05-12-2014 02:14 AM - edited 07-05-2021 12:48 AM
Hardware used:
Cisco WLC 5508
Cisco LWAP AIR-CAP3502I-K-K9
Windows Laptop
This is what the topology looks like.
This is a complicated scenario involving ISE with the wireless services. The client can connect with the SSID, but no meaningful traffic is being sent. The client, being in the same broadcast domain, cannot even ping its default gateway. There is NO ACL blocking this. The IP addresses are properly configured. NOTE: STATIC ADDRESSES ARE BEING DEFINED. THERE IS NO DHCP.
In the WLC GUI, we can even see the client as listed, connected to the LWAP.
As you can see from the topology, the WLC is connected to the AP via the switch. The WLC is configured with the appropriate VLANs and as you can see there is a trunk link that allows the traffic to flow to and from the WLC to the AP.
There is also an ISE box. Let me save a massive amount of time by simply stating that the ISE Box, is properly configured, the WLC, and the AP are also configured according to the numerous guides, and even cross checked across the BYOD book from Aaron W. An ACL which literally allows all traffic is being pushed. Let me assure you that the ACL isn’t an issue here.
The configs are double and triple checked. Authentication and Authorization is NOT an issue, since the ISE box is able to properly profile and authorize the endpoint (DOT1X, MAB, etc) and allow access. But the client, cannot even ping the default gateway which is an SVI on the switch. VLANs aren’t an issue. Security side of things isn’t an issue either.
This is a problem with the wireless side of things.
Here is a wireshark capture when the client is continuously trying to ping the default gateway. This traffic is captured FOR the port connected from the switch to the AP (in other words, the AP's traffic).
05-13-2014 04:05 AM
Like I said, I can't still ping my default gateway which is an SVI on the switch, and I've uploaded a packet capture.
05-13-2014 11:07 PM
Any help here, Leo?
05-14-2014 03:45 PM
Any help here, Leo?
Dude, gimme a break! I gotta sleep!
The default gateway is an SVI, with the IP 192.168.1.10.
May I see the configuration of the VLAN? So the wireless client can't ping this IP address.
Question though, why would you want the wireless client ping the default-gateway for the APs'? Normally, I would ping the default-gateway of the IP address of the wireless client.
What do you get when you run a traceroute?
05-14-2014 10:14 PM
Sorry, didn't mean to be a pain. Thanks for helping me out. :-)
The sh run for the VLAN in question is:
vlan 910
name POD4-WLC-MGMT
POD2-Core-SW#sh vlan id 910
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
910 POD4-WLC-MGMT active Fa1/0/33, Fa1/0/46, Gi1/0/4
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
910 enet 100910 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Let me make it more clear. The mgmt VLAN for the WLC is on this VLAN - 910. The SSID is in VLAN 930. VLAN 910 and 930 have SVIs (default gw) on the switch.
VLAN 910 SVI IP - 192.168.1.10
VLAN 930 SVI IP - 192.168.3.10
Client has received the IP - 192.168.3.40
I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain.
traceroute fails.
05-15-2014 12:41 AM
Sorry, didn't mean to be a pain.
I'm just joking.
VLAN 930 SVI IP - 192.168.3.10 Client has received the IP - 192.168.3.40 I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain. traceroute fails. I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain.
Stupid question, but any other subnet can ping 192.168.3.10? Can the WLC ping 192.168.3.10? Can the WLC ping 192.168.3.40?
05-16-2014 12:23 AM
Yup, other subnets can ping. Like I said, the AP itself has a 192.168.1.X IP, and it can ping 192.168.3.10
WLC canNOT ping 192.168.3.10. WLC can ping 192.168.1.10 (mgmt)
WLC canNOT ping 192.168.3.40
05-18-2014 06:39 AM
Bump.
05-20-2014 12:15 AM
Bump 2.
05-20-2014 12:52 AM
Another stupid question ... Say you put a wired laptop into the same VLAN and subnet as the WLC, can you replicate the behaviour of the WLC from the laptop?
05-26-2014 01:27 AM
Problem solved.
I had assigned different PORTS for all of the interfaces. Changed it to management port and everything worked like a charm. Such a trivial issue.
09-04-2018 09:25 PM
I was having same issue.but problem is still not resolved.how to ping default gateway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide