Cannot reach devices connected on the same AP in the same VLAN but.....

Arthur_Schotgerrits · July 26, 2023, 5:01am

Hi all,

I have a Balance 380 (FW: 8.3.0) that I use as an AP controller. I have several wired AP’s(Peplink AP One AX with FW:3.9.2) in the network running various VLANS.
The problem I’m having is that when 2 devices are connected to the same AP in the same VLAN (say, a printer and a laptop), They cannot reach each other (no ping, no TCP or UDP connection). However, when I’m connected to a different AP in the same VLAN, all works fine.

I can also reach devices that are connected on the same AP but in a different VLAN.
The management VLAN is untagged and that VLAN has no issues, I can reach any connected device on the same AP and the same untagged VLAN.

It probably has to do with the fact that the devices are in a tagged VLAN but that’s speculation through my findings above. I have been looking around and trying various settings but I can’t seem to solve it. It has to be a localized AP thing as there is no routing in 1 VLAN and other devices on other AP’s in the same VLAN are reachable.

Any suggestions?

Regards.

Rick-DC · July 26, 2023, 10:21am

One question I’d have is if “Block all Private IP” is enabled at AP → WIreless SSID → [name of SSID] → Guest Protect. If that is checked that would explain why one client cannot contact another. But I don’t think it would explain the differences between APs. Regardless, I’d start there.

The fact that clients can communicate between VLANs and the untagged LAN is expected if you have Inter-VLAN routing enabled.

Arthur_Schotgerrits · July 26, 2023, 10:29am

Hi Rick,

No, Guest Protect is not checked. We don’t use the inter VLAN option from Peplink, we route through a router. But routing is not the problem, that works fine.

I find it strange that I don’t have this issue when connected to the untagged VLAN… I can reach all machines on the untagged VLAN on the same AP just fine. It only happens when connected to the tagged VLANs.

Peter_Peterson · January 25, 2024, 6:38am

I’m having the same issue. No VLAN setup on the AP’s, and very obvious when the printer is connected to the same AP as the client wishing to print. All the “Guest Protect” features are disabled. “Feels” like this happened on a newer FW, since I’ve had the same setup for awhile. Thoughts?

Arthur_Schotgerrits · January 25, 2024, 7:47am

Hi mate,

Yes.
follow this procedure:
On the controller go to the AP menu → Wireless SSID → Click on the blue ‘?’ in the SSID section → then uncheck ‘Layer 2 isolation’.

Bizarre that this is tucked away under a question mark…

Peter_Peterson · January 25, 2024, 7:51am

Perfect! Thank you. Hopefully this helps others too. I looked everywhere, and very bizarre that it’s hidden under the q? mark.

Clakprod · March 27, 2024, 4:12pm

Thank you for your help.

That’s terrible to hide this spec so far in the menu …