cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5499
Views
0
Helpful
25
Replies

Wireless endpoint cannot communicate with default gateway

stealthmode
Cisco Employee
Cisco Employee

Hardware used: 

Cisco WLC 5508
Cisco LWAP AIR-CAP3502I-K-K9

Windows Laptop

 

This is what the topology looks like.

 

 

 

This is a complicated scenario involving ISE with the wireless services. The client can connect with the SSID, but no meaningful traffic is being sent. The client, being in the same broadcast domain, cannot even ping its default gateway. There is NO ACL blocking this. The IP addresses are properly configured. NOTE: STATIC ADDRESSES ARE BEING DEFINED. THERE IS NO DHCP.

 

In the WLC GUI, we can even see the client as listed, connected to the LWAP.

 

 

As you can see from the topology, the WLC is connected to the AP via the switch. The WLC is configured with the appropriate VLANs and as you can see there is a trunk link that allows the traffic to flow to and from the WLC to the AP.

 

There is also an ISE box. Let me save a massive amount of time by simply stating that the ISE Box, is properly configured, the WLC, and the AP are also configured according to the numerous guides, and even cross checked across the BYOD book from Aaron W. An ACL which literally allows all traffic is being pushed. Let me assure you that the ACL isn’t an issue here.

The configs are double and triple checked. Authentication and Authorization is NOT an issue, since the ISE box is able to properly profile and authorize the endpoint (DOT1X, MAB, etc) and allow access. But the client, cannot even ping the default gateway which is an SVI on the switch. VLANs aren’t an issue. Security side of things isn’t an issue either.

 

This is a problem with the wireless side of things.

Here is a wireshark capture when the client is continuously trying to ping the default gateway. This traffic is captured FOR the port connected from the switch to the AP (in other words, the AP's traffic).

http://1drv.ms/1mQNCw5

 

 

 

 

25 Replies 25

Like I said, I can't still ping my default gateway which is an SVI on the switch, and I've uploaded a packet capture. 

Any help here, Leo?

 

Any help here, Leo?

Dude, gimme a break!  I gotta sleep!  

The default gateway is an SVI, with the IP 192.168.1.10. 

May I see the configuration of the VLAN?   So the wireless client can't ping this IP address.

 

Question though, why would you want the wireless client ping the default-gateway for the APs'?  Normally, I would ping the default-gateway of the IP address of the wireless client.  

 

What do you get when you run a traceroute?

Sorry, didn't mean to be a pain. Thanks for helping me out. :-)

 

The sh run for the VLAN in question is:

vlan 910
 name POD4-WLC-MGMT

 

POD2-Core-SW#sh vlan id 910     

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
910  POD4-WLC-MGMT                    active    Fa1/0/33, Fa1/0/46, Gi1/0/4

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
910  enet  100910     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

 

Let me make it more clear. The mgmt VLAN for the WLC is on this VLAN - 910. The SSID is in VLAN 930. VLAN 910 and 930 have SVIs (default gw) on the switch.

 

VLAN 910 SVI IP - 192.168.1.10

VLAN 930 SVI IP - 192.168.3.10

 

Client has received the IP  - 192.168.3.40

 

I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain.

 

traceroute fails. 

 

Sorry, didn't mean to be a pain.

I'm just joking.  laugh

VLAN 930 SVI IP - 192.168.3.10
Client has received the IP  - 192.168.3.40
I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain.
traceroute fails. 

I'm trying to ping 192.168.3.10. Which is the default gw of it's broadcast domain.

Stupid question, but any other subnet can ping  192.168.3.10?    Can the WLC ping 192.168.3.10?  Can the WLC ping 192.168.3.40?

Yup, other subnets can ping. Like I said, the AP itself has a 192.168.1.X IP, and it can ping 192.168.3.10

 

WLC canNOT ping 192.168.3.10. WLC can ping 192.168.1.10 (mgmt)

 

WLC canNOT ping 192.168.3.40

Bump.

Bump 2.

Another stupid question ... Say you put a wired laptop into the same VLAN and subnet as the WLC, can you replicate the behaviour of the WLC from the laptop?

stealthmode
Cisco Employee
Cisco Employee

Problem solved. 

 

I had assigned different PORTS for all of the interfaces. Changed it to management port and everything worked like a charm. Such a trivial issue. 

I was having same issue.but problem is still not resolved.how to ping default gateway.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: