Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1366
Views
0
Helpful
9
Replies

wireless unable to access http internal but able to ping

aliabu
Level 1
Level 1

‎12-29-2019 08:36 PM - edited ‎07-05-2021 11:28 AM

1. wireless vlan 20 unable to access web server http vlan 200 but able to ping

2. if using LAN vlan 20 able to access web server http vlan 200

Labels:
0 Helpful
9 Replies 9

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-29-2019 09:55 PM

Draw the network.
0 Helpful

aliabu
Level 1
Level 1

‎12-30-2019 12:42 AM

wlan > ap > switch > core switch >switch > web server http
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aliabu

‎12-30-2019 01:06 AM

You really need to provide more info about your setup? Wireless hardware and code, switch port config, etc. Have you tried setting a static ip and see if that works? Have you tried testing with another wlan to vlan mapping? Please add more information in order for anyone to help figure out what is wrong.
-Scott
*** Please rate helpful posts ***
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to aliabu

‎12-30-2019 04:18 AM

@aliabu wrote:
wlan > ap > switch > core switch >switch > web server http

I am starting to believe this thread is not a real network, rather, this is a homework.  

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to aliabu

‎12-30-2019 04:19 AM

You have not address my query, does this work from same VLAN 200, or only issue with VLAN 20. (that AP ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎12-30-2019 02:33 AM

Hello,

Please share here configuration here of:

dhcp pool, interface vlan, wireless profile and a simple draw of your topology.

Regards,
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

aliabu
Level 1
Level 1
In response to Jaderson Pessoa

‎12-30-2019 06:12 AM


class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!

ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080

 

i check have this command on core switch and i search online this is default config.

this default acl not bind to interface , got posibility this command block http?
!

if telnet port 80 no reply.

same vlan200 able to access web server

wired vlan 20 able to access web server

wireless vlan20 unable access web server

 

wireless using cisco ap and wlc

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to aliabu

‎12-30-2019 06:52 AM

Quick Look on your WLC Port 80 was not permitted. (if the web server running https ? try from Wireless user

https://webserverip/

 

add/Ammend  below line to your ACL and test.

ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 80

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-30-2019 03:24 AM

Adding to other posts.

 

1. did the http able to access from VLAN 200 devices ? 0 if not fix the Web Server. if yes go to below steps.

2. Do you have any FW between VLAN 20 to VLAN 200.

3. the Device you able to ping from that Device, try telnet x.x.x.x 80 ( so you know the port accesable or not)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card