I have been deploying various wireless AP's in my network for years and years. We have a Cisco network with at least 30 different subnets, and we use EIGRP as our dynamic routing protocol. I have always wanted our AP's to act like a switch instead of a router. So I have always disabled DHCP, assigned it a static LAN IP address, and plugged it into my network on one of its 1-4 switchports, and not using the "internet" port. This goes for all my routers (varying Linksys/Cisco models, and even a couple old Netgears).
I have been realizing lately that once I get an AP build and sent out to the remote location (on a different subnet), I can usually no longer web into it. I am in the middle of deploying an NPS server to do 802.1x authentication, and I'm realizing that the E2000 I'm using cannot ping or see the NPS server which is on a different subnet. So, I'm sure I'm missing something.
On this E2000, I have disabled the SPI firewall, turned off NAT, enabled dynamic routing, etc. But I can't ping devices on another subnet from the E2000. I also can't ping www.google.com
or other URL's from the E2000. It will not resolve them. (My DNS servers are on another subnet... same subnet as the NPS server).
As an example, this is what my network is setup like:
E2000 and computers in my test environment - 10.2.4.0 255.255.255.0
NPS and DNS servers - 10.2.2.0 255.255.255.0
If I look at the routing table on the E2000, it just has one route that looks like this:
Dest. LAN IP: 10.2.4.0
SN Mask: 255.255.255.0
Interface: LAN & Wireless
The EIGRP entry on my main Cisco 7204 gateway router looks like this:
router eigrp 7
Is there something I'm missing on my wireless APs? Do I need to configure my Cisco routers to use RIP in addition to EIGRP?