[ previous ] [ next ] [ threads ]
 From:  Jim Spaloss <jspaloss at gmail dot com>
 To:  "Payne Jr, Ash C" <Ash dot Payne at chartercom dot com>
 Cc:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Androids won't pass traffic
 Date:  Mon, 18 Mar 2013 23:52:34 -0400

Thanks for your reply. The gateway address is in the same subnet as the

I finally narrowed the issue down to a configuration issue with the APs. I
had the transmit rate locked to a certain MCS rate, which apparently the
android clients did not like. This was after rebuilding the switch config.

Anyway, the issue is sorted now.

Thanks everyone for your help!
On Mar 6, 2013 1:42 PM, "Payne Jr, Ash C" <Ash dot Payne at chartercom dot com> wrote:

> Is your gateway address on a different subnet than your dhcp pool?  If so,
> see this link:
> http://code.google.com/p/android/issues/detail?id=10315
> A fix is listed in that message.
> -----Original Message-----
> From: Jim Spaloss [mailto:jspaloss at gmail dot com]
> Sent: Tuesday, February 12, 2013 12:30 AM
> To: m0n0wall list
> Subject: [m0n0wall] Androids won't pass traffic
> Hello all,
> I'm not sure if my problem is related to my M0n0wall or not, but there are
> always brilliant people on this list, so I'm giving it a shot.
> My problem is a wireless network in a Nursing home. There are 12 Engenius
> EAP300 wireless access points, connected to a Cisco 300 series PoE managed
> switch. The M0n0wall is version 1.34 running on a Soekris Net4801. The
> facilities regular wired LAN is connected to the LAN interface on the
> Soekris box.
> The Cisco switch is connected to the Soekris box on the third interface,
> which serves as a trunk carrying three VLANs.
> The APs run 3 SSIDs:
> Residents: No Encryption, restrictive ruleset, VLAN 103
> Clinical: WPA2 Encryption, similar ruleset to LAN, VLAN 104
> Cart: WPA2 Encryption, bypasses M0n0wall carrying public IP traffic
> directly to a particular device. VLAN 105 (Access port on the Cisco plugs
> directly into cable modem) There is also VLAN 102 which is used as a
> management interface for the APs, but doesn't have a matching SSID.
> I can provide configs, or diagrams if my description doesn't make sense.
> Anyway, on to my problem:
> I got a complaint last week that the residents (VLAN 103, No Encryption
> can't get online).
> I sent a technician out, and he was able to connect without issue with his
> laptop. The complaining resident was attempting to connect with an Android
> tablet, and seemed to associate to the nearest AP, but could not pass
> traffic. He could not make sense of it, and since he could connect, he
> figured it as the tablet (not a device we are charged with supporting) and
> left.
> I got another call, with accounts of more residents having connectivity
> issues so I went out myself. I walked the facility with my laptop connected
> to the residents' SSID and had no issues. When I took a look at one of the
> devices in question (an Android tablet) I could see that the tablet was
> associating to the AP, and getting an IP address from the M0nwall. However,
> any attempt to browse the web, check email, get on youtube times out. I
> pulled out my Android phone, which was connected to the Clinical SSID (VLAN
> 104, WPA Encryption) and could get online when connected to the Clinical
> SSID, and connected it to the residents' SSID. The phone associated, got an
> IP address, ad that was it. nothing else. I opened up a terminal on the
> phone and tried to ping the local gateway (M0n0wall) and got "Destination
> Host Unreachable" from the phone's IP address.
> Also, nothing shows up in the M0n0wall logs. I even added logging to the
> allow rules on the Residents' interface. If it's an Android device the
> traffic doesn't seem to reach the M0n0wall.
> I proceeded to update firmware on M0n0wall (1.33 to 1.34) the Cisco
> switch, and the APs. I still have no luck. No connection from Android
> devices, but my laptop connects just fine, which is the really confusing
> part.
> I can provide more information if needed, but if anybody has an idea of
> what I should even be looking at, I'd love to hear your opinion. I just
> wasted the better part of today chasing this issue, and I got nowhere.
> Thanks in advance,
> Jim
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage of
> this message or any attachment is strictly prohibited.