Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Reply
Emerging Member
Posts: 93
Registered: ‎06-02-2016
Kudos: 11

UAP-IW-HD isolation betwen wired and wireless clients

I have a UAP-AC-IW which is set to provide a WPA2 Enterprise WLAN with different VLANs. Also, one port is provisioned on a specific VLAN. The trouble is that the wireless devices cannot talk to the wired device. But, a wireless device on a different VLAN can talk to the wired device.

 

So:

Laptop - wired on IW-HD port set to VLAN 49, gets IP through DHCP, can talk to the gateway and the internet, cannot talk to wireless clients on WPA enterprise in the same VLAN

wireless clients - on WPA enterprise VLAN 49, get IP addresses, can talk to each other (each can ping all others), but cannot talk to the wired Laptop

wireless client 2 - on WPA enterprise default LAN network, can talk to all of the above, including the wired Laptop (USG 3 port is doing the inter-network routing here)

 

Now when I put the Laptop on the same WLAN as the other devices, there are firmware issues:

On firmware 4.0.43 (beta), the laptop can communicate with the other wireless devices, as intended.

On firmware 4.0.42 (stable), the wireless devices cannot communicate with each other, even on the same RADUIS-assigned VLAN.

 

Firewall is off, so that's not the problem. LAN to WLAN broadcast is not blocked (too many issues with it blocked).

 

I thought it was an ARP resolution issue, but much to my surprise, ARP resolution works fine (a WiFi MacBook can resolve the hardware address of the wired laptop, but cannot ping it). So there is something going on with the traffic forwarding between the WLAN and the VLANed port on the IW-HD.

 

Devices are MacBook, Ubuntu Dell laptop, Samsung and BlackBerry phone and iPad.

+ UAP-AC-LR + UAP-AC-Pro + UAP-AC-IW-PRO + UAP-IW-HD + 2x UAP-AC-M + UAP-nanoHD + on 4.0.42
+ USW-8-60W + USW-16-150W + USG 3P + on 4.0.42 / 4.4.36
+ LXC controller 5.10.24
Senior Member
Posts: 25,956
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1288

Re: UAP-IW-HD isolation betwen wired and wireless clients

Hello @seidler,

 

Auto-Optimize Network on by any chance?

Settings > Site > Auto-Optimize Network

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Emerging Member
Posts: 93
Registered: ‎06-02-2016
Kudos: 11

Re: UAP-IW-HD isolation betwen wired and wireless clients

No, certainly not :-)

 

Some devices connect to 5GHz and some to 2.4, but all wireless devices can communicate fine no matter what frequency.

 

Stefan

+ UAP-AC-LR + UAP-AC-Pro + UAP-AC-IW-PRO + UAP-IW-HD + 2x UAP-AC-M + UAP-nanoHD + on 4.0.42
+ USW-8-60W + USW-16-150W + USG 3P + on 4.0.42 / 4.4.36
+ LXC controller 5.10.24
New Member
Posts: 13
Registered: ‎12-02-2017
Kudos: 1

Re: UAP-IW-HD isolation betwen wired and wireless clients

Is it possible you have the "guest policies" applied to this VLAN in wireless networks? Firmware changes may be going on there too as .42 breaks some guest portals - so maybe blocking is happening.
Emerging Member
Posts: 93
Registered: ‎06-02-2016
Kudos: 11

Re: UAP-IW-HD isolation betwen wired and wireless clients


@ChessMck wrote:
Is it possible you have the "guest policies" applied to this VLAN in wireless networks? Firmware changes may be going on there too as .42 breaks some guest portals - so maybe blocking is happening.

No, not on this network. Otherwise the wireless devices would not be able to talk to each other, would they?

+ UAP-AC-LR + UAP-AC-Pro + UAP-AC-IW-PRO + UAP-IW-HD + 2x UAP-AC-M + UAP-nanoHD + on 4.0.42
+ USW-8-60W + USW-16-150W + USG 3P + on 4.0.42 / 4.4.36
+ LXC controller 5.10.24
Highlighted
New Member
Posts: 13
Registered: ‎12-02-2017
Kudos: 1

Re: UAP-IW-HD isolation betwen wired and wireless clients


@seidler wrote:

@ChessMck wrote:
Is it possible you have the "guest policies" applied to this VLAN in wireless networks? Firmware changes may be going on there too as .42 breaks some guest portals - so maybe blocking is happening.

No, not on this network. Otherwise the wireless devices would not be able to talk to each other, would they?


@seidy 

 

As you seem to be very good with Unifi - I was grasping at straws.   But to answer your question - I think that would depend on how you have Guest Control setup.  Of course the default is to block the 192 172 and 10 NAT addresses.  Not knowing if you were using guest control with the defaults altered and .42 was breaking.

 

Capture.JPG

 

Reply