cancel
Showing results for 
Search instead for 
Did you mean: 

Mobile devices won't connect to internet will connect to intranet

chris_weis
New Contributor II
Ruckus ZD1106
9.6.1.0 build 15
APs (2): zf7363

Client has two locations, VPN between both locations.
One AP is on the 192.168.1.x subnet, one AP is on the 192.168.10.x subnet.
Issue is with the 192.168.10 AP. Laptops and mobile devices connect fine and are able to access the internal network. Laptops are also able to access the internet without restriction, meaning they behave in the way you would expect devices would on a typical wireless network.

Mobile devices (iOS and Android) can access the internal network just fine but cannot access the internet. There is no ACL, no subnet restriction (they're not connecting through guest access anyway), no web filtering, etc.

Mobile devices connect and have internal and internet access from the 192.168.1 AP, and work as you would expect. Both APs are in the same group, same WLAN, no VLANs or other custom settings.

DHCP is from the network, not the ZD, and there's no problem with obtaining IP addresses and the scope options (DNS servers, etc.).

Odder still, you can ping out from a 192.168.10 mobile device to the internet but cannot access HTTP, etc. (routing = okay). I would assume there might be a restriction somewhere in a network not allowing internet access, but that's not the case. Laptops have no issue.

Rebooting of the ZD, mobile devices, APs has no effect.

Does anyone know of a specific issue with mobile devices that might cause this behavior?
5 REPLIES 5

keith_redfield
Valued Contributor II
This sounds like maybe an MTU/Fragmentation (or rather Do Not Fragment) issue. The fact a VPN is involved lends credence. Web servers try to use the biggest packet possible and they generally set DNF (Do Not Fragment) bit (instead they expect to negotiate MTU via ICMP PMTU discovery).

So, it's likely something in your network is preventing PMTU from reaching the source web servers. They are sending too-large packets which are getting dropped at the tunnel.

chris_weis
New Contributor II
VLANs should be fine since the laptops don’t have an issue and operate normally. It has to be the mobile devices. Is there something specific to iOS and Android devices where this would come into play?

keith_redfield
Valued Contributor II
I was afraid you were going to ask that 🙂 Nothing I can think of, but the symptoms are classic PMTU blackhole.

But I wonder if the PC operating systems are maybe doing some PMTU probing of their own and adjusting accordingly.

chris_weis
New Contributor II
Genius! it was the MTU. Well done Keith.