Two wireless networks cant connect to devices

[Haggis Veteran]

Hi Guys

 

all my internal devices are on 192.168.0.*

 

I have the isp router that is upstairs with wifi and dhcp

 

an ethernet cable is plugged into it when run all the way downstairs to a gigabit switch

 

 

Into the switch is plugged my access point with wireless and NO dhcp and also my server is plugged into this switch

 

The Router updatirs the wireless is called Haggis1 and downstairs is called Haggis2

 

 

 

If i am connected to WIFI Haggis1 i cant connect to my server 

 

 

 

any ideas?

 

[+BudMan MVC]

Can you ping haggis2 IP? If you plug in with a wire to haggis1 then you can ping server?

Do you have other devices on the switch you can get to, or not get too? Sure its not just a setting on your router preventing wifi clients access to wired? Guest isolation sort of thing?

When you try and ping the server, and then look in your arp table, do you see its mac, or error or all zeros or unknown? What do you see in the arp table? Did this use to work?

[remixedcat]

 

 

 

 

 

 

 

 

What AP is it does it have something like guest isolation like BudMan above says?

 

Also is it in the same or different VLAN segments.

 

Also if it's a managed switch you gotta make sure the switch can carry the VLANs over from the router if the router is the one managing those.

 

I have a Meraki Z1 router acting as the manager for the VLANs due to it haveing really nice policy controls.

 

Here's my VLAN setup on my Z1:

 

 

 

I have no issues with any devices connecting to the upstairs AP that's connected to the Z1 to the devices that are connected to the Downstairs AP that's connected to the D-Link managed PoE switch

 

 

Here's the proper way to do in on the switch:

 

 

 

Also make sure the router and the switch have trunk ports.

 

 

 

On the AP end you may need to either tag or untag the DEFAULT VLAN. One some brands you have to tag it like Xirrus and on some you leave the normal SSID untagged like the Arubas I got

 

 

I then have the main VLAN (10) assigned to my main SSID and the guest VLAN (3) goes to the guest SSID.

 

[xendrome]

remixedcat you are likely over complicating this situation, I highly doubt he is using VLANs

 

Haggis, is AP Isolation turned on for the Wifi advanced settings, if so turn it off.

 

Also give us make/models of the routers/AP's

[+BudMan MVC]

Yeah if its a managed switch he could have all kinds of issues with vlans, etc. But I take it just a dumb switch.. Haggis if your switch is any sort of smart switch at all, then sure you could have issues with vlan setup - have you done any sort of thing on the switch.. What is the make and model of the switch?

[Haggis Veteran]

Switch is just a basic switch nothing smart about it at all :)

the routers are very basic (but locked down) ISP routers

there is no VLAN, Isolation Mode etc

CAnt ping Haggis2 if i am connected to haggis1

I had a fiddle about with it last night and then rebooted the routers, i can ping evertything now

will give it a few days and keep testing

I am going to get an actual access point though as the wireless is crap

Any recommendations? (In the UK)

[+Fahim S. MVC]

Is the ISP router a BT HomeHub?

[remixedcat]

Recommendations: Depends on the budget.

 

Low-->Ubiquity (BudMan likes em and they look pretty cool for a cheap but feature-full AP), Cisco Small biz

Medium-->Aruba AP105/109, some Cisco models

High-->Xirrus or Cisco.

 

My blog has a few reviews on some small biz and a lot of enterprise APs with speed tests, screenshots, and other tests.

[sc302 Veteran]

Sometimes the wireless on the firewall is separated from the lan and you would have to create a firewall rule to enable wireless to lan communications. Thank Sonicwall for this.

Sometimes there is some other seeing to allow the wireless to communicate on the network.

What is the isp router make and model?

[Haggis Veteran]

the ISP is SKY

and both routers are

Sky Hub SR101

[remixedcat]

Are those rebranded Netgeats?

[sc302 Veteran]

I have a suspicion then the devices on the second router are double natted.

[xendrome]

Wait, there are two routers?

 

I thought there was 1 router and 1 AP?

 

As said above, that's going to be your problem. One of the routers needs to route/nat/DHCP/DNS and the other needs to be just a an AP if possible. 

[+BudMan MVC]

If looking for AP, as mentioned budget is key here.. You seem to need more than one.. If really low budget would go for the $70 unifi model, looks like 60 quid from uk amazon.

http://www.amazon.co.uk/UBIQUITI-Networks-UAP-UniFi/dp/B005VSY0VQ/ref=sr_1_1?s=computers&ie=UTF8&qid=1417390283&sr=1-1&keywords=UBIQUITI+Networks

There is a 3 pack for 155 quid - might be something for you if want to cover your place in wifi ;)

If budget is higher you could go with pro, or the ac models. Do you have AC clients currently?

[+Fahim S. MVC]

the ISP is SKY

and both routers are

Sky Hub SR101

They give out horrible little thing. I think I have about 5 from when I was their customer. The BT HomeHub is equally as bad.

Are you sure that:

1/ you are not using the WAN connection of the 2nd device.

2/ you have got the 2nd device getting its IP address from the first device.

3/ DHCP is switched off on the 2nd device.

First device here means the one that is connected to the modem (if fibre, or is the modem if not) and 2nd device is the one you are trying to use as an AP.

[Haggis Veteran]

Both have static a dresses outside of the dhcp

I am not sure if I can turn the Nat off. The second router is connected to the switch with the other devices also on the switch

So would that still break it?

[sc302 Veteran]

from a lan port on router 1 you will need to connect to a lan port on router 2.  another lan port on router 2 will go to a switch.  do not connect the wan/internet port on router 2, put a piece of tape on it so you do not use it (it is off limits in your configuration if you want your computers to talk to eachother).  This will bypass the nat on router2 causing everything to be on the same lan. 

 

If you have plugged into the internet port on router 2, that would break everything that is connected on router 1 trying to talk to anything that is behind router 2.  router2 would be treating anything that is on router1 as hostile and would not allow communications through.

[conna]

What program did you use to make your network map?

 

[sc302 Veteran]

Looks like visio to me but you can use gliffy

http://www.gliffy.com/

[Haggis Veteran]

The router i am using downstairs is an old ADSL one so no ethernet WAN ports on it

 

The Unifi AP looks nice and the wife might even be happy with it on the ceiling

[sc302 Veteran]

I can teamviewer in a about 2hrs if you would like me to look at your setup and make sure there isn't a config issue.

[Haggis Veteran]

I am at work dude sorry

 

will be home in about 5 hours if that helps

[+BudMan MVC]

You don't have access into your network from work? ;) Next project - openvpn access to your network, so you can work on the important stuff while your at work ;)

[sc302 Veteran]

I am at work dude sorry

 

will be home in about 5 hours if that helps

That is no problem.  I am on vacation catching up on video game time and learning some cisco stuff (or at least trying to, trying to wrap my head around why can I not rdp in but I can connect to a network share..the packet gets dropped at the client but there are no firewalls at the client level...time for some wireshark at the client). 

[+BudMan MVC]

RDP not enabled ;) Do you get back syn,ack from you syn to 3389?

As to video games - new game about ready, elite dangerous - had to pick up a joystick for it.. Brings back all the old elite hours spent. Gamma is out for us kickstarter backers.. http://www.elitedangerous.com/