This past weekend I stood up my network with new Ruckus APs running Unleashed and a new instance of OPNSense. I used the same SSIDs for the wireless and have created a separate VLAN specifically for IoT which segregates it from my other four VLANS.
Nearly all clients smoothly transitioned from the old Ubiquity to the new Ruckus WAPs as I used the same SSID and WPA keys. I unfortunately have three devices, (two LG appliances and an Rheem hot water heater) that refuse to connect to their cloud. The interesting thing is that I have an LG washer, dryer, and microwave which connect just fine.
What I’ve checked so far.
Clients receive DHCP from OPNsense and can be pinged. They seem to have connection to the IoT subnet.
Confirmed there are no firewall rules blocking the devices from accessing the WAN. Monitored for any blocking firewall rules coming from outside of WAN
Reviewed Unbound DNS logs to determine if block list was causing an issue with accessing the cloud. There appear to be no issues here.
Provided a static DNS server for the client specifically 1.1.1.1 in the hopes to troubleshoot any Unbound DNS issues .
Since I’m having issues with just three clients on the VOIP SSID, does anyone have any suggestions on what to check next?
If you were to connect these devices to any other LAN/vLAN do they get internet access over wifi ?
If you plug in a laptop to an IoT port on your switch, then over wifi do you get access ?
Do you know which ports the devices use ?
If your setup worked before, then it sounds like you have a config error in either your router, switch or AP, you just need to test each point with a laptop to confirm it works over ethernet and wifi before even looking at the IoT devices.
I seemed to resolve the issue for the two LG products. I had to create an SSID for the IoT VLAN which only allowed WPA2 authentication. I did that and made that particular SSID 2.4Ghz only. For some reason there was an issue when I had previously used WPA2/WPA3 option.
Unfortunately this did not resolve my issue with the Rheem hot water heater. I tried assigning the device to a “Test” VLAN which was not using Unbound (without blocklist) and was wide open on the firewall. The Test SSID also had WPA2 and was limiting the radio to the 2.4Ghz. Unfortunately it is still unable to connect to the cloud.
I tried looking to see what ports are being used by EcoNet, but I didn’t find anything specifically which seemed to help.
Given that all my other devices are connecting to the internet just fine I’m starting to think that there’s another setting in the Ruckus Unleashed that is causing issues. Using the Unleashed Troubleshooting it appears that everything is connecting correctly, though.
When I do I do a packet capture it appears that it is able to access the intended destination–though I am starting to get a bit over my skis when diving this far into the mix. I don’t see anything glaringly obvious.
A lot of these IoT devices are designed for a basic home setup, I would try using common defaults like 192.168.1.0/24 for example, with basic security and go from there perhaps. Presumably you’ve checked the devices forum, I’m sure others may have had similar issues.
That’s a good thought. Since it had worked with my previous setup on a similar VLAN using the Ubiquity and previous instance of OPNSense, I’m hoping that I can get it working with the new hardware.
Hoping others might have another idea to try. I’m also going to look to see if there are any additional settings for the SSID that is more dumb IoT friendly that I can turn on.
