[ previous ] [ next ] [ threads ]
 
 From:  "Payne Jr, Ash C" <Ash dot Payne at chartercom dot com>
 To:  Jim Spaloss <jspaloss at gmail dot com>, m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Androids won't pass traffic
 Date:  Wed, 6 Mar 2013 12:42:50 -0600
Is your gateway address on a different subnet than your dhcp pool?  If so, see this link:
http://code.google.com/p/android/issues/detail?id=10315

A fix is listed in that message.



-----Original Message-----
From: Jim Spaloss [mailto:jspaloss at gmail dot com] 
Sent: Tuesday, February 12, 2013 12:30 AM
To: m0n0wall list
Subject: [m0n0wall] Androids won't pass traffic

Hello all,

I'm not sure if my problem is related to my M0n0wall or not, but there are always brilliant people
on this list, so I'm giving it a shot.

My problem is a wireless network in a Nursing home. There are 12 Engenius
EAP300 wireless access points, connected to a Cisco 300 series PoE managed switch. The M0n0wall is
version 1.34 running on a Soekris Net4801. The facilities regular wired LAN is connected to the LAN
interface on the Soekris box.

The Cisco switch is connected to the Soekris box on the third interface, which serves as a trunk
carrying three VLANs.
The APs run 3 SSIDs:
Residents: No Encryption, restrictive ruleset, VLAN 103
Clinical: WPA2 Encryption, similar ruleset to LAN, VLAN 104
Cart: WPA2 Encryption, bypasses M0n0wall carrying public IP traffic directly to a particular device.
VLAN 105 (Access port on the Cisco plugs directly into cable modem) There is also VLAN 102 which is
used as a management interface for the APs, but doesn't have a matching SSID.

I can provide configs, or diagrams if my description doesn't make sense.

Anyway, on to my problem:
I got a complaint last week that the residents (VLAN 103, No Encryption can't get online).
I sent a technician out, and he was able to connect without issue with his laptop. The complaining
resident was attempting to connect with an Android tablet, and seemed to associate to the nearest
AP, but could not pass traffic. He could not make sense of it, and since he could connect, he
figured it as the tablet (not a device we are charged with supporting) and left.
I got another call, with accounts of more residents having connectivity issues so I went out myself.
I walked the facility with my laptop connected to the residents' SSID and had no issues. When I took
a look at one of the devices in question (an Android tablet) I could see that the tablet was
associating to the AP, and getting an IP address from the M0nwall. However, any attempt to browse
the web, check email, get on youtube times out. I pulled out my Android phone, which was connected
to the Clinical SSID (VLAN 104, WPA Encryption) and could get online when connected to the Clinical
SSID, and connected it to the residents' SSID. The phone associated, got an IP address, ad that was
it. nothing else. I opened up a terminal on the phone and tried to ping the local gateway (M0n0wall)
and got "Destination Host Unreachable" from the phone's IP address.

Also, nothing shows up in the M0n0wall logs. I even added logging to the allow rules on the
Residents' interface. If it's an Android device the traffic doesn't seem to reach the M0n0wall.

I proceeded to update firmware on M0n0wall (1.33 to 1.34) the Cisco switch, and the APs. I still
have no luck. No connection from Android devices, but my laptop connects just fine, which is the
really confusing part.

I can provide more information if needed, but if anybody has an idea of what I should even be
looking at, I'd love to hear your opinion. I just wasted the better part of today chasing this
issue, and I got nowhere.

Thanks in advance,

Jim

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and
may contain confidential and/or legally privileged information. If you are not the intended
recipient of this message or if this message has been addressed to you in error, please immediately
alert the sender by reply e-mail and then delete this message and any attachments. If you are not
the intended recipient, you are notified that any use, dissemination, distribution, copying, or
storage of this message or any attachment is strictly prohibited.