[Solved] Wireless LAN devices cannot ping each other

SiY11 · March 30, 2011, 11:29pm

Setup
Internet modem > Mikrotik > Switch > WiFi AP > Computers

The WiFi AP (Cisco Aironet 1242ag) does not have any Firewall, DHCP or NAT’ing what so ever set up.

Problem
PC 1 (172.20.1.2) cannot ping PC 2 (172.20.1.4) and visa versa but both connect to internet and can communicate with the mikrotik, bother PC’s are WIN7 with windows firewall disabled.
What am I doing wrong?

Router info below.
ipfirewallexport.rsc (41.3 KB)

[admin@CarterOne@Home] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether1 
     actual-interface=ether1 

 1   address=172.20.1.1/16 network=172.20.0.0 broadcast=172.20.255.255 interface=ether4-LAN 
     actual-interface=ether4-LAN 

 2   address=10.0.0.1/8 network=10.0.0.0 broadcast=10.255.255.255 interface=ether3-VOiP 
     actual-interface=ether3-VOiP 

 3 D address=WAN Address.19/24 network=WAN Address.0 broadcast=WAN Address.255 interface=ether2-WAN 
     actual-interface=ether2-WAN

===

[admin@CarterOne@Home] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=WAN Address.1 gateway-status=WAN Address.1 reachable ether2-WAN 
        distance=0 scope=30 target-scope=10 

 1 ADC  dst-address=10.0.0.0/8 pref-src=10.0.0.1 gateway=ether3-VOiP gateway-status=ether3-VOiP reachable 
        distance=0 scope=10 

 2 ADC  dst-address=WAN address.0/24 pref-src=WAN Address.19 gateway=ether2-WAN 
        gateway-status=ether2-WAN reachable distance=0 scope=10 

 3 ADC  dst-address=172.20.0.0/16 pref-src=172.20.1.1 gateway=ether4-LAN 
        gateway-status=ether4-LAN reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether1 gateway-status=ether1 reachable 
        distance=0 scope=10

===

[admin@CarterOne@Home] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                                                  TYPE             MTU   L2MTU
 0  R  ether1                                                                ether            1500 
 1  R  ether2-WAN                                                            ether            1500 
 2  R  ether3-VOiP                                                           ether            1500 
 3  R  ether4-LAN                                                            ether            1500 
 4  R  bridge                                                                bridge           1500  65535
 5  R  hotspot                                                               bridge           1500  65535

===

SurferTim · March 31, 2011, 10:44am

Normally, this would be the setup in the wireless AP (Cisco). Insure you have “default-forwarding=yes” in the wireless setup.

fewi · March 31, 2011, 2:04pm

Your interface list shows a bridge called Hotspot, so here’s a wild guess:

Are the devices that are trying to ping one another behind a Hotspot? If so, do you have an address pool defined on the Hotspot server, or the user profiles the devices log in with? That enables Universal NAT, which causes the router to ARP poison every address it sees as active on the network so it can direct traffic through itself. At that point traffic between the two devices would flow through the router. To turn off Universal NAT and the associated ARP poisoning simple set all address pool references in the Hotspot section to ‘none’.

SiY11 · March 31, 2011, 3:48pm

That is from when I had Hotspot setup for more than one interface. The address pool is set to none already but the hotspot is disabled so nothing there is causing trouble I assume.

SiY11 · March 31, 2011, 4:11pm

The AP is setup as AP with all services disabled all it is doing is offering a wireless point to which wifi devices connect to the switch.

SurferTim · March 31, 2011, 5:12pm

I am not a Cisco person, but from a quick search, the setting would be “AP isolation” in the advanced wireless settings.
http://homecommunity.cisco.com/t5/Wireless-Routers/AP-isolation/td-p/23327

fewi · March 31, 2011, 5:24pm

1240s run IOS - below the link to enable/disable PSPF (which drops frames between wireless clients).
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11rf.html#wp1038494

SiY11 · March 31, 2011, 5:52pm

Thanks SurferTim and fewi I have those setting set correctly in the cisco AP but I did try to use a different AP, I tried a Compex MMC543 AP and everything works find. I feel very retarded for not trying the different AP first but thats me sometime I skip troubleshooting steps before asking lol. There is something wrong with my Cisco Aironet 1242ag as it turns out.

SiY11 · March 31, 2011, 8:28pm

Ok I figured it out.

I went ahead and cleared the AP and reset it to defaults, I then set up the device to the way I like and still had the same problem.

It was the Radio data rates. I usually use best Throughput where it requires all data rates but I just decided to try and set it to best signal where 802.11b are compatible for craps and giggles and what do you know my LAN devices can communicate no problem but none are 802.11b.

Weird, What ever.