UPDATE:
Never did solve this, but I want to thanks everyone for their responses and suggestions. We aren’t 100% sure WHY, but it seems that the Dreamwall’s WAN port was blocking any incoming (or maybe outgoing) DNS requests. All attempts to allow this using firewall rules were unsuccessful. We determined that 2 days with the site nearly down and our folks barely able to work was plenty so we reverted back to original config and removed the Dreamwall from the equation.
Wishing the r/Ubiquity sub wasn’t locked at the moment, really could use their input.
Got a really weird issue and hoping someone might be able to help. Apologies, this is a little long and involved and I appreciate you for reading!
Overview: We use AT&T as our WAN provider. 30 sites all over the country using local cable or fiber internet. Connected to that is an AT&T VPN Gateway device (ANIRA U115). Connected to that are our local network devices. The ANIRA device actually serves as a DHCP server for the LAN and routes traffic bound for other sites to the WAN and internet traffic to the internet.
Yesterday, we tried to implement a Ubiquity Dreamwall appliance in one of these locations. We had AT&T make changes to the ANIRA device, specifically changing the DHCP range it provided. Our Dreamwall appliance would handle all local network services including DHCP for the local LAN while the ANIRA still handled the WAN routing to the rest of our locations. The result was removing DHCP server from the AT&T device, changing it’s LAN IP and adding routes matching the new IP addresses.
So, connection looks like this:
Internet IN (Comcast Cable internet, provides DHCP address)|ATT VPN Gateway, WAN port of this device connected to Comcast device, accepts DHCP address to get online. LAN side of this device is configured with a LAN IP of 10.0.40.254|Ubiquity Dreamwall’s WAN port is configured with a Static IP of 10.0.40.10 and connects to the LAN port of the ATT VPN Gateway. LAN IP of thius device is 10.10.40.1, is also DHCP server for local LAN subnet 10.10.40.0/24 providing addresses .10 - .50|Local devices 10.10.40.X are PC’s Printers and such.
This is where it gets weird:
- ALL devices on the 10.10.40.0 network can access the Intenet with NO ISSUES. Email/Outlook, Teams, OneDrive, Web Browsing all work with no problems. This shows to me that trafic is pasing through the Dreamwall and the AT&T Gateway in both directions.- All devices on the 10.10.40.0 network can ping the 10.0.40.254 IP address of the AT&T VPN Gateway- All devices on the 10.10.40.0 network can ping devices on the WAN by IP ONLY. (We have a DNS server in our datacenter 10.10.250.10 that is configured as the DNS server for devices on the 10.10.40.0 network). PC at 10.10.40.20 can ping 10.10.250.10 with no issues, but cannot ping by server name, cannot resolve DNS.- Devices on 10.10.40.0 cannot reach any domain resources. I am assuming this is becasue internal DNS is not working/communicating the 10.10.40.0 network.- Devices on the 10.10.250.0 network can ping the 10.0.40.254 IP of the AT&T VPN Gateway and even reach it’s Web interface.- Devices on the 10.10.250.0 network cannot ping 10.0.47.10 or ANYTHING inside of the 10.10.40.0 network.- And the most bizzare of all: From the web interface on the AT&T VPN Gateway, there are connectivity tools: from there I can ping and tracert from 10.0.40.254 to 10.10.250.0 with no problem but CANNOT ping 10.0.40.10 which it’s directly connected to.
Have been pulling my hair out for the last 12 hours on this. AT&T techs have created the correct routes in their network and I have attempted to create the proper routes and firewall rules on my Ubiquity Dreamwall. I have made sure that both the AT&T and Dreamwall have the same subnet mask. The fact that these two devices, connected by a 3 ft Ethernet cable cannot communicate fully is bizzare. Can ping UPSTREAM but not DOWNSTREAM.
If anyone has any ideas or suggestions, Please share. I am out of ideas. Thanks for reading.