We help IT Professionals succeed at work.
Get Started

How connect to the admin page of a wireless access point on VLAN B from within VLAN A

137 Views
Last Modified: 2015-10-21
I have created a "router on a stick" setup for my network with the following setup:

Hardware:

Router:  pfSense box with a single WAN and single LAN port
Switch:  Netgear GS724 Layer 2
Wireless Access Point 1:  Linksys E4200 running Tomato Toastman
Wireless Access Point 2:  Linksys E4200 running Tomato Toastman
Wireless Access Point 3:  Linksys E4200 running Tomato Toastman

The network setup:

On the switch:
VLAN 1 = Ports 3=T, 1-2=U
VLAN 10 = Ports 3=T, 4-22=U
VLAN 80 = Ports 3=T, 23=U
VLAN 90 = Ports 3=T, 24=U

Port 3 on the switch is the single trunk to the router LAN port and is tagged member of VLAN 10, VLAN 80 and VLAN 90, and an untagged member of VLAN 1.

On the router:
Default LAN = DHCP from router on subnet xxx.0.1.xxx
VLAN 10 = Home Network DHCP from router on subnet xxx.0.10.xxx
VLAN 80 = Phone Network DHCP from router on subnet  xxx.0.80.xxx
VLAN 90 = Guest Network DHCP from router on subnet  xxx.0.90.xxx

There are outbound NAT rules on the WAN interface for each VLAN that bridges all traffic on each VLAN subnet to the WAN address.  This allows each VLAN to access the internet.

Right now there is also a firewall rule on each VLAN that allows any traffic originated on each VLAN to pass anywhere else.  I did this to make sure that traffic could pass from any VLAN to any other VLAN while I was configuring the network.  Once I finish, I plan to add firewall rules above these to limit traffic from VLAN 90 (guest) to the other VLANs etc.

Devices:

On Default LAN / VLAN 1:
Switch = xxx.0.1.200

On VLAN 10:
Computer = xxx.0.10.10
Wireless Access Point 1 = xxx.0.10.110
Wireless Access Point 2 = xxx.0.10.111

On VLAN 80:
IP Phone = xxx.0.80.80

On VLAN 90:
Computer = xxx.0.90.9
Wireless Access Point 1 = xxx.0.90.90

General:
All of the above seems to work quite well.

The computer on VLAN 10 (xxx.0.10.10) can freely access:  The internet, the gateway for each other VLAN (xxx.0.xxx.1), the switch on xxx.0.1.200, the phone on xxx.0.80.80 etc.

The computer on VLAN 90 (xxx.0.90.9) can freely access:  The internet, the gateway for each other VLAN (xxx.0.xxx.1), the switch on xxx.0.1.200, the phone on xxx.0.80.80 etc.

The phone on VLAN 80 (xxx.0.80.80) works, and can place/receive calls.

Here is the problem / question:

The computer on VLAN 90 (xxx.0.90.9) can access the admin page of the wireless access point on VLAN 90 (xxx.0.90.90), but is not able to access  the admin page of either wireless access point on VLAN 10 (xxx.0.10.110 & xxx.0.10.111).

The computer on VLAN 10 (xxx.0.10.10) can access the admin page of both wireless access points on VLAN 10 (xxx.0.10.110 & xxx.0.10.111), but is not able to access the admin page of the wireless access point on VLAN 90 (xxx.0.90.90).

Given the ability of the computers on each VLAN to access everything else on all of the other VLAN's I can't figure out why they are not able to access the admin pages of the Wireless Access Points on the other VLANs.

I am assuming that my firewall rules are ok, since there is traffic flowing between the VLAN's and to the internet generally.  I am guessing that maybe there is something about the configuration of the Wireless Access Points that causes them to ignore traffic that doesn't originate on their own subnet.  But I am not sure what I can do to gain access to the admin pages, and can't find anything on the web after a lot of searching.

Any ideas on how to access the Wireless Access Point admin pages from computers on a different VLAN/subnet?
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE