1

I've been brought in to help administer a network and I've run into an issue - I'm not sure why this one is beyond me, however I figure an extra set of eyes on the problem may help resolve the issue.

I have an HP MSM720 controller and at the time I'm trying to set up a basic hotspot set up with access points. For the time being I'm just looking to have people authenticate with a PSK and access the internet and other resources (namely printers) on other vlans.

The user authenticates and the DHCP server on the controller gives them a 192.168.1.0/24 address. They are able to successfully browse the internet and ping machines on other networks, however they are unable to print to network printers that sit on the same LANs as the very computers that wireless clients can ping.

The (extremely simplified) topology is as follows enter image description here

Computers on the wireless 192.168.1.1 network are able to ping computers on the 192.168.0.0 network, however cannot ping or print to the printers on the same network.

I'm baffled and I have no idea why this is the case. Can anyone shed some light on this for me? Can someone spot the error of my configuration?

EDIT : It should be noted that for whatever reason other computers on the 10.0.100.0/24 network cannot even ping the gateway of the Wireless Access network (192.168.1.1) - I'm not sure if this is relevant.

These are the VLANS listed on the controller.

enter image description here

DKNUCKLES
  • 4,028
  • 9
  • 45
  • 60

2 Answers2

3

My gut reaction is that the printers don't have default gateways specified, or have the wrong gateway specified (i.e. a gateway that can't route traffic back to the wifi clients). Can you verify that?

Edit:

Your comment vexes me a bit. There are computers in the 192.168.0.0/24 network that clients in the 192.168.1.0/24 network can ping. There are printers in the 192.168.0.0/24 network that clients in the 192.168.1.0/24 network cannot ping. Do the computers in 192.168.0.0/24 that do return pings and the printers in the 192.168.0.0/24 network that do not return pings have the same default gateway specified? If so, does the device acting as the default gateway have any kind of ACL or filtering capabilities that might be getting in the way?

The phrase "...or it didn't like something with the VLAN configuration." doesn't make sense to me. The printers, presumably, are connected to untagged member ports in the appropriate VLAN. I think you're mixing things up across layer boundaries.

Not everything in your diagram has an IP address listed for each interface. It's really unclear where routing is occurring because of that. If you would, please modify your diagram to include:

  • IP address and location of the interface in the 192.168.0.0/24 network used as the default gateway for printers
  • IP address and location of the interface in the 192.168.1.0/24 network used as the default gateway for wireless clients
  • IP address and location of the interface in the 10.0.100.0/24 network used as the default gateway for clients in that network

Just throw some arrows on the diagram w/ callouts pointing to the devices where these IPs are configured.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • We have tested that. I can confirm that the gateway is correct, although the address is 192.168.0.15 for the gateway - I'm wondering if that may be the issue in that the printer wants to look for a .1 address, or it didn't like something with the VLAN configuration. – DKNUCKLES Oct 18 '12 at 13:28
  • I have updated the drawing to reflect your questions and noted what the controller views as the "Internet Network" and the "Access Network". My "didn't like something with the vlan configuration" is in reference to the fact that I'm not sure if the networks are properly tagged. – DKNUCKLES Oct 18 '12 at 18:28
  • What about my questions in the paragraph after the word "Edit:"? – Evan Anderson Oct 18 '12 at 19:24
  • Yes they have the same default gateway specified and there are no ACL's that should prevent the traffic. There is ICMP traffic flow across the network to computers, but not PC's. Any "interior" firewalls were dropped for testing purposes and the printers are still not able to be printed to or ping'd – DKNUCKLES Oct 18 '12 at 19:31
  • I'd sniff the traffic between the printer and its LAN, then, to see if echo requests are ever getting to it from the wireless clients. Depending on what I find there I'd move my sniffer to either find where the echo request is being dropped or, if the printer is receiving the request and responding but the response is never getting back to the client. – Evan Anderson Oct 18 '12 at 19:40
0

Running a traceroute to the printer from a different part of network address will give an idea of where the deadend is. If the printer has network diagnostic tools, try those. Try temp configure a laptop with printers IP configs & ping,tracert to other parts of the network - this will give you a prespective from printer's side of the network.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
rajesh
  • 1