Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 4
Registered: ‎05-12-2016
Kudos: 1

Inter-subnet Communication

Hi all. I just installed a UAP-AC-LR and have an inter-subnet communication question. My network setup is as shown in the attached diagram. Details:

 

* The UAP-AC-LR is fed by a trunk line from the VLAN-aware Layer 2 switch. The guest subnet is tagged with VLAN 20, the Private subnet is untagged. The two subnets are linked to different SSIDs in the UniFi.

 

* Guest Policies are NOT enabled on the UniFi’s Private or Guest SSIDs.

 

* The Netgear WAP only carries the Guest subnet. It has a different SSID that the Guest subnet on the UniFi.

 

* The Chromecast is connect to the Private subnet through the UniFi’s Private SSID and it has a static IP address.

 

* PFSense firewall is configured to allow traffic from the Guest subnet to the Chromecast IP address.

 

* The PFSense device is running the Avahi package which “facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite”.

 

So, after all that, here’s the problem I’m seeing. If I connect a WiFi device to the Guest subnet using the Netgear WAP SSID, then apps on the device have the required access to the Chromecast (which is on the Private subnet). Life is good.

 

But, if I connect the same WiFi device to the Guest subnet using the UniFi WAP Guest SSID, then the apps can’t find the Chromecast. But, with this connection I can still ping the Chromecast from the WiFi device.

 

So, is something in the UniFi blocking some (but not all) access from its Guest SSID to the Chromecast on the Private subnet?

 

Thanks in advance for any help.

 

Greg

 

Drawing2.jpg
Regular Member
Posts: 386
Registered: ‎02-16-2016
Kudos: 155
Solutions: 9

Re: Inter-subnet Communication

[ Edited ]

I think there's an option to block broadcast/multicast packets in the UnFi controller, but that wouldn't explain this behaviour 

 

Alternatively, there might be an option to block inter-client communication on the UniFi APs; that would probably block L2 discovery of this sort too. (many platforms call it "client isolation"). AFAIK, this is in the guest policies, which you say is disabled.

 

Other than that, its possibly a bug, as a VLAN misconfiguration just would flat out not work? 

 

There are some threads about "leaking" broadcast/multicast between 2.4 and 5 GHz UAP-AC units, so perhaps this is a related "syndrome"?

 

Are the devices and the chromecast on the 2.4 or the 5Ghz radio when connecting to the UBNT AP? Have you tried naming the 5GHz SSID differently to the 2.4 to make sure both the chromecast and devices are on the same radio (try permutations like both on 2.4, both on 5 [assuming chromecast does 5]; then one on 2.4 and the other on 5 and vice versa). 

New Member
Posts: 4
Registered: ‎05-12-2016
Kudos: 1

Re: Inter-subnet Communication

Thanks for the reply. I’ll keep poking through the UniFi controller for inter-client blocking options. Except for this issue, the VLAN configuration works flawlessly. That’s why I got the UniFi, to support multiple subnets / VLANs with a single WAP. So far, I’m happy with that aspect.

 

All four of the UniFi’s SSIDs are different (i.e. Private, Priviate_5.0, Guest, Guest_5.0). I’ll try all four Client / Chromecast combinations on the 2.4 / 5.0 radios and see if any work (right now Chromecast is on Private_5.0). Good idea.

 

As an aside, the combination of WiFi Device on Private_2.4 and Chromecast on Private_5.0 does work as expected. Same subnet, so that makes sense.

 

BTW, the Netgear WAP (with yet a different SSID) is normally not in the network. I just added it to confirm that this was not a problem with the Layer 2 switch or PFSense firewall. Since things work with the WiFi devices connected to the Netgear, it pretty much rules out everything but the UniFi as the culprit.

 

Thanks again.

 

Greg

 

 

Regular Member
Posts: 386
Registered: ‎02-16-2016
Kudos: 155
Solutions: 9

Re: Inter-subnet Communication

[ Edited ]

gfvalvo wrote:

Since things work with the WiFi devices connected to the Netgear, it pretty much rules out everything but the UniFi as the culprit.

 


Agreed! Let us know how your "permutation" testing goes on the different frequencies. You may want to bring this to the attention of some of the UBNT staff as well. This sort of L2 device (and the equivalent Apple features) are popular in educational networks, so getting this sort of thing working is important. Obviously, the key is something like Avahi inter-subnet - but on the same subnet and the same AP is a problem with the AP. 

New Member
Posts: 4
Registered: ‎05-12-2016
Kudos: 1

Re: Inter-subnet Communication

[RANT]

A feature that would make things vastly simpler is if these mobile apps had an option to just ENTER the IP address of the target device (whatever the subnet). All my target devices of this type have a static IP. So, why can’t I just TELL the app what it is rather than have it DISCOVER what I already know? I have the same inter-subnet problem with Sonos. If I could just tell it the IP (and I have the firewall properly configured) there wouldn’t be a problem.

[/RANT]

 

SuperUser
Posts: 6,564
Registered: ‎01-10-2012
Kudos: 3323
Solutions: 322

Re: Inter-subnet Communication

@gfvalvo agreed.  Or even better, have a fallback l2 discovery method like Mikrotik uses.  I may hate them as a company, but their l2 discovery stuff is freaking bulletproof (and brilliant since often your layer 3 is broken by the thing you are trying to communicat with!).

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Regular Member
Posts: 386
Registered: ‎02-16-2016
Kudos: 155
Solutions: 9

Re: Inter-subnet Communication

[ Edited ]

Mikrotik's MAC telnet/winbox is the best thing ever. I've never had a problem with a mikrotik device (aside from some blown caps in RB750G, easily solved with a soldering iron). I've pulled far more hair out over UBNT!

 

I *hate* things that assume L2 connectivity with no L3 options (I'm looking at you, most things Apple does, Chromecast, Miracast etc). They don't scale to enterprise usage. Layer 2 is fine for clueless noobs with one single router/ap combo device, but as soon as you get subnets in the mix... :/ 

 

 

New Member
Posts: 4
Registered: ‎05-12-2016
Kudos: 1

Re: Inter-subnet Communication

Sorry guys, but I'm throwing in the towel on this one. There's too much flakiness going on and at this point I'm dividing the blame equally between UniFi and the Chromcast (or its interface APIs).

 

I tried constructing the permutation matrix, but the results kept changing over time. There seems to be some kind of memory or hysteresis involved. At first the Google Cast app can't find the Chromecast in a certain WiFi configuration. Then I switch to a different SSID on my WiFi device and show the app were the Chromcast is. Then, I switch back to the previously-failed configuration and it works Man Sad

 

It's just not worth my time anymore. Like @Discusfish, I'm pulling out too much hair over this. I don't know about him (her?), but I have none to spare Man Happy

 

So, for the occasions when I want my guest to have access to my Chromecast (eg Karaoke / LipSync party), I'll just connect it to Guest WiFi and save my hair.

 

Thanks for your suggestions.

 

Greg

 

Regular Member
Posts: 386
Registered: ‎02-16-2016
Kudos: 155
Solutions: 9

Re: Inter-subnet Communication

[ Edited ]

It seems many of the bugs these days are of this sort - intractable and unpredictable, which makes reproducing them (and fixing them...) a challenge. 

 

I have less hair than I once did, but my father regularly expresses jealousy, so perhaps I have a few strands to spare. 

 

@gfvalvo if you haven't already, shoot the official support line a message, perhaps directing them at this thread. Maybe one day they'll fix it Man Happy 

Reply