Got it
Huawei Enterprise Support Community
Community Forums WLAN
AC6005-8-PWR controller w...

AC6005-8-PWR controller wifi clients cannot access internet after internet router is replaced.

Created: Sep 7, 2020 13:02:39Latest reply: Sep 9, 2020 16:29:25 813 12 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

We have an AC6005-8-PWR. Recently the router that connects the AC to the internet broke down and had to be replaced. The AC has 2 vlans (101, 102) for wifi. One is guest wifi and one is office wifi. VLAN 101 has an VLANIF in the range 192.168.100.x and VLAN 102 has an VLANIF in the range 192.168.102.x. (Both have DHCP enabled). Our (new) cisco router has ip address 192.168.1.1. (Same IP address as the router that broke down). The AC is connected on GigabitEthernet 0/0/8 with this cisco router (VLAN 1 untagged). This port is also in VLAN 1 untagged and has an VLANIF with IP address 192.168.1.2. There is a static route 0.0.0.0/0.0.0.0 with next hop 192.168.1.1 and interface gigabitethernet0/0/8. If I go under maintenance and go to diagnostic tools I can ping or do a traceroute to internet. (For example 8.8.8.8). So the AC6005-8-PWR has a route to go to the internet. In the cisco router I have defined routes for 192.168.100.x and 192.168.102.x to go through 192.168.1.2. The cisco router can ping the AC (192.168.100.1 and 192.168.1.2) and visa versa. When I connect a client through the wifi (or direct cable on the AC) I get an 192.168.100.x address but I cannot get on the internet. If i do a traceroute to internet from this client (8.8.8.8 for example) it will show the first hop 192.168.100.1 (which is the AC) and then it doesn't know the route anymore. What am I missing? The AC is connected to internet and my routes are working from AC to cisco router and the other way around. Thanks!

Like (0) Dislike (0) Favorite(0) Share Report
Previous: AP Reset
Next: Entry Level AP that Supports USB Dongle Network
Featured Answers

Recommended answer

(1) (0)
chenhui
Admin Created Sep 8, 2020 10:00:21

Posted by sgr1 at 2020-09-08 08:01

Hi, 

As I thought, the traffic from the PC to the internet will not be NATed on the RV325. The one-to-one NAT is kindly similar with the NAT server in Huawei. It only establish a NAT between one public IP and one private IP, which means, in your scenario, the traffic from the network, such as 192.168.100.0/24, will not be NATed on the Cisco router. As a result, the traffic will be dropped on the router.

BTW, I checked the documentation of the RV325, but didn't find the NAT function(only the port translation, but not same as the NAT), you might need to check with the Cisco engineer to confirm how to configure the NAT on this equipment.

NAT RV325


View more
  • x
  • convention:
All Answers
(0) (0)
2#
liqiang185
liqiang185 Admin Created Sep 7, 2020 13:03:18

Dear friend!
Please rest assured that we'll be back with an answer shortly.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Sep 7, 2020 13:18:42

Hi,
From your description, the network 192.168.100.0/24 and 192.168.102.0/24 are not NATed on the Cisco router.
Please check the Cisco router, if the NAT address pool includes the network 192.168.100.0/24 and 192.168.102.0/24.
View more
  • x
  • convention:

sgr1
sgr1 Created Sep 7, 2020 15:14:48 (0) (0)
Thank you for your reply. I use a cisco RV 325 router. As far as I can see it has the option to do one-to-one NAT. I have to fill in the following details: Private range begin, public range begin, range length and interface. I cannot put in 192.168.100.x in the private range begin since it only accepts 192.168.1.x (local subnet) as input. Can I upload pictures to this forum so I can clarify my situation better? Thanks!  
chenhui
chenhui Reply sgr1  Created Sep 8, 2020 07:06:10 (0) (0)
Yes, on the bottom of the page, click the 'Advanced' to upload the pic.  
sgr1
sgr1 Reply chenhui  Created Sep 8, 2020 08:08:20 (0) (0)
Thank you for your reply. I have uploaded a network drawing and the NAT options the the cisco router. I'm not sure why using NAT would solve the problem. The wireless clients routing will not go past the AC (192.168.100.1). Thanks again.  
(0) (0)
4#
sgr1
sgr1 Created Sep 8, 2020 08:01:16

network example

example of NAT settings in cisco router


View more
  • x
  • convention:
(1) (0)
5#
chenhui
chenhui Admin Created Sep 8, 2020 10:00:21

Posted by sgr1 at 2020-09-08 08:01

Hi, 

As I thought, the traffic from the PC to the internet will not be NATed on the RV325. The one-to-one NAT is kindly similar with the NAT server in Huawei. It only establish a NAT between one public IP and one private IP, which means, in your scenario, the traffic from the network, such as 192.168.100.0/24, will not be NATed on the Cisco router. As a result, the traffic will be dropped on the router.

BTW, I checked the documentation of the RV325, but didn't find the NAT function(only the port translation, but not same as the NAT), you might need to check with the Cisco engineer to confirm how to configure the NAT on this equipment.

NAT RV325


View more
  • x
  • convention:
(0) (0)
6#
sgr1
sgr1 Created Sep 8, 2020 12:16:15

Posted by chenhui at 2020-09-08 10:00 Hi, As I thought, the traffic from the PC to the internet will not be NATed on the RV325. The one ...
Thank for your anwser. Could you please explain why the AC can ping/traceroute to the internet and wifi clients can't?
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Sep 8, 2020 12:19:03

Posted by sgr1 at 2020-09-08 12:16 Thank for your anwser. Could you please explain why the AC can ping/traceroute to the internet and ...
When the AC ping the internet, the source IP is 192.168.1.2, which IP could be NATed on the router(cause you configured the one-to-one NAT), while the client source IP is 192.168.100.0/24, which causing the communication failure.
View more
  • x
  • convention:
(1) (0)
8#
sgr1
sgr1 Created Sep 8, 2020 12:24:39

Posted by chenhui at 2020-09-08 12:19When the AC ping the internet, the source IP is 192.168.1.2, which IP could be NATed on the router ...

Hi. I have not configured the one-to-one nat and the AC which is in the 192.168.100.x network can still ping the internet. How is that possible without using NAT?

View more
  • x
  • convention:
(0) (0)
9#
chenhui
chenhui Admin Created Sep 8, 2020 12:28:58

Posted by sgr1 at 2020-09-08 12:24 Posted by chenhui at 2020-09-08 12:24When the AC ping the internet, the source IP is 192.168.1.2, whic ...
Well, I think, the RV325 works like a home gateway. As you know, the home gateway will NAT the DHCP pool on itself, but not other IP addresses.
View more
  • x
  • convention:
(0) (0)
10#
Mash_man
Mash_man Created Sep 9, 2020 16:29:25

I had contact with the topic starter and Chenhui his theorie hav been proven correct.

After reading the manuals and fora about the RV325 there are more users experiancing these issues but there are no solutions provided.

It seems that the RV325 is supposed to declare subnets learned or staticly configured while slecting the route mode to gatway to be source natted but this does not seem to work correctly.

To prove the idea we configured :

acl 2500
rule 100 permit source 192.168.0.0 0.0.255.255

interface vlan1
nat outbound 2500

After this it worked.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.