Lost PING to APs from other subnet after ZD1100 was replaced and with other ZD1100 with newer firmware

  • 1
  • Question
  • Updated 2 years ago
  • (Edited)
Hi.

We have recently replaced our ZD1100 with another ZD1100 as the original failed. I have then restored the orginal wireless configuration to the new ZD1100 and configured the rest manually. The APs (5 x ZF7363) automatically connected to the new ZD1100 and started upgrading their firmware. Both ZD and all ZFs now run the newest 9.10 build and all the wireless networks work flawless as they did previously. The ZD1100 and the APs are all configured with manually defined IPs in our "client subnet". Gateway is configured in the APs with the same gateway IP as the ZD.

The problem now is that I cannot PING the APs from our "server subnet". I can ping the ZD (located in the "client subnet") just fine from the "server subnet", but the APs doesn't answer as they did before the old ZD1100 was replaced where I could PING all APs and the ZD without any problems. Also as far as I can remember I could also access each AP using HTTP before, this doesn't work either now from the "server subnet" (actually I haven't tested HTTP access to the APs from the Client subnet but I suspect that would work fine). Also I must mention that I have also tested DHCP assigned IPs to the APs but the result is the same, no PING :( 

I have tested PING to the "server subnet" from wireless clients and that works just fine.

We use the PING command to monitor the APs from the "server subnet" so I would very much like to have PING access working again. Could anyone please tell me what I need to do to get this working again?

Thanks.

Best
Thomas
Denmark 
Photo of Thomas Bluhme Andersen

Thomas Bluhme Andersen

  • 3 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Hello Thomas,

    Your first paragraph stating you replaced your ZD1100 with a restored configuration
file, upgraded to v9.10, and all APs are connected and wifi network working "flawlessly"
is encouraging.

   Your second paragraph seems to lead up to L3, and possible ZD/router ACLs.  Are you
pinging from a Wired client on the "server subnet", or Wireless client (where ZD's client
isolation might apply, and a whitelist may be necessary in v9.10)? 

    Or do you have a Router with specific permissions to the ZD's IP address (on the client
VLAN/subnet) from the "server subnet" that allows this inter-network communication?  Do/did
you have the same for static AP IP addresses before your recent changes, and could it be
that APs have different IPs now that you don't have them in the ACL?  Do they need to know
their management VLAN if it's tagged?

https://support.ruckuswireless.com/answers/000002357

   Btw, Ruckus recommends keeping ZD/APs on a separate management VLAN, and
assigning distinct client VLANs to your WLAN traffic, that can be managed by your L3
switch/router devices.  In this case it may be improved security on our ZD/APs that prevents
access/pings to the APs from wireless server subnet clients, that might require a Whitelist
on the ZD's WLAN config to allow you to reach them.  If coming from wired stations on
the server and can't ping the APs, can you add the AP IP addresses to a permit ACL
on your router?  Hope this helps lead to your solution.
(Edited)
Photo of Thomas Bluhme Andersen

Thomas Bluhme Andersen

  • 3 Posts
  • 0 Reply Likes

Hi Michael and thanks for answering.


As nothing has been changed in the router since the old ZD was replaced, the router can not be the problem - also I know that everything is wide open between the two subnets).

The server subnet is wired, so I'm pinging from a wired connection on a different subnet at a different location through VPN. No changes have been made to the VPN connection so that cannot be the problem either.


I haven't configured any whitelists or ACLs in the ZD. That wasn't necessary on the old ZD for PING to Work. Do I need to configure it now running firmware 9.10, or did I perhaps create something on the old ZD that wasn't copied on to the new ZD when the Wireless configuration was imported?


Best

Thomas


Photo of Thomas Bluhme Andersen

Thomas Bluhme Andersen

  • 3 Posts
  • 0 Reply Likes
Turned out that it was the new ZD that was causing the problems. Got the old ZD back from repair (or a new one I don't know). This I installed instead, configured it and everything has been running smoothly since, I can ping all APs.

Also we were experiencing jitter on the Network with the ZD that has now been removed from the Network and returned, so that was a rather bad experience causing a lot of head scratching and a lot of "lost hours" trying to find out what the f*ck was causing the periodic problems.