[ previous ] [ next ] [ threads ]
 From:  Jim Spaloss <jspaloss at gmail dot com>
 To:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Androids won't pass traffic
 Date:  Tue, 12 Feb 2013 00:30:13 -0500
Hello all,

I'm not sure if my problem is related to my M0n0wall or not, but there are
always brilliant people on this list, so I'm giving it a shot.

My problem is a wireless network in a Nursing home. There are 12 Engenius
EAP300 wireless access points, connected to a Cisco 300 series PoE managed
switch. The M0n0wall is version 1.34 running on a Soekris Net4801. The
facilities regular wired LAN is connected to the LAN interface on the
Soekris box.

The Cisco switch is connected to the Soekris box on the third interface,
which serves as a trunk carrying three VLANs.
The APs run 3 SSIDs:
Residents: No Encryption, restrictive ruleset, VLAN 103
Clinical: WPA2 Encryption, similar ruleset to LAN, VLAN 104
Cart: WPA2 Encryption, bypasses M0n0wall carrying public IP traffic
directly to a particular device. VLAN 105 (Access port on the Cisco plugs
directly into cable modem)
There is also VLAN 102 which is used as a management interface for the APs,
but doesn't have a matching SSID.

I can provide configs, or diagrams if my description doesn't make sense.

Anyway, on to my problem:
I got a complaint last week that the residents (VLAN 103, No Encryption
can't get online).
I sent a technician out, and he was able to connect without issue with his
laptop. The complaining resident was attempting to connect with an Android
tablet, and seemed to associate to the nearest AP, but could not pass
traffic. He could not make sense of it, and since he could connect, he
figured it as the tablet (not a device we are charged with supporting) and
I got another call, with accounts of more residents having connectivity
issues so I went out myself. I walked the facility with my laptop connected
to the residents' SSID and had no issues. When I took a look at one of the
devices in question (an Android tablet) I could see that the tablet was
associating to the AP, and getting an IP address from the M0nwall. However,
any attempt to browse the web, check email, get on youtube times out. I
pulled out my Android phone, which was connected to the Clinical SSID (VLAN
104, WPA Encryption) and could get online when connected to the Clinical
SSID, and connected it to the residents' SSID. The phone associated, got an
IP address, ad that was it. nothing else. I opened up a terminal on the
phone and tried to ping the local gateway (M0n0wall) and got "Destination
Host Unreachable" from the phone's IP address.

Also, nothing shows up in the M0n0wall logs. I even added logging to the
allow rules on the Residents' interface. If it's an Android device the
traffic doesn't seem to reach the M0n0wall.

I proceeded to update firmware on M0n0wall (1.33 to 1.34) the Cisco switch,
and the APs. I still have no luck. No connection from Android devices, but
my laptop connects just fine, which is the really confusing part.

I can provide more information if needed, but if anybody has an idea of
what I should even be looking at, I'd love to hear your opinion. I just
wasted the better part of today chasing this issue, and I got nowhere.

Thanks in advance,