How connect to the admin page of a wireless access point on VLAN B from within VLAN A

I have created a "router on a stick" setup for my network with the following setup:

Hardware:

Router:  pfSense box with a single WAN and single LAN port
Switch:  Netgear GS724 Layer 2
Wireless Access Point 1:  Linksys E4200 running Tomato Toastman
Wireless Access Point 2:  Linksys E4200 running Tomato Toastman
Wireless Access Point 3:  Linksys E4200 running Tomato Toastman

The network setup:

On the switch:
VLAN 1 = Ports 3=T, 1-2=U
VLAN 10 = Ports 3=T, 4-22=U
VLAN 80 = Ports 3=T, 23=U
VLAN 90 = Ports 3=T, 24=U

Port 3 on the switch is the single trunk to the router LAN port and is tagged member of VLAN 10, VLAN 80 and VLAN 90, and an untagged member of VLAN 1.

On the router:
Default LAN = DHCP from router on subnet xxx.0.1.xxx
VLAN 10 = Home Network DHCP from router on subnet xxx.0.10.xxx
VLAN 80 = Phone Network DHCP from router on subnet  xxx.0.80.xxx
VLAN 90 = Guest Network DHCP from router on subnet  xxx.0.90.xxx

There are outbound NAT rules on the WAN interface for each VLAN that bridges all traffic on each VLAN subnet to the WAN address.  This allows each VLAN to access the internet.

Right now there is also a firewall rule on each VLAN that allows any traffic originated on each VLAN to pass anywhere else.  I did this to make sure that traffic could pass from any VLAN to any other VLAN while I was configuring the network.  Once I finish, I plan to add firewall rules above these to limit traffic from VLAN 90 (guest) to the other VLANs etc.

Devices:

On Default LAN / VLAN 1:
Switch = xxx.0.1.200

On VLAN 10:
Computer = xxx.0.10.10
Wireless Access Point 1 = xxx.0.10.110
Wireless Access Point 2 = xxx.0.10.111

On VLAN 80:
IP Phone = xxx.0.80.80

On VLAN 90:
Computer = xxx.0.90.9
Wireless Access Point 1 = xxx.0.90.90

General:
All of the above seems to work quite well.

The computer on VLAN 10 (xxx.0.10.10) can freely access:  The internet, the gateway for each other VLAN (xxx.0.xxx.1), the switch on xxx.0.1.200, the phone on xxx.0.80.80 etc.

The computer on VLAN 90 (xxx.0.90.9) can freely access:  The internet, the gateway for each other VLAN (xxx.0.xxx.1), the switch on xxx.0.1.200, the phone on xxx.0.80.80 etc.

The phone on VLAN 80 (xxx.0.80.80) works, and can place/receive calls.

Here is the problem / question:

The computer on VLAN 90 (xxx.0.90.9) can access the admin page of the wireless access point on VLAN 90 (xxx.0.90.90), but is not able to access  the admin page of either wireless access point on VLAN 10 (xxx.0.10.110 & xxx.0.10.111).

The computer on VLAN 10 (xxx.0.10.10) can access the admin page of both wireless access points on VLAN 10 (xxx.0.10.110 & xxx.0.10.111), but is not able to access the admin page of the wireless access point on VLAN 90 (xxx.0.90.90).

Given the ability of the computers on each VLAN to access everything else on all of the other VLAN's I can't figure out why they are not able to access the admin pages of the Wireless Access Points on the other VLANs.

I am assuming that my firewall rules are ok, since there is traffic flowing between the VLAN's and to the internet generally.  I am guessing that maybe there is something about the configuration of the Wireless Access Points that causes them to ignore traffic that doesn't originate on their own subnet.  But I am not sure what I can do to gain access to the admin pages, and can't find anything on the web after a lot of searching.

Any ideas on how to access the Wireless Access Point admin pages from computers on a different VLAN/subnet?
jblahaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
Make sure the wireless access points have a default gateway configured.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jblahaAuthor Commented:
asavener is spot on:

I had left the default gateway for each of the Wireless Access Points to 0.0.0.0.  This didn't affect any of their ability to act as wireless access points or for their clients to access the internet etc., but didn't allow the admin page to be accessible by a computer on a different VLAN/subnet.  I changed the default gateway on the Wireless Access Point on VLAN 90 (xxx.0.90.90) to be xxx.0.90.1, and the computer on VLAN 10 (xxx.0.10.10) was instantly able to access the admin page on VLAN 90 by entering xxx.0.90.90.  I changed the default gateway on the Wireless Access Points on VLAN 10 (xxx.0.10.110 & xxx.0.10.111) to be xxx.0.10.1, and the computer on VLAN 90 (xxx.0.90.9) was instantly able to access the admin page on VLAN 10 by entering xxx.0.10.110 and xxx.0.10.111.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.