Hi everyone, and thanks in advance for responses.
I got an Aironet 1041 (Air-LAP1041N-E-K9), and it's configured as standalone mode. I mean, after I've recieved it, I followed the steps to administrate it with web console.
So, everything is working perfect with PC laptops, but there's no internet connection with the mobile devices associated. Sometimes, the AP assigns an IP out of the dhcp excluded range, and sometimes when assigns a correct IP, there's no internet connection on the device.
Something special for the mobile devices? Maybe the "domain-name" option? (because the mobile devices are not in domain of course...)
In response to your question, I would like to assume the following. Please provide clarification if I assume wrongly:
1. You are using WPA or WPA2 PSK.
2. The laptops are associated and are able to access the internet and network resources.
Now please could you provide answers to the following:
1. What do you mean by standalone? was the AP converted to Autonomous
2. Are the laptops using a proxy server address to connect to the Internet
3. Do the mobile devices connect then fall off --- You were not clear when you said they sometimes get assigned an IP
4. Is the problem with specific mobiles or all mobiles whether Apple or Android
1. Using WPA2
2.Correct. Associated, connecting to the internet and surfing across the lan.
1. You are right, I meant Autonomous, when I said standalone
2. Aren't using a proxy, because the dhcp addresses assigned are out of the proxy-range.
3. The mobile devices are always assigned, but sometimes they are getting a correct IP (inside the defined range), and sometimes they are getting a incorrect IP (outside the range). We did this config in console mode:
ip dhcp excluded address 192.168.1.1 192.168.1.180
ip dhcp excluded address 192.168.1.190 192.168.1.254
ip dhcp pool aphall
network 192.168.1.0 /24
dns-server 192.168.1.235 126.96.36.199
So, the range 192.168.1.181 192.168.1.189 is the range assigned from our Domain Controller. And it works perfectly on laptops (verified looking the ipconfig)
4. The problem affects Android and Apple devices
Thanks a lot in advance, and sorry for my poor cisco knowledge...
By the way, returning to point 3, the mobile devices aren't connecting to the internet with any IP (correct or incorrect)
From your config, you have allowed only 10 IP addresses to be assigned. How many laptops do you have connected. Also by proxy, I mean do the corporate devices access the internet through a proxy server. Check from internet options on the web browser of one of the laptops
There's no laptops right now. With no devices associated, any mobile device gets the same problem.
The laptop that I've been tested, had no proxy configuration.
A bit confusing. You mentioned that the mobile devices sometimes get an ip. Could you paste the config of the AP. Also your lease is to short to retain an IP. How long is your key and are you using AES. Could you test with a shorter key length and use TKIP
Mobile devices always get an IP. Some gets a correct IP, and some gets a incorrect IP. But both, are not connecting to Internet.
The key is 9 characters long.
The lease is only for a day because of this access point is for devices that no more than two or three hours online.
Here is the Cipher, Client Authentication Settings and Client Authenticated Key Management.
My bad, I thought I saw the lease as 001. Anyway, if your mobile devices do get an IP, then we need to focus on their inability to connect to the internet. I need to understand how your network is set up. For the corporate devices to access the Internet, they must go through a device which NATs the private IPs to a public IP. If your mobile devices get the same IP in the range as the corporate, then only a specific rule which allows only corporate devices can block external devices. To test, connect a laptop which has never been connected to your domain, to your wireless SSID and test to see if it connects to the Internet
Ok, good advice.
I will focus on that, this monday morning. I'll keep you informed about that. I'll make the test with a completely foreign laptop, and then will see...
I've been tested with a foreign laptop.
So, the laptop gets a IP out of the dhcp range. I think I've found the problem, maybe it's the dhcp relay into the Aironet.
How can be disabled the dhcp relay in the Aironet?
Googling, I think this is the option:
Enabling the Cisco IOS DHCP Server and Relay Agent Features
By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To reenable these features if they are disabled, use the following command in global configuration mode:
Router(config)# service dhcp
Enables the Cisco IOS DHCP server and relay features on your router.
Use the no form of this command to disable the Cisco IOS DHCP server and relay features.
You have to use the no service dhcp option to disable DHCP server and relay options. However, another device would have to act as a dhcp server. Are you sure that you do not have a network range overlap with another subnet? If devices get assigned addresses outside a specified, then there is most likely an overlap. Was the foreign laptop able to connect to the Internet?
I think I only need to deactivate the dhcp relay option. placed outside this LAN, The AP assigns correct IP's. But I don't know how.
When the AP is on the corporate LAN again, then assigns a wrong IP's. These wrong ip's are from a windows dhcp range property.
So, why when the AP is on the corporate LAN, is not doing the assignation of her range of ip's?
You need to check if IP helper-address is configured on the switch port that the AP is connected to. If it is, remove it. Also make sure that the AP native vlan, if specified, is not the same vlan as your corporate LAN.