no ping from SSH - STILL a serious issue
The issue raised in Topic 158407 is still real, and still open 3+ years later.
Ping is essential for debugging network issues in even a moderately complicated network.
You support VLANs. That's complicated. You support SSH. You need to support ping from the SSH account.
ping is not a security risk. As explained in 158407, not allowing ping is a BUG.
ping requiring root permissions was a bug introduced into some Linux distros due to the package maintainers not updating the ping/busybox packages when kernel policy did change.
You can correct this by replacing busybox ping with the standard command and either setting the SETUID bit for ping or by granting ping the right to use raw sockets if your Linux version running on EAP supports extended file attributes. Newer Linux distros have corrected this bug in the ping package already.
I am currently struggling to determine why a device is successfully connected according to the access point, is pingable, but reports no internet connectivity. The SSID is on a trunked VLAN. Other devices on the VLAN can connet to the outside world. Trying to diagnose that issue without the ability to test from the AP is next to impossible.
Please, Please fix this firmware bug. I can't recommend and certainly won't be buying more of this otherwise good AP until it is fixed. My manager is also very unhappy.