Cannot reach devices connected on the same AP in the same VLAN but.....

Hi all,

I have a Balance 380 (FW: 8.3.0) that I use as an AP controller. I have several wired AP’s(Peplink AP One AX with FW:3.9.2) in the network running various VLANS.
The problem I’m having is that when 2 devices are connected to the same AP in the same VLAN (say, a printer and a laptop), They cannot reach each other (no ping, no TCP or UDP connection). However, when I’m connected to a different AP in the same VLAN, all works fine.

I can also reach devices that are connected on the same AP but in a different VLAN.
The management VLAN is untagged and that VLAN has no issues, I can reach any connected device on the same AP and the same untagged VLAN.

It probably has to do with the fact that the devices are in a tagged VLAN but that’s speculation through my findings above. I have been looking around and trying various settings but I can’t seem to solve it. It has to be a localized AP thing as there is no routing in 1 VLAN and other devices on other AP’s in the same VLAN are reachable.

Any suggestions?


1 Like

One question I’d have is if “Block all Private IP” is enabled at AP → WIreless SSID → [name of SSID] → Guest Protect. If that is checked that would explain why one client cannot contact another. But I don’t think it would explain the differences between APs. Regardless, I’d start there.

The fact that clients can communicate between VLANs and the untagged LAN is expected if you have Inter-VLAN routing enabled.

1 Like

Hi Rick,

No, Guest Protect is not checked. We don’t use the inter VLAN option from Peplink, we route through a router. But routing is not the problem, that works fine.

I find it strange that I don’t have this issue when connected to the untagged VLAN… I can reach all machines on the untagged VLAN on the same AP just fine. It only happens when connected to the tagged VLANs.

I’m having the same issue. No VLAN setup on the AP’s, and very obvious when the printer is connected to the same AP as the client wishing to print. All the “Guest Protect” features are disabled. “Feels” like this happened on a newer FW, since I’ve had the same setup for awhile. Thoughts?

Hi mate,

follow this procedure:
On the controller go to the AP menu → Wireless SSID → Click on the blue ‘?’ in the SSID section → then uncheck ‘Layer 2 isolation’.

Bizarre that this is tucked away under a question mark…


Perfect! Thank you. Hopefully this helps others too. I looked everywhere, and very bizarre that it’s hidden under the q? mark.


Thank you for your help.

That’s terrible to hide this spec so far in the menu …

1 Like