Wireless Access

 View Only

  • 1.  Connected but no internet

    Posted Apr 14, 2023 10:54 PM

    Hi All,
    Good day to all you guys,

    i am facing a problem,

    when user connected to SSID that provide by Controller 7205, it said connected but no internet,

    user can Ping it gateway, can ping to other subnet, but cannot access to internet,

    also user can ping to NAS ip address but cannot access to NAS to open file share

    - i first try to connect to internet by wired ( it work normally i can ping also access to internal devices)

    - second i manually input IP for my WLAN still can ping but cannot access to internal devices and internet ( the IP i used was the IP that work normally before on wired connection)

    i am using Aruba Controller 7205 (OS 8.0) and AP-505

    please kindly help me solve this problem.

    Thank you so much for your time.

    Wish a best day to you.



  • 2.  RE: Connected but no internet

    Posted Apr 15, 2023 04:57 PM

    Your wlan controller has firewall capabilities and probably block traffic by the client user-role.

    What user-role does you client receive?
    What ACL rules are configures for this user-role?

    Hope this helps



    ------------------------------
    Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message


  • 3.  RE: Connected but no internet

    Posted Apr 16, 2023 09:28 PM

    Hi,
    Thank you for your reply,

    + What user-role does you client receive?
    i'm having 2 SSID
     - SSID 1 primary usage is Employee, access default role is Logon
     - SSID 2 Primary usage is Guest, access default role is Guest-Logon

    + What ACL rules are configures for this user-role?
    -     i have not configures any ACL rules for these user-role above, i'm just using the default setting,


    thank you so much.


    Original Message


  • 4.  RE: Connected but no internet

    Posted Apr 17, 2023 01:51 AM

    Hello
    You said that the controller is providing the internet
    By any chance the one that is directly connected to the internet is the controller? or it's another device like a firewall or something like that.  We need to have this clear
    If the controller is the one that is connected directly to the internet you need to NAT, if you didn't in the interface vlan that you are assigning to the internet. 
    I don't think this is your issue(because I rarely see this), but it would be nice to know how is your network set up.
    IT is Controller --> L3 Switch---> firewall---> internet? 
    Can you ping an ip address of internet for example 4.2.2.1? is that allowed by your firewall if you have one? can you translate the name if you ping www.google.com?

    Carlos


    Original Message


  • 5.  RE: Connected but no internet

    Posted Apr 17, 2023 05:52 AM

    You said that the controller is providing the internet
    - My controller just providing the SSID only

    By any chance the one that is directly connected to the internet is the controller? or it's another device like a firewall or something like that.  We need to have this clear
    - Another device connected to the internet 

    I don't think this is your issue(because I rarely see this), but it would be nice to know how is your network set up.
    IT is Controller --> L3 Switch---> firewall---> internet?
    - My network set-up is COntroller-->L3 Switch---> Firewall---> internet

    Can you ping an ip address of internet for example 4.2.2.1? is that allowed by your firewall if you have one? can you translate the name if you ping www.google.com?
    - When i connect i only can ping internally, i cannot ping to like you said


    hope this reply you can understand

    thank you


    Original Message


  • 6.  RE: Connected but no internet

    Posted Apr 17, 2023 02:58 AM

    It is due to the roles used.

    Logon and Guest-Logon roles restrict user traffic and allow only DHCP, DNS and ICMP.
    Do you want to restrict the user traffik on the controller? Then create your own roles. If not use the authenticated role.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACA - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 7.  RE: Connected but no internet

    Posted Apr 17, 2023 05:58 AM

    HI,

    i have tried set-up new role and test the authenticated role like you said,

    it working now thank you for your kindly support,

    do you have any recommend for Guest access wifi, like which role  should i use or set-up for user only go to internet but cannot access to internal.

    thank you so much for always support 


    Original Message


  • 8.  RE: Connected but no internet
    Best Answer

    Posted Apr 17, 2023 05:31 AM

    You can try to change the initial (default) role to "authenticated", this have a "permit any any" ACL role.

     

    If you want to now what ACL is used by a user-role you can look at the CLI interface with the command

     

    show rights <role>




    Original Message


  • 9.  RE: Connected but no internet

    Posted Apr 17, 2023 06:03 AM

    HI,

    thank you for your kindly reply,

    i have tried authenticated role, and it work thank you .

    but now i want to create Guest access wifi, do you have any recommend set-up role for that guest Wi-fi for user only go to internet and cannot access to internal system.

    thank you. for your support


    Original Message


Related Content