Showing results for 
Search instead for 
Did you mean: 

Clients connected to AP can access the internet but cannot communicate locally.

Hello Folks. 

i have this strange scanario in my office.  I have one switch trunked into my CME which is also acting as a dhcp server for both voice and Data network , one Access-point is connected into switchport gig 0/39 which is configured as accessport and is part of teh vlan 20 which is data network. all my Data Vlan clients that are connected to switch can ping locally within that network and have access to the internet, but on accesspoint they have internet access but cant ping each other,

the clients connected via AP are getting the correct IP configuration from dhcp when i associate the ssid with native vlan 1 and AP is also getting its IP from DHCP which is my CME Router,some of my clients are only connected to AP and they want to communicate with the rest of the network. but they cant discover each other and cant even ping within the same network, 

here is configuration. Switchport connected to AP is configured as accessport and as part of vlan 20, all other clients connected with wire in the switch in vlan20 can ping eachother and can see eachother in that network. but on accesspoint they cant, 

whenever i try to configure the ssid on and associate it with vlan 20 clients cant connect to it and they dont even get IP Address from dhcp. i think they should get ip address since they are connected to AP which is connected into vlan 20, so i have to associate the ssid with native vlan 1 thats the way i am able to get them out of the network or nto internet. but still they cant communicate to each other. when i create ssid and associate it with vlan 20 they dont get IP address, Need help here. am i missing something here. ? 

Thanks And Regards : Abubakar


VIP Mentor


If I understand correctly all users connected to the same AP can access internet but not lan devices. 

Is it an autonomous or wlc controlled AP? Add pretty your description that your AP is standalone and not wlc managed.

If autonomous, could you check the BSSID interface if you have the command:

bridge-group xx port-protected


PS: Please don't forget to rate and mark as  correct answer if this answered your question 

PS: Please don't forget to rate and select as validated answer if this answered your question

DISABLE Public Secure Packet Forwarding on the radio interface in play

Content for Community-Ad