Can't ping other machines in my network

19

5

I've got 3 machines on my network, all running Windows 7.

None of them can ping each other, either by name or IP address. (And because of this, they also can't see each other on the network, can't see shares, can't remote desktop, can't see any homegroups, etc.)

  • They are all on the same workgroup.
  • They are all connected to the same wireless, WPA2 secured network.

They all worked together nicely until I added a password to my wireless network. After that, and after reconnecting all the machines to the password-protected network, they can't see each other.

Any ideas what could be wrong?

Judah Himango

Posted 2010-03-28T16:42:40.207

Reputation: 303

What error do you get? Are you pinging by name or IP address? – SLaks – 2010-03-28T16:48:41.753

what are their IP addresses and subnet masks? – David Fox – 2010-03-28T17:04:19.267

Error I get while pinging is "destination host unreachable" – Judah Himango – 2010-03-28T17:30:23.103

My IP address is 192.168.0.100, other machine IP address is 192.168.0.102 (and the other machine is .104) – Judah Himango – 2010-03-28T17:30:46.833

If you ping the IP Address, what happens? – SLaks – 2010-03-28T17:47:57.273

That's what I tried. Pinging the IP address of another machine results in "destination host unreachable". – Judah Himango – 2010-03-28T17:53:10.553

Answers

21

Either your wireless AP or your clients have a bug in how they're handling the WPA2-PSK group (multicast/broadcast) keys. Because of this, ARP broadcasts aren't getting through from one client to another. Without ARP, they can't learn each others' wireless MAC addresses, so they can't address the 802.11-layer headers of the ping frames.

Enter static ARP mappings between two machines and see if they can ping each other -- I'll bet they can.

If you enabled WPA2 "mixed mode", where both WPA[1]-style TKIP and WPA2-style AES-CCMP are both enabled, see if your problem goes away when you switch to pure WPA2 (AES-CCMP only). Hopefully you don't have any TKIP-only clients that this excludes. Mixed mode is a little tricker than pure WPA[1] or pure WPA2, because it requires a TKIP group key but AES-CCMP pairwise (per-client unicast) keys.

Make sure your AP's firmware and your client machines' OS, wireless software, and wireless drivers are full up to date, in case your vendors have fixed their bugs.

Make sure to buy Wi-Fi certified equipment. Look for the Wi-Fi certification logo. This is why the Wi-Fi Alliance exists, to make sure that 802.11-based products follow the specs correctly and interoperate properly.

Spiff

Posted 2010-03-28T16:42:40.207

Reputation: 84 656

sounds sane for me, would explain why icmp worked before the wifi get into the way as well – akira – 2010-03-29T06:28:57.310

I'm not sure how to enable WPA2 mixed mode, but I assume it's some router setting I'll have to find. I'll check. Thanks for the answer, if it leads to a fix, I'll mark yours as the answer. – Judah Himango – 2010-03-30T14:40:39.353

No, I was saying mixed mode is the more complicated mode that could have exposed the bug. I'm saying I think you're already in mixed mode. If you switch to a simpler security mode like pure WPA2 (AES only), the problem may go away. Or, you may have an AP that sucks at group keying no matter what. If that turns out to be the case, be sure to name and shame. – Spiff – 2010-03-30T15:33:35.067

Wow, just switching from "WPA or WPA2 - Personal" to "WPA2-Personal" seemed to fix this for me, all because of your suggestion. That's pretty impressive. Thanks! – Matt DiTrolio – 2015-09-17T13:21:06.470

2Spiff, I switched to TKIP/AES mode (mixed mode I guess) in my router's wireless security setting. That seemed to fix the problem. Thanks! – Judah Himango – 2010-04-19T03:23:25.083

2Well, this may be the first time I've heard of switching from pure WPA2 to WPA2 mixed mode solving this problem, but I'm glad you found something that worked for you. – Spiff – 2010-04-19T05:54:26.497

1Well, it started acting up again. I changed it to AES mode. Whammo, it's working again. Heh. Thanks again. – Judah Himango – 2010-05-09T22:28:52.370

Just seen the same thing on an Edimax AP - switching to mixed mode kicked it into action – Chris Nevill – 2016-05-24T13:49:22.100

I just discovered "AP Isolation ON" In my router though I can't work out how to turn it off – ElectricLlama – 2018-02-08T09:44:00.053

I saw "Wireless AP ON" in my settings and assumed it was "AP Isolation" - but it's not. So it's time to fiddle with other settings – ElectricLlama – 2018-02-08T10:04:12.533

I have a netgear R6220 and I switched from WPA-PSK [TKIP] + WPA2-PSK [AES] to WPA2-PSK [AES] with no difference. Wired works – ElectricLlama – 2018-02-08T10:08:27.640

Thank you soo much! I've been battling with my network for so long and this completely sorted it! – flipchart – 2013-02-19T16:19:20.873

3

i would rather check the firewall of your windows7-machines.

follow this to allow windows7 to react on icmp-packets.

(it is unlikely the router will block icmp-packets from the lan to the lan).

akira

Posted 2010-03-28T16:42:40.207

Reputation: 52 754

3

This pointed me in the right direction. Switching the router from WPA-2 to WPA+WPA2 allowed my windows 7 machines to ping each other and the home network to function again.

It broke when I received a new modem/router from my ISP so I imagine the issue is with the router, rather than the windows machines.

Barn

Posted 2010-03-28T16:42:40.207

Reputation: 151

BTW I have a plus.net Thompson Gateway router TG585 v8 firmware version 8.2.7.7. – Barn – 2011-02-03T23:27:40.643

2

If your wireless clients don't see each other but wired clients can see each other, try unchecking or disabling AP isolation.

MatrixForEnzo

Posted 2010-03-28T16:42:40.207

Reputation: 21

1

Assuming they're on the same subnet (192.168.0.xxx with a mask of 255.255.255.0), then I'd check your router settings. A lot of routers block ICMP (ping).

Andrew Coleson

Posted 2010-03-28T16:42:40.207

Reputation: 1 835

1

"Unreachable" usually means that it can't figure out where to send the ping, rather than saying something didn't respond.

gbarry

Posted 2010-03-28T16:42:40.207

Reputation: 694

Ok. Where do I go from here? – Judah Himango – 2010-03-30T14:50:54.063

1

To be sure, i suggest you reboot all the machines & try again. Look into event viewer on each machine for some clues. Execute tracert on the command prompt to the ip addresses & see what you get.
Also, turn off any firewall so you can better isolate the issue.

SoftwareGeek

Posted 2010-03-28T16:42:40.207

Reputation: 891

I've already rebooted the machines. I'll check tracert and the event log. – Judah Himango – 2010-03-30T14:47:17.813

Asked: 2010-03-28T16:42:40.207

Viewed: 66 450 times

Active: 2016-08-23T20:53:03.867