Re: Problem DHCP betwen AP3700E, Switch SG300 and Router 890sfp

mekkid · ‎02-18-2021

Hi,

I have problem with my DHCP betwen AP3700E, switch SG300 and router 890sfp.

My router is configured as a DHCP server and here is the configuration :

no aaa new-model

ip dhcp excluded-address 190.160.254.1 190.160.254.50

ip dhcp excluded-address 192.168.10.1 192.168.10.50

!

ip dhcp pool LocalDHCP

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 192.168.10.1

!

ip dhcp pool vlan 2

network 190.160.254.0 255.255.255.0

dns-server 190.160.254.1

default-router 190.160.254.1

!

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip cef

no ipv6 cef

cts logging verbose

license udi pid C892FSP-K9 sn FJC2027L16W

license accept end user agreement

license boot module c800 level advsecurity

!

username MYNAME privilege 15 secret 5 $1$sbDR$yVmwrsO8DcFiJYL3qweBR/

!

interface GigabitEthernet0

no ip address

spanning-tree portfast

!

interface GigabitEthernet1

no ip address

!

interface GigabitEthernet2

no ip address

!

interface GigabitEthernet3

no ip address

!

interface GigabitEthernet4

no ip address

!

interface GigabitEthernet5

no ip address

!

interface GigabitEthernet6

switchport access vlan 2

no ip address

!

interface GigabitEthernet7

switchport access vlan 2

no ip address

!

interface GigabitEthernet8

no ip address

duplex auto

speed auto

!

interface GigabitEthernet9

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Vlan1

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan2

ip address 190.160.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list 1 interface GigabitEthernet9 overload

ip nat inside source list 2 interface GigabitEthernet9 overload

!

snmp-server community public RO

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 2 permit 190.160.254.0 0.0.0.255

!

This is my configuration of the Switch SG300

vlan database

vlan 2

exit

hostname switch3ac595

username cisco password encrypted 737fe58f8b863cfdcdf56a1f7c773eae00e0947b privilege 15

!

interface gigabitethernet1

switchport mode access

!

interface gigabitethernet2

switchport mode access

!

interface gigabitethernet3

switchport mode access

!

interface gigabitethernet4

switchport mode access

!

interface gigabitethernet5

switchport mode access

!

interface gigabitethernet6

switchport mode access

!

interface gigabitethernet7

switchport mode access

!

interface gigabitethernet8

switchport mode access

!

interface gigabitethernet9

switchport mode access

!

interface gigabitethernet10

switchport mode access

!

interface gigabitethernet11

switchport mode access

!

interface gigabitethernet12

switchport mode access

!

interface gigabitethernet13

switchport mode access

!

interface gigabitethernet14

switchport mode access

!

interface gigabitethernet15

switchport mode access

!

interface gigabitethernet16

switchport mode access

!

interface gigabitethernet17

switchport mode access

!

interface gigabitethernet18

switchport mode access

!

interface gigabitethernet19

switchport mode access

!

interface gigabitethernet20

switchport mode access

!

interface gigabitethernet21

switchport mode access

!

interface gigabitethernet22

switchport mode access

!

interface gigabitethernet23

switchport mode access

!

interface gigabitethernet24

switchport mode access

!

interface gigabitethernet25

switchport mode access

!

interface gigabitethernet26

switchport mode access

!

interface gigabitethernet27

switchport mode access

!

interface gigabitethernet28

switchport mode access

!

interface gigabitethernet29

switchport mode access

!

interface gigabitethernet30

switchport mode access

!

interface gigabitethernet31

switchport mode access

!

interface gigabitethernet32

switchport mode access

!

interface gigabitethernet33

switchport mode access

!

interface gigabitethernet34

switchport mode access

!

interface gigabitethernet35

switchport mode access

!

interface gigabitethernet36

switchport mode access

!

interface gigabitethernet37

switchport mode access

!

interface gigabitethernet38

switchport mode access

!

interface gigabitethernet39

switchport mode access

!

interface gigabitethernet40

switchport mode access

!

interface gigabitethernet41

switchport mode access

!

interface gigabitethernet42

switchport mode access

!

interface gigabitethernet43

switchport mode access

switchport access vlan 2

!

interface gigabitethernet44

switchport mode access

switchport access vlan 2

!

interface gigabitethernet45

switchport mode access

switchport access vlan 2

!

interface gigabitethernet46

switchport mode access

switchport access vlan 2

!

interface gigabitethernet47

switchport mode access

switchport access vlan 2

!

interface gigabitethernet48

switchport mode access

switchport access vlan 2

!

interface gigabitethernet49

switchport trunk allowed vlan add 2

!

interface gigabitethernet50

switchport trunk allowed vlan add 2

!

interface gigabitethernet51

switchport trunk allowed vlan add 2

!

interface gigabitethernet52

switchport trunk allowed vlan add 2

!

Exit

This is my configuration of the AP3700E

no aaa new-model

no ip source-route

no ip cef

dot11 syslog

dot11 vlan-name CMEI vlan 1

dot11 vlan-name CMEI-Patient vlan 2

!

dot11 ssid CMEI

vlan 1

authentication open

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 7 05535E5779181A5D4D

!

dot11 ssid CMEI-Patient

vlan 2

authentication open

authentication key-management wpa version 2

guest-mode

mbssid guest-mode

wpa-psk ascii 7 025E5C0353525B7518

!

dot11 guest

username Cisco privilege 15 password 7 05280F1C2243

!

bridge irb

!

interface Dot11Radio0

no ip address

!

encryption vlan 2 mode ciphers aes-ccm

!

ssid CMEI-Patient

!

antenna gain 0

stbc

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.2

encapsulation dot1Q 2

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 spanning-disabled

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

!

interface Dot11Radio1

no ip address

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid CMEI

!

antenna gain 0

peakdetect

dfs band 3 block

stbc

mbssid

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface GigabitEthernet0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface GigabitEthernet0.2

encapsulation dot1Q 2

bridge-group 2

bridge-group 2 spanning-disabled

no bridge-group 2 source-learning

!

interface BVI1

mac-address 00f6.6344.d76c

ip address 192.168.10.6 255.255.255.0

ipv6 address dhcp

ipv6 address autoconfig

!

ip default-gateway 192.168.10.1

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip route 0.0.0.0 0.0.0.0 192.168.10.1

!

bridge 1 route ip

!

line con 0

line vty 0 4

login local

transport input all

!

end

here is my physical connection

Router Ge 0 to switch Gi 49 (trunk)

Router Ge 7 to switch Gi 50 (trunk)

Router Ge 9 to FAI

AP3700 to switch Gi 1

My computer to switch Gi 2

Om my computer i receive an IP Address ,but with WIFI i do not receive anything.

thanks

Richard Burts · ‎02-18-2021

Would you post the output on the switch for the command show interface trunk?

You tell us that

Router Ge 0 to switch Gi 49 (trunk)

but Ge0 is an access port in vlan 1

Router Ge 7 to switch Gi 50 (trunk)

but Ge7 is an access port in vlan 2

Remember that access ports send Ethernet frames that have no vlan tag. So if the switch port is a trunk and receives a frame with no tag it will treat it as belonging to vlan 1.

Also you tell us

AP3700 to switch Gi 1

but Gi1 is an access port in vlan 1. The AP expects to be connected to a trunk port.

It is not related to the main issue with the AP but I would point out this

ip nat inside source list 1 interface GigabitEthernet9 overload

ip nat inside source list 2 interface GigabitEthernet9 overload

I would suggest that rather than 2 nat statements with 2 access lists that you configure a single access list with 2 permit statements and have a single nat statement.

HTH

Rick