We have a PC based router that handles a public IP subnet of 206.XXX.XXX.192/27 and we have CPE that gets assigned an IP of say 206.XXX.XXX.194/27 GW 206.XXX.XXX.193. If we have another client with say IP of 206.XXX.XXX.195/27 GW 206.XXX.XXX.193 they can’t ping the 206.XXX.XXX.194/27 client. Why? There is a single default route in the gateway and the CPE DOES allow ICMP. Internet traffic flows to and from the CPE fine it’s just a problem with pinging a public (routable) IP from within the same netmask.

Am I missing something??

THANKS!!!

Couple of things…

1. When 195 tries to ping 194 or 3, check with arp on the CPE whether you have a MAC address for the IP in question
2. You don’t say what’s between the CPE and the Gateway, many wireless APs will silently drop ICMP

If traffic flows fine, there is something blocking ICMP - it’s really as simple as that…

–
C

Thanks! I’ll do some further digging…

OK…I still can’t find the problem. Here’s how the problematic segment is laid out:

• Switch
• Mikrotik PC Based router v2.9.17 connected to switch
• Mikrotik RB 532 PTP connected to PC Based router
• 5.8 Ghz AP connected to switch
• CPE connected to 5.8Ghz AP

The PC Based router is configured as the gateway in the CPE router. The PC Based router does NOT have any firewall rules of ANY kind configured. As per my previous post, clients connected to the AP all on the same /27 subnet cannot ping each other. They pass web traffic without any problems whatsoever…

Any ideas out there?

Define AP?

Is this a Radio in a MT (the routeboard), or is this a actual AP??

If the later, check for something called isolation mode - that stops clients from talking to each other on the AP (This is very AP dependant though, you’ll have to play with the options).

If the prior, try enabling default forwarding on the MT Interface…

You also say, they can’t ping “each other”. So, am I safe to presume in your description the web traffic that is passes, are definately from “each other” ?

How is the network configured? If this is all running on the same network, then I presume everything is bridged? If the AP is in bridge mode, I don’t believe it will forward traffic from one client to another on the AP (I believe), but again, “they pass web traffic without any problems”

Actually the AP is a Trango and there is NOT any config functionality that allows that AP to drop ICMP.

The RB 532 PTP is used to backhaul bandwidth from another tower and connects directly to the PC Based router (206.XXX.XXX.193). The PC Based router "routes" it's /27 subnet to another PC Based Mikrotik at the other end.

Here's the IP address config for the problematic /27 segment:

ADDRESS NETWORK BROADCAST INTERFACE

0 10.10.6.1/23 10.10.6.0 10.10.7.255 Private
1 206.XXX.XXX.193/27 206.XXX.XXX.192 206.XXX.XXX.223 Private
2 206.XXX.XXX.225/30 206.XXX.XXX.224 206.XXX.XXX.227 Public

and here's the route...
13 A S 0.0.0.0/0 r 206.XXX.XXX.226 Public

Pretty straight forward configuration...BUT client 206.XXX.XXX.194 can't ping 206.XXX.XXX.195 even though they are connected to the same network (i.e. AP connected to switch). Everything else works fine WWW, SMTP, etc. One interesting point is the fact that if a client router is configured with say IP 10.10.6.2 and GW of 10.10.6.1 (which is NAT'd way down the line by a Cisco 3640), then that client CAN ping a 206.XXX.XXX.XXX IP.

Here in lies my frustration....RRRR!

Check the trangobroadband.com forums. I bet it’s the su2su feature is not enabled in the trango system.