Solved

HP ProCurve MSM422 configuration; can see internet but not network

Posted on 2011-03-21
4
5,908 Views
Last Modified: 2014-04-25
We are putting in a HP ProCurve Access Points (MSM422).
1-      The router address is 192.168.21.110
2-      Remote users are able to access the MSM422 and get an IP address from the DHCP router on the network.  In this case, the remote user gets 192.168.23.186  
3-      Remote user is able to access the internet; but can not access any machines on the network or IP schemes below.

Our local network comprises of several IP schemes
192.168.21.0 /24        -> gateway .28
192.168.23.0 /24      -> gateway .28
192.168.42.0 /24      -> gateway .28
192.168.52.0 /24      -> gateway .28


 if a workstation on the network had 192.168.21.110; it could communicate with all the above networks without a problem.

Any guidance would be appreciated.


System Configs:
[USER-SPACE]
    <VERSION-CONTROL>
        format = unified
        product-family = CN6xx
        version = 8
        upgrade-version = 10
        upgrade-development-version = 22
        serial-number = SG0499K0XR
        firmware = 5.3.6.0-01-8252
    <USER-DEFINED>
        configuration-version = "not configured"
    <FIREWALL-RULES>
        security-level = None
        rules-type = PRESET
    <CLI>
        use-serial-port = DISABLED
        use-ssh = ENABLED
    <WEB>
        license-accepted = "Wed Jun 23 16:32:46 2010"
        country-code = DEF
        dhcp-type = none
        nat = DISABLED
        webport-insecure = 80
        webport-secure = 443
        private-lan-mask = PRESET
        local-authentication = ENABLED
        radius-authentication = DISABLED
        radius-authentication-server = ""
        max-login = 5
        lock-out = 5                             # in minutes
        admin-access-trap = ENABLED
        admin-auth-failure-trap = ENABLED
        admin-logout-trap = ENABLED
        certificate-aboutto-expire-trap = ENABLED
        certificate-expired-trap = ENABLED
        lan-access = ENABLED
        wireless-access = ENABLED
        vpn-access = DISABLED
        internet-access = ENABLED
        administrator-kickout = ENABLED
        operator-kickout = ENABLED
        log-display-direction = LAST_LOG_AT_TOP
        auto-refresh = ENABLED
        auto-refresh-interval = 5
        registration-presented = ENABLED
        session-timeout-state = ENABLED
        session-timeout = 10
        security-policies = FIPS_140_2
        factory-settings = NO
    <SOAP-SERVER>
        soap-server-state = ENABLED
        ssl = ENABLED
        username-password-required = DISABLED
        max-requests-per-minute = 2048
        tcp-port = 448
        lan-access = ENABLED
        wireless-access = DISABLED
        vpn-access = DISABLED
        internet-access = ENABLED
        mutual-ssl-connection-authentication = ENABLED
        http-authentication = DISABLED
        http-authentication-username = ""
        http-authentication-password = ""
    <SYSTEM-TIME>
        time-zone = -300*01
        use-ntp-server = YES
        ntp-protocol = SNTP
        auto-adjust-clock-for-dst = ENABLED
        use-custom-dst-rules = DISABLED
        manual-time-year = 2008
        manual-time-month = January
        manual-time-day = 1
        manual-time-time-of-day = 0
    <TIMEZONE-RULE-1>
        format = FIRST_WEEKDAY_ON_OR_AFTER_DAY
        month = May
        day = 1
        weekday = Sunday
        time = 7200
        time-interpretation = WALL_CLOCK
        save = 3600
    <TIMEZONE-RULE-2>
        format = FIRST_WEEKDAY_ON_OR_AFTER_DAY
        month = October
        day = 1
        weekday = Sunday
        time = 7200
        time-interpretation = WALL_CLOCK
        save = 0
    <TIME-SERVERS>
        time-server = 0.colubris.pool.ntp.org
        time-server = 1.colubris.pool.ntp.org
        time-server-failure-trap = DISABLED
    <WIRELESS-SECURITY>
        restrict-traffic = DISABLED
        l2tp = DISABLED
        ipsec = DISABLED
        external-vpn = DISABLED
        pptp = DISABLED
        ieee802-1x = DISABLED
        vpn-user-connection-trap = DISABLED
    <UPSTREAM-PORT>
        address-type = STATIC
    <MONITOR-PROCESS-LIST>
        snmp = ENABLED
        sshd = ENABLED
        serial = DISABLED
        websoap = ENABLED
        eapolserver = ENABLED
        pppoe-client = DISABLED
        macauth = ENABLED
        aeroscout = DISABLED
        iperf-server = DISABLED
        dhcp-client = DISABLED
    <PPPOE>
        mru = 1492
        mtu = 1492
        auto-reconnect = ON
        unnumbered = OFF
    <DHCLIENT>
        client-id = SG0499K0XR
        lan-client-id = SG0499K0XR
        wireless-client-id = SG0499K0XR
    <DHCLIENT-INTERFACE-LIST>
        upstream-port = br0
    <SYSLOG-FILTER-SET-1>
        filter-set-name = "Local file log filter"
        bool-operator-between-functions = AND
        regex-filter-status = DISABLED
        regex-filter-not = DISABLED
        regex-filter = ""
        level-filter-status = ENABLED
        level-filter-not = DISABLED
        level-filter = warning
        process-filter-status = DISABLED
        process-filter-not = DISABLED
        process-filter = ""
    <SYSLOG-DESTINATION-1>
        destination-name = "Local filtered log"
        destination-status = ENABLED
        destination-type = local-file
        filter-set = SYSLOG-FILTER-SET-1
    <SYSLOG-FILTER-SET-2>
        filter-set-name = "SNMP Level Trap Filter"
        bool-operator-between-functions = AND
        regex-filter-status = DISABLED
        regex-filter-not = DISABLED
        regex-filter = ""
        level-filter-status = ENABLED
        level-filter-not = DISABLED
        level-filter = warning
        process-filter-status = DISABLED
        process-filter-not = DISABLED
        process-filter = ""
    <SYSLOG-DESTINATION-2>
        destination-name = "SNMP Level Trap"
        destination-status = ENABLED
        destination-type = trap
        filter-set = SYSLOG-FILTER-SET-2
    <SYSLOG-FILTER-SET-3>
        filter-set-name = "SNMP Regex Trap Filter"
        bool-operator-between-functions = AND
        regex-filter-status = ENABLED
        regex-filter-not = DISABLED
        regex-filter = expression
        level-filter-status = DISABLED
        level-filter-not = DISABLED
        level-filter = warning
        process-filter-status = DISABLED
        process-filter-not = DISABLED
        process-filter = ""
    <SYSLOG-DESTINATION-3>
        destination-name = "SNMP Regex Trap"
        destination-status = DISABLED
        destination-type = trap
        filter-set = SYSLOG-FILTER-SET-3
    <SNMP-CONFIG>
        snmp-server = ENABLED
        snmp-port = 161
        snmp-version = 2
        snmp-version-1 = ENABLED
        snmp-version-2c = ENABLED
        snmp-version-3 = DISABLED
        snmp-ro-community = public
        snmp-community = private
        snmp-syslocation = ""
        snmp-syscontact = ""
        snmp-sysname = SG0499K0XR
        snmp-traps-enabled = DISABLED
        snmp-authentication-failure-trap = ENABLED
        snmp-trap-community = ""
        lan-access = ENABLED
        wireless-access = DISABLED
        vpn-access = DISABLED
        internet-access = ENABLED
        snmp-linkstate-trap = ENABLED			 # TRAP configuration
        snmp-heartbeat-trap = DISABLED
        snmp-heartbeat-trap-period = 60 		 # period in seconds between 2 heartbeat traps
    <SNMP-USER-1>
        username = readonly
        password = readonly
        security = md5_des
        access-level = read-only
    <SNMP-USER-2>
        username = readwrite
        password = readwrite
        security = md5_des
        access-level = read-write
    <CLIENT-TRACK>
        association-success-trap-state = DISABLED
        association-fail-trap-state = DISABLED
        reassociation-success-trap-state = DISABLED
        reassociation-fail-trap-state = DISABLED
        authentication-success-trap-state = DISABLED
        authentication-fail-trap-state = DISABLED
        disassociation-success-trap-state = DISABLED
        disassociation-fail-trap-state = DISABLED
        deauthentication-success-trap-state = DISABLED
        deauthentication-fail-trap-state = DISABLED
    <ETHERNET>
        upstream-speed = AUTO
        upstream-duplex = AUTO
        downstream-speed = AUTO
        downstream-duplex = AUTO
    <FIRMWARE-UPDATE>
        firmware-update-mode = MANUAL
        firmware-update-day = EVERYDAY
        firmware-update-time = 00:00
        firmware-update-location = ""
        firmware-update-trap = ENABLED
    <CONFIGURATION-UPDATE>
        config-update-mode = MANUAL
        config-update-day = EVERYDAY
        config-update-time = 00:00
        config-update-location = ""
        config-update-operation = BACKUP
        config-update-trap = ENABLED
        config-change-trap = ENABLED
    <IP-ADDRESS-SERVER>
        ip-address-server = DISABLED
        server-mode = static                     # choices are static or dynamic
        dynamic-unique-client-id = SG0499K0XR
        dynamic-initial-pool-size = 1
        dynamic-max-pool-size = 30
        dynamic-toggle-pool-size = 1
        dynamic-interface = eth0
        dynamic-wins-from-dhcp = OFF
        static-first-address = 192.168.2.1
        dhcp-server = 0.0.0.0
    <SATELLITE-MASTER>
        security = ENABLED
        master-definition-mode = DHCP-GATEWAY
        manual-master-mac = ""
        tunnel-access-control = DISABLED
    <REDUNDANCY>
        radio-redundancy = DISABLED
        radio-redundancy-mode = GATEWAY
        radio-redundancy-address = ""
        radio-redundancy-retry = 0
        radio-redundancy-timeout = 1
        radio-redundancy-poll = 1
    <802.11>
        snr-notification-enabled = ENABLED
        snr-notification-interval = 1
        snr-minimum-level = 15
        assoc-notification-enabled = DISABLED
        assoc-notification-interval = 0
    <IEEE802DOT1X>
        port-control = auto
        key-tx = ENABLED
        reqid-delay = 5
        tx-period = 30
        quiet-period = 60
        reauth = DISABLED
        reauth-period = 3600
        reauth-terminate = DISABLED
        reauth-max = 8
        supp-timeout = 3
        server-timeout = 30
        max-req = 2
        dynamic-key = DISABLED
        dynamic-key-interval = 43200
        wep-key-size = 13
    <RADIUS-SRV-GATEWAY>
        chap-challenge-attribute = ENABLED
        radius-acct-port = 1813
        radius-always-try-primary-first = DISABLED
        radius-auth-port = 1812
        radius-authentication-method = MSCHAPV2
        radius-display-name = "[Access Controller]"
        radius-nas-id = ""
        radius-retry-interval = 10
        radius-accounting-timeout-control = DISABLED
        radius-accounting-timeout = 60
        radius-secret-primary = ""
        radius-secret-secondary = ""
        radius-srv-primary = *gateway*
        radius-srv-secondary = ""
        radius-use-message-authenticator = ENABLED
        radius-force-nas-port-to-value = DISABLED
        unique-identifier = ""
    <DISCOVERY-PROTOCOL>
        ttl = 180
        loop-delay = 60
        active = ENABLED
        device-id-name = ""
    <DNS>
        cache = off						# ""=cache on, "off"=cache off
        override-dynamic = DISABLED
        dns-1 = 192.168.21.20
        dns-2 = ""
        dns-3 = ""
        switch-on-servfail = DISABLED
        switch-over = DISABLED
    <PORT-WAN>
        interface = eth0
        vlan = 0
        vlan-management-filter = DISABLED
        default-vlan-compatibility = DISABLED
    <PORT-LAN>
        interface = br0
        vlan = 0
        vlan-management-filter = DISABLED
        default-vlan-compatibility = DISABLED
        static-default-gw-destination = 192.168.21.28
        address-type = STATIC
    <PORT-WIRELESS>
        interface = br0
        bandwidth-control = DISABLED
        bandwidth-control-max-kbits = 54000
    <WIRELESS-SITE-SCAN>
        scanning-enabled = DISABLED
        official-ap-url = ""
        scanning-period = 600
        unauthorized-ap-notification-enabled = ENABLED
        unauthorized-ap-notification-interval = 5
    <WDS-QOS>
        qos-option = DISABLED
    <BRIDGE-VLAN>
        priority = 32768
        bridge-max-age = 20.0
        hello-time = 2.0
        bridge-forward-delay = 15.0
        ageing-time = 300.0
        gc-interval = 4.0
        stp-enabled = no
    <BRIDGE-1>
        bridge = br0
        priority = 32768
        designated-root = ""
        root-port = 0
        path-cost = 0
        max-age = 20.0
        bridge-max-age = 20.0
        hello-time = 2.0
        bridge-hello-time = 2.0
        forward-delay = 15.0
        bridge-forward-delay = 15.0
        ageing-time = 300.0
        gc-interval = 4.0
        topology-change = no
        topology-change-detected = no
        stp-enabled = yes
        interface-1 = wvlan0
        interface-2 = wvlan1
        interface-3 = eth0
    <INTERFACE-WIRELESS-1>
        ack-range = 0km
        interface = wvlan0
        radio-state = ENABLED
        auto-channel-state = ENABLED
        auto-channel-timer = 0
        auto-channel-time = 00:00
        auto-power-state = DISABLED
        auto-power-timer = 3600
        sensitivity = 1/3
        op-mode = AP
        phytype = ieee802.11n-2ghz-bg-compatible
        tx-power = MAX
        frequency = Auto
        rtsthreshold = off
        rejectany = disabled
        mcast-rate = 1000000
        antenna-selection = diversity
        beacon-interval = 100
        spectralink-view = DISABLED
        station-detection-state = DISABLED
        channel-width = auto
        channel-extension = above
        guard-interval = short
        mcast-mcs = 0
        mimo-mode = 3x3
        mcast-80211n = 1
        antenna-gain = 2
    <INTERFACE-WIRELESS-2>
        ack-range = 0km
        interface = wvlan1
        radio-state = ENABLED
        auto-channel-state = ENABLED
        auto-channel-timer = 0
        auto-channel-time = 00:00
        auto-power-state = DISABLED
        auto-power-timer = 3600
        sensitivity = 1/3
        op-mode = Monitor
        phytype = ieee802.11bg
        frequency = Auto
        rtsthreshold = off
        rejectany = disabled
        tx-power = MAX
        mcast-rate = 1000000
        antenna-selection = diversity
        beacon-interval = 100
        spectralink-view = DISABLED
        station-detection-state = DISABLED
        channel-width = 40MHz
        channel-extension = above
        guard-interval = short
        mcast-mcs = 0
        mimo-mode = 3x3
        mcast-80211n = 1
        antenna-gain = 2
    <INTERFACE-1>
        interface = br0
        hwaddr = ""
        afname = inet
        address = 192.168.21.110
        broadcast = 192.168.21.255
        dstaddress = ""
        netmask = 255.255.255.0
        flags = "UP BCST RUN MULTCST "
        mtu = 1500
        metric = 1
        txqlen = 1000
    <INTERFACE-2>
        interface = eth0
        hwaddr = ""
        afname = inet
        address = ""
        dstaddress = ""
        broadcast = ""
        netmask = ""
        flags = "UP BCST RUN ALLMUL MULTCST "
        mtu = 1500
        metric = 1
        txqlen = 100
    <INTERFACE-3>
        interface = wvlan0
        hwaddr = ""
        afname = inet
        address = ""
        dstaddress = ""
        broadcast = ""
        netmask = ""
        flags = "UP BCST RUN MULTCST "
        mtu = 1500
        metric = 1
        txqlen = 100
    <INTERFACE-4>
        interface = wvlan1
        hwaddr = ""
        afname = inet
        address = ""
        dstaddress = ""
        broadcast = ""
        netmask = ""
        flags = "UP BCST RUN MULTCST "
        mtu = 1500
        metric = 1
        txqlen = 100
    <TROUBLESHOOTING>
        trace-amount-packets = 100
        trace-destination = REMOTE
        trace-packet-size = 128
        trace-timeout = 600
        trace-uri = http://www.yahoo.com
        trace-filter = ""
        trace-trap = DISABLED
        iperf-server = DISABLED
        trace-iface = eth0
    <APPLICATION-LIST>
        pppoeclient = Internet-connection
    <PPPOECLIENT-INTERNET-CONNECTION>
        user = ""
        password = ""
        admin-status = ENABLED
    <SERIAL-PORT-SETUP>
        speed = 115200
        hw-flowctl = DISABLED
    <IGMP>
        igmp-snooping-helpers = ENABLED
    <RFIDENTIFICATION>
        aeroscout-state = DISABLED
    <AEROSCOUT>
        tag-state = DISABLED
        engine-ip-address = 0.0.0.0
        engine-ip-port = 0
        wifi-multicast-address = 01:0C:CC:00:00:00
    <LEDS>
        mode = NORMAL
[VIRTUAL-AP-ESSID-1]
    <VAP>
        name = "HP ProCurve"
        type = SSID
        access-controlled = DISABLED
        unique-identifier = 1
    <ESSID>
        essid = "MGP Receiving A"
        broadcast = ENABLED
        max-station = 64
        vlan-id = 0
    <ACCESS-CONTROLLER>
        use-access-controller = DISABLED
    <WEP>
        key-1 = ""
        key-2 = ""
        key-3 = ""
        key-4 = ""
        xmitkey = 1
        key-format = ASCII
    <WIRELESS-SECURITY>
        ieee802dot1x-authentication = ENABLED
        mac-auth = DISABLED
        wep-encryption = DISABLED
        tkip-encryption = ENABLED
        ccmp-encryption = ENABLED
        allow-no-encryption = DISABLED
        authentication-mandatory = ENABLED
    <IEEE802DOT1X>
        wep-static = DISABLED
        auth-suite = PSK
        wpa-psk = mgp;wusa!
        radius-service-type = FRAMED
        radius-session-timeout = 0
        radius-authentication-server = ""
        radius-accounting = DISABLED
        radius-accounting-server = ""
        radius-accounting-interim-update = 0
        csid-delimiter = dash
        csid-mac-case = UPPER_CASE
        radius-called-station-id-content = BSSID
        wpa-crypto-msc = DISABLED
        dynamic-key = ENABLED
    <MAC-AUTH>
        authentication-timeout = 40
        local-authentication = DISABLED
        radius-authentication = DISABLED
        radius-authentication-method = ""
        radius-service-type = LOGIN
        radius-session-timeout = 0
        radius-authentication-server = ""
        radius-accounting = DISABLED
        radius-accounting-server = ""
        radius-accounting-interim-update = 0
        csid-delimiter = colon
        csid-mac-case = UPPER_CASE
        authentication-mandatory = DISABLED
        radius-called-station-id-content = WLAN
    <MAC-FILTER-LIST>
        mac-filter = DISABLED
        mac-filter-mode = DENY
    <ASSOCIATION-NOTIFICATOR>
        group-name = ""
        called-station-id-content = ssid
    <SNMP>
        association-notification = ENABLED
    <QOS>
        qos-option = DIFFSRV
        upstream-diff-serv = ENABLED
        wmm-advertising = ENABLED
    <WIRELESS>
        forwarding = ENABLED
        min-data-rate = 1000000
        max-data-rate = 54000000
        dtim-count = 1
        advertise-tx-power = DISABLED
        l2-fast-auth = DISABLED
        l3-mobility = DISABLED
        vsc-state = ENABLED
        rate-80211b = 1:ENABLED
        rate-80211b = 2:ENABLED
        rate-80211b = 5.5:ENABLED
        rate-80211b = 11:ENABLED
        rate-80211g = 6:ENABLED
        rate-80211g = 9:ENABLED
        rate-80211g = 12:ENABLED
        rate-80211g = 18:ENABLED
        rate-80211g = 24:ENABLED
        rate-80211g = 36:ENABLED
        rate-80211g = 48:ENABLED
        rate-80211g = 54:ENABLED
        rate-80211bg = 1:ENABLED
        rate-80211bg = 2:ENABLED
        rate-80211bg = 5.5:ENABLED
        rate-80211bg = 6:ENABLED
        rate-80211bg = 9:ENABLED
        rate-80211bg = 11:ENABLED
        rate-80211bg = 12:ENABLED
        rate-80211bg = 18:ENABLED
        rate-80211bg = 24:ENABLED
        rate-80211bg = 36:ENABLED
        rate-80211bg = 48:ENABLED
        rate-80211bg = 54:ENABLED
        rate-80211a = 6:ENABLED
        rate-80211a = 9:ENABLED
        rate-80211a = 12:ENABLED
        rate-80211a = 18:ENABLED
        rate-80211a = 24:ENABLED
        rate-80211a = 36:ENABLED
        rate-80211a = 48:ENABLED
        rate-80211a = 54:ENABLED
        rate-80211n = 1:ENABLED
        rate-80211n = 2:ENABLED
        rate-80211n = 5.5:ENABLED
        rate-80211n = 6:ENABLED
        rate-80211n = 9:ENABLED
        rate-80211n = 11:ENABLED
        rate-80211n = 12:ENABLED
        rate-80211n = 18:ENABLED
        rate-80211n = 24:ENABLED
        rate-80211n = 36:ENABLED
        rate-80211n = 48:ENABLED
        rate-80211n = 54:ENABLED
        rate-80211n = MCS0:ENABLED
        rate-80211n = MCS1:ENABLED
        rate-80211n = MCS2:ENABLED
        rate-80211n = MCS3:ENABLED
        rate-80211n = MCS4:ENABLED
        rate-80211n = MCS5:ENABLED
        rate-80211n = MCS6:ENABLED
        rate-80211n = MCS7:ENABLED
        rate-80211n = MCS8:ENABLED
        rate-80211n = MCS9:ENABLED
        rate-80211n = MCS10:ENABLED
        rate-80211n = MCS11:ENABLED
        rate-80211n = MCS12:ENABLED
        rate-80211n = MCS13:ENABLED
        rate-80211n = MCS14:ENABLED
        rate-80211n = MCS15:ENABLED
    <INGRESS-FILTERS>
        security = ENABLED
        filter-selection = CN-FILTERS-AC-MAC
        cn-filters-manual-mac = 00:00:00:00:00:00
        custom-in-filter = ""
        custom-out-filter = ""
    <SECURITY-FILTERS>
        state = DISABLED
    <DOWNSTREAM-INTERFACES>
        interface-type = WIRELESS

        interface = INTERFACE-WIRELESS-1
        interface = INTERFACE-WIRELESS-2

Open in new window

0
Comment
Question by:CharlieChicago
  • 3
4 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35186861
Please show the whole config the router...
You need to disable the AP isolation on the AP to communicate the clients each others!

Best regards,
Istvan
0
 

Author Comment

by:CharlieChicago
ID: 35190381
I believe Isolation is already deactivated.   The AP can communicate with the network.  Just not certain parts .  Where do I generate all the configs for the router ?  The above settings are from Tools > system tools > System Configurations [Run]

0
 

Accepted Solution

by:
CharlieChicago earned 0 total points
ID: 35386769

Solved it:    

1- Edit VSC  Virtual Service Community
2- Uncheck [] Wireless Security Filters
0
 

Author Closing Comment

by:CharlieChicago
ID: 35414420
Solved it myself.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wifi Access 4 40
Printer Functions erratically 5 40
Network Config 9 58
Move configuration from Cisco 3560 to 3750X 6 17
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now