08-09-2021 09:58 AM
Hi to all,
I have AP 1850 with Mobility express. There is 3 SSID's on that AP, one of them is for guest network. Everything works fine except one issue, I can access ME controller from guest network. I cannot access any other device in other vlans, except controller.
Config is like that
vlan 10 - LAN 10.10.10.0/25 - 2 SSID's
vlan 30 - Guest 172.30.0.0/28 - Guest SSID
Management of ME controller is 10.10.10.10 and device on Guest network get an IP 172.30.0.3 and that device can ping and access ME controller while I cannot ping any other device on network 10.10.10.0/25
What did I do wrong? Can I limit access to this ME for specific IP addresses on controller itself? Because I already limited intervlan connection on firewall, but somehow it's not working for ME, it works for whole network except ME.
Any help would be great
08-10-2021 01:37 PM
All ME AP's use Flex connect local switching. Unless the WLC access is allowed by the upstream firewall I don't see any reason why the ME controller should be accessible from your Guest subnet. I will be reviewing the firewall configuration to make sure that I didn't miss out on anything.
08-10-2021 09:35 PM
Hi,
thank you for the advice. But it's one thing is very weird. On network 10.10.10.0 I have PC with remote desktop enabled. If I'm using guest wifi I cannot connect to that remote desktop, I can't ping that device and nothing else, and also few other device on the network. I was thinking there is maybe a problem with vlan tagging, because I use native vlan and tagged vlan for guest network. But I don't see an option to disable native vlan and just using vlan for network 172.30.0.1
Best regards
08-19-2021 12:04 AM
Hi,
I found the issue, and it's a really weird thing. On last upgrade something went wrong and image is damaged a little. Everything seems to work ok. But first thing it's impossible to upload new image over http or over tftp can't do that at all. And second thing this vlan tagging, it's simply not working. Today I tired same settings and same guest network on diffrenet ME AP 1850 and it's working, I can only access guest network, but not my 10.x.x.x network. So my next question, do you maybe know how to erase image from AP, and upload new one over serial. Is that possible at all?
08-19-2021 08:47 AM
Since you have an upstream firewall please make sure that TFTP ports are allowed there and also can you make sure the firewall on ur PC or tftp server is allowing tftp from ME mgmt IP, or you can disable the firewall temporarily if its allowed and safe. Please follow the below guide.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide