from a Windows DHCP Server.

From the client I can't reach the default gateway. I can ping the wireless controller user-VLAN interface from client machine, I can ping controller virtual interface from client machine, I can ping from controller to client machine. I can't ping from switch(default gateway) to client machine, but I can see ARP resolution normally to the client machine MAC address. I've checked from where switch is mapping the MAC address as well and it points to controller interface correctly.

Any idea?

Thanks.

Scott Fella · ‎01-23-2014

If you connected a wired client to the same Vlan that the wireless client is connected to, does everything work fine? Just trying to eliminate the network side of things.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-23-2014

Hi Scott,

I've test now and through wired network everything works fine.

Regards

Scott Fella · ‎01-23-2014

The VIP should not be routable. On your initial post, you mentioned that you can ping your virtual interface? The virtual interface on the WLC along with the service port should not be routable in your network.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-23-2014

I would also post your show WLAN and also your show interface summary.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-23-2014

(Cisco Controller) >show wlan 1

WLAN Identifier.................................. 1
Profile Name..................................... WL-USER
Network Name (SSID).............................. WL-USER
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
    Radius Profiling ............................ Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
    Local Profiling ............................. Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200

--More-- or (q)uit
Number of Active Clients......................... 2
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... XXX
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ **ac_wl_users
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0

--More-- or (q)uit
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1

--More-- or (q)uit
Radius Servers
   Authentication................................ Global Servers
   Accounting.................................... Global Servers
      Interim Update............................. Disabled
      Framed IPv6 Acct AVP ...................... Prefix
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled

--More-- or (q)uit
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   flexconnect PPPoE pass-through................ Disabled

--More-- or (q)uit
   flexconnect local-switching IP-source-guar.... Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

--More-- or (q)uit
Multicast Buffer................................. Disabled

Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority Policy Name
-------- ---------------

(Cisco Controller) >show interface summary

Number of Interfaces.......................... 4

Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
**ac_wl_users                    1    400      10.X.16.253   Dynamic No     No
management                       1    210      10.X.X.3     Static Yes    No
service-port                     N/A N/A      1.1.1.1         Static No     No
virtual                          N/A N/A      2.2.2.2         Static No     No

Scott Fella · ‎01-23-2014

What WLC do you have and can you post your swichport config that the WLC is connected on?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-23-2014

Hi Scott,

I have a Virtual Controller at 7.5 version. Follow the output that you asked for and another test:

Switch#show etherchannel summary | i Po2
2 Po2(SU) - Gi1/0/5(P) Gi2/0/5(P)
Switch#show run int g 1/0/5
Building configuration...

Current configuration : 290 bytes
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,110,120,130,140,180,190,200,210,220,400
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
channel-group 2 mode on
end

Switch#show run int g 2/0/5
Building configuration...

Current configuration : 290 bytes
!
interface GigabitEthernet2/0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,110,120,130,140,180,190,200,210,220,400
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
channel-group 2 mode on
end
!
Client-PC>ipconfig /all
Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-E8-69-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::97e:d307:2565:3284%13(Preferre
   IPv4 Address. . . . . . . . . . . : 10.XX.16.51(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 23, 2014 11:20:22
   Lease Expires . . . . . . . . . . : Friday, January 31, 2014 11:35:51 AM
   Default Gateway . . . . . . . . . : 10.XX.16.254
   DHCP Server . . . . . . . . . . . : 2.2.2.2
   DHCPv6 IAID . . . . . . . . . . . : 235703293
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-33-91-27-F0-1F-AF-64-

   DNS Servers . . . . . . . . . . . : 10.XX.0.1
                                       10.XX.0.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Client-PC>ping 10.XX.16.254

Pinging 10.XX.16.254 with 32 bytes of data:
Request timed out.
Reply from 10.XX.16.51: Destination host unreachable.

Ping statistics for 10.XX.16.254:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Control-C
^C
Client-PC>arp -a

Interface: 10.XX.16.51 --- 0xd
Internet Address      Physical Address      Type
2.2.2.2               00-0c-29-00-0e-f9     dynamic
10.XX.16.255         ff-ff-ff-ff-ff-ff     static
224.0.0.22            01-00-5e-00-00-16     static
224.0.0.252           01-00-5e-00-00-fc     static
239.255.255.250       01-00-5e-7f-ff-fa     static
255.255.255.255       ff-ff-ff-ff-ff-ff     static

Interface: 169.254.3.213 --- 0x1d
Internet Address      Physical Address      Type
169.254.255.255       ff-ff-ff-ff-ff-ff     static
224.0.0.22            01-00-5e-00-00-16     static
224.0.0.251           01-00-5e-00-00-fb     static
224.0.0.252           01-00-5e-00-00-fc     static
239.255.255.250       01-00-5e-7f-ff-fa     static

Client-PC>ping 10.XX.16.253

Pinging 10.XX.16.253 with 32 bytes of data:
Reply from 10.XX.16.253: bytes=32 time=3ms TTL=128
Reply from 10.XX.16.253: bytes=32 time=1ms TTL=128
Reply from 10.XX.16.253: bytes=32 time=1ms TTL=128

Ping statistics for 10.XX.16.253:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms
Control-C
^C
Client-PC>arp -a

Interface: 10.XX.16.51 --- 0xd
Internet Address      Physical Address      Type
2.2.2.2               00-0c-29-00-0e-f9     dynamic
10.XX.16.253         00-0c-29-00-0e-f9     dynamic
10.XX.16.255         ff-ff-ff-ff-ff-ff     static
224.0.0.22            01-00-5e-00-00-16     static
224.0.0.252           01-00-5e-00-00-fc     static
239.255.255.250       01-00-5e-7f-ff-fa     static
255.255.255.255       ff-ff-ff-ff-ff-ff     static

Scott Fella · ‎01-23-2014

Can you ping from the switch to the vWLC interface?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-23-2014

Switch#ping 10.XX.16.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.XX.16.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#show arp | i 10.XX.16.
Internet 10.XX.16.1            43   48d2.245e.7a53 ARPA   Vlan400
Internet 10.XX.16.51           12   0c8b.fde8.69c1 ARPA   Vlan400
Internet 10.XX.16.200          25   f01f.af64.0fde ARPA   Vlan400
Internet 10.XX.16.253          13   000c.2900.0ef9 ARPA   Vlan400
Internet 10.XX.16.254           -   78da.6e75.b550 ARPA   Vlan400

Switch#show run int vlan 400
Building configuration...

Current configuration : 92 bytes
!
interface Vlan400
description **AC_WL_USERS
ip address 10.XX.16.254 255.255.255.0
end

Scott Fella · ‎01-23-2014

I seen this:

Client-PC>ping 10.XX.16.254

Pinging 10.XX.16.254 with 32 bytes of data:
Request timed out.
Reply from 10.XX.16.51: Destination host unreachable.

Ping statistics for 10.XX.16.254:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

So it did ping, but lost 1 out of 2. SO you are also tunneling all the traffic back to the vWLC.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-23-2014

OK Scott, it makes sense for me. But I don`t know why I don`t have ARP resolution for switch IP, this makes no sense.

Scott Fella · ‎01-23-2014

I don't know... make sure there is no duplicate address for one. You mentioned you tested with a wired machine and that worked fine... was the wired machine connected to the same switch and the vWLC and did that machine see an arp entry?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

rodrigohcsilva · ‎01-26-2014

Solved. When I was deploying the vm it was crashing, so I had tried to deploy in another vmware host. I had created the vmnet second host but forgot to accept promiscuous mode on vmnet.

Thanks for your help Scott!

Sent from Cisco Technical Support Android App

Scott Fella · ‎01-26-2014

Glad you got it working!

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***