E410 can't ping internet from SSH or GUI

Products Enterprise Wi-Fi Networks
1

HW iNFO:
E410

FW ver 3.11.4-r9

PROBLEMS:
1. I can go internet using my AP from my PC, but I can't ping Internet from AP ssh or GUI
2. Could you allow techdump.tar.gz extension in this forum, so that I don't have to convert it to zip first before allowed to attach it


AP getting its ip address using dhcp, I believe gateway ip being setup automatically.

Since I can't ping internet from it. I also set gateway, domain manually

But still, I can't ping Internet

Attached my techdump

tq

2

What is your gateway 192.168.88.1? A router? 
Do you ping it from your AP?

3

192.168.88.1 is my gateway mikrotik router

As stated before. I ping from AP

How do I connect to AP
1. ssh to AP and ping 1.1.1.1 from AP

2. login to GUI and click Troubleshoot, click ping 1.1.1.1

RESULT:

all timeout


4

Ok, but do you ping your gateway?
Your clients are in the same vlan/net?

5

1. Ok, but do you ping your gateway?

if from device that connected to AP can ping Internet.
Do I need to ping the gateway?


2. Your clients are in the same vlan/net?
By default all Cambium AP is Bridge
Bridge mode = Layer 2
Layer 2 = same VLAN

Same VLAN = same subnet

Anything from my statement is not CLEAR?

Here I can ping Internet from epmp 1000 hotspot

ePMP1000-CC0989(config)# show version
ePMP1000-CC0989 ePMP 1000 Hotspot 2.4GHz Connectorized
Regulatory domain ROW
Software version 3.3.1.1-r1
Build date 2019-07-10T14:22:09+05:30
Device-Agent version 2.79
Copyright (c) 2014-2017 Cambium Networks, Inc.
System is up 0 days, 04 hours 34 minutes
Device MAC address is 00-04-56-CC-09-89

ePMP1000-CC0989(config)# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=57 time=6.661 ms
64 bytes from 1.1.1.1: seq=1 ttl=57 time=6.134 ms
64 bytes from 1.1.1.1: seq=2 ttl=57 time=5.935 ms

 

UPDATE1:

if I set static ip in AP, I can ping Internet from AP

it seems the problem only happen if AP get ip from dhcp
need to fix this BUG

6

Is your AP VLAN and client VLAN are same? 

if not, please check whether 1.1.1.1 is locally configured on the AP VLAN. 

Please check some other reachable IP address too other than 1.1.1.1.

Regards

Anand

7

1. Is your AP VLAN and client VLAN are same? 
by default is Bridge. same default vlan 1

2. if not, please check whether 1.1.1.1 is locally configured on the AP VLAN. 

1.1.1.1 is cloudflare dns

3. Please check some other reachable IP address too other than 1.1.1.1
From AP can't ping any other ip (this happen if AP using dhcp ip but no problem if using static ip)

From PC can ping any ip

8

3. Please check some other reachable IP address too other than 1.1.1.1
From AP can't ping any other ip (this happen if AP using dhcp ip but no problem if using static ip)

From PC can ping any ip 

 

DHCP IP is a very common deployment model, suspect that, this could be something related to the network infrastructure. 

 

please raise a support ticket @  support.cambiumnetworks.com

 

Regards

Anand 

9

Dear Mikrotik user.

Did you use quickset?

Check

/IP DHCP-Server

Infact...

Export that, and post it here.

10

/ip dhcp-server
add address-pool=IDpool disabled=no interface=bridge name=defconf
/ip dhcp-server lease
add address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1,9.9.9.9 domain=domain.com gateway=192.168.88.1 netmask=24

Nothing special.
DHCP Server works as normal

I plug my pc to ethernet or wireless of my mikrotik.
I can get ip and go to internet

no problem at all

11

Hi,

the problem is not with your DHCP server, but in your AP's configuration, I suppose.
That configuration (AP with 1 vlan and 1 mikrotik) is very common.

Why do you have in your config a static getaway and dns?

ip domain-name ngtrain.com 
ip route default 192.168.88.1 
ip name-server 1.1.1.1 
ip name-server 9.9.9.9

Why do you have this?

interface portchannel 1
 switchport mode access
 switchport access vlan 1
!

What I would do: reset anything to default, it will works.

12

Why do you have a DHCP client using external DNS servers?

Wouldn't it be easier to have it resolve at the router and have the router use 1.1.1.1 and 9.9.9.9?

13

I didn't realize, I can use gateway as my dns server in dhcp.

But just now I test it working too.
Good idea

14

I have always set my DHCP server like that...

Well except when i am setting up something to be DNS filtered... then I point the DNS settings for the client at that.

15

PROBLEMS:
1. can ping 1.1.1.1 from AP but can from PC connected to AP

This is just now config

Reset from factory default

AP can get ip and gateway from dhcp

Problem still the same

# show version
E410-9B6365 cnPilot E410 Dual Band Indoor Integrated
Regulatory domain ROW
Software version 4.0-r17
 
# sh ip interface br
DEVICE          ADDRESS           RX-PTKS   TX-PTKS   RX-BYTES   TX-BYTES   TX-PTK-DROPS   RX-PTK-DROPS   AVG-TX(kbps)  MAX-TX   MIN-TX   AVG-RX   MAX-RX   MIN-RX
PORT-CHANNEL1   0.0.0.0           0         0         0          0          0              0              0             0        0        0        0        0  
VLAN1           192.168.88.174    4724      429       359621     56477      0              0
ETH1            0.0.0.0           5495      444       489563     57603      0              55             0             4        0        0        5        3  
 
# sh ip route
DESTINATION      MASK              GATEWAY         FLAGS  METRIC INTERFACE
0.0.0.0          0.0.0.0           192.168.88.1    UG     0      VLAN1
169.254.0.0      255.255.0.0       0.0.0.0         U      0      VLAN1
192.168.88.0     255.255.255.0     0.0.0.0         U      0      VLAN1
 
# show config
!
management user admin password $crypt$1$DcUFwcKeUU7OaaS7sAheqBYT0jMwvS8O
no management radius-auth
management cambium-remote
management cambium-remote validate-server-cert
no management telnet
management ssh
management ssh idle-timeout 300
no management http
management http port 80
management https
management https port 443
led
lldp
no poe-out
country-code CN
wpa2-handshake-retry 4 4
wpa2-handshake-timeout 100 500 1000
wpa2-handshake-log-level 4
placement indoor
!
wireless radio 1
no shutdown
channel auto
channel-width 20
channel-list all-channels
data-rate unicast 6b 9 12 18 24 36 48 54
data-rate non-unicast highest-basic
power auto
mode gn
airtime-fairness
antenna-gain 5
beacon-interval 100
off-channel-scan dwell-time 50
auto-rf
auto-rf channel-selection-mode interference
auto-rf chan-hold-time 120
auto-rf interference-diff-threshold 10
auto-rf packet-error-rate-threshold 30
auto-rf channel-utilization-threshold 25
multicast-to-unicast max-stream 40
multicast-to-unicast max-stream-per-client 25
mesh-xtnded-dev-list
wmm-parameters downstream txoplimit vi 3008
wmm-parameters downstream txoplimit vo 1504
wmm-parameters upstream txoplimit vi 3008
wmm-parameters upstream txoplimit vo 1504
!
wireless radio 2
no shutdown
channel auto
channel-width 80
channel-list prefer-non-dfs
data-rate unicast 6b 9 12b 18 24b 36 48 54
data-rate non-unicast lowest-basic
power auto
no airtime-fairness
antenna-gain 5
beacon-interval 100
off-channel-scan dwell-time 50
auto-rf channel-selection-mode interference
auto-rf chan-hold-time 120
auto-rf interference-diff-threshold 10
auto-rf packet-error-rate-threshold 30
auto-rf channel-utilization-threshold 25
multicast-to-unicast max-stream 40
multicast-to-unicast max-stream-per-client 25
mesh-xtnded-dev-list
wmm-parameters downstream txoplimit vi 3008
wmm-parameters downstream txoplimit vo 1504
wmm-parameters upstream txoplimit vi 3008
wmm-parameters upstream txoplimit vo 1504
!
wireless wlan 1
ssid E410B
no shutdown
vlan 1
security wpa2-psk
protected-mgmt-frames state optional
protected-mgmt-frames sa-query-retry-time 100
protected-mgmt-frames association-comeback 1
passphrase $crypt$1$dE+sdRuH+n+iWkRwXWDDxVzp29rAmI7N
band both
dtim-interval 1
max-associated-client 127
network-policy-id 0
mac-authentication policy deny
no guest-access
!
rogue-ap detection
!
!
interface portchannel 1
switchport mode access
switchport access vlan 1
!
interface eth 1
switchport mode access
switchport access vlan 1
!
interface vlan 1
ip address zeroconf
ip dhcp request-option-all
ipv6 request-option-all
management-access all
ipv6 address autoconfig
ip address dhcp
!
ntp server pool.ntp.org
hostname E410-9B6365
timezone Asia/Jakarta
snmp-server
snmp-server read-community public
snmp-server write-community private
firewall dos-protection ip-spoof
firewall dos-protection ip-spoof-log
firewall dos-protection smurf-attack
firewall dos-protection icmp-frag
!
ip gw-source-precedence static 1
ip gw-source-precedence dhcpc 2
ip gw-source-precedence pppoe 3
ipv6 gw-source-precedence static 1
ipv6 gw-source-precedence auto-config/dhcpc 2
logging syslog 7
 
UPDATE1:
-this is nothing to do with e410
I beleive because of setting in Mikrotik that from certain ip ranges blocked to certain ip ranges
 
16

You have two error, in my opinion:

this:

169.254.0.0      255.255.0.0       0.0.0.0         U      0      VLAN1

and this:

interface portchannel 1
switchport mode access
switchport access vlan 1


I just setup the same AP with a mikrotik, it works out of the box without those.

17

1. how to remove or shutdown interface using cli

E410(config-portchannel-1)# no switchport

trunk : Disables trunk port parameters

there are no

(config)# no interface portchannel 1
%Error processing cli command

or

(config)# interface portchannel 1
E410(config-portchannel-1)# shutdown
%Error processing cli command

2. how to delete 169.254.x.x from routing
I beleive your firmware is not the same as mine
Mine is

(config)# show version
E410-9B6365 cnPilot E410 Dual Band Indoor Integrated
Regulatory domain ROW
Software version 4.0-r17

UPDATE1:
1. problem caused by mikrotik that block ping from certain ip ranges.
after I change AP to outside that range than OK