cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1727
Views
0
Helpful
7
Replies

1532i autonomous setup with DHCP

kirm
Level 1
Level 1

Hi everyone,

First time posting although I've lurked plenty looking for answers. Any help from you folks is much appreciated.

I've got a Cisco Aironet 1532i with the autonomous IOS. I'm trying to use the wireless access point to give out different IPs that my wired network and am having nothing but trouble.

My wired network is 192.168.1.0/24 and I want the Aironet to give out 10.10.10.0/24 using it's built-in DHCP server. Handy, no doubt, but I can't get it to work.

Here's my show run:

1530i#show run
Building configuration...

Current configuration : 6405 bytes

version 15.2

service password-encryption
!
hostname 1530i
!
aaa new-model
!
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common

ip domain name local
ip name-server 10.10.10.1
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.120 10.10.10.254
!
ip dhcp pool Garage
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1

dot11 vlan-name Wireless vlan 10
!
dot11 ssid Garage
vlan 10
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 01070E01560A1F0033455D0817040401
!
dot11 ssid Garage-5
vlan 10
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 0310530E0B0E38435C000A041913181F
!
!
dot11 guest
!
ip ssh version 2
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid Garage
!
antenna gain 0
packet retries 64 drop-packet
station-role root
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid Garage-5
!
antenna gain 0
peakdetect
dfs band 3 block
packet retries 64 drop-packet
channel dfs
station-role root
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.10
encapsulation dot1Q 10
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 10
bridge-group 10 spanning-disabled
no bridge-group 10 source-learning
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning

interface BVI1
no ip address
!
interface BVI10
ip address 10.10.10.11 255.255.255.0
!
ip default-gateway 10.10.10.1
ip forward-protocol nd
ip forward-protocol spanning-tree
ip http server
ip http secure-server
!
access-list 111 permit tcp any any neq telnet
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
!
end

 

I've cleaned it up to leave out extraneous info.My laptop will pull an IP in the given range but I can't get to the router. I can ping the BVI at 10.10.10.11 but after that nothing.

 

Aironet pulls it's PoE and network connection from a WS-C3560C-8PC-S, VLAN1 0

 

show interfaces fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 10 (Wireless Network)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,10,256
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

 

After the 3560 it goes to a 2970G-24T-E

which is passing VLANs 1-99

Then onto a Mikrotik that has the 192.168.1.1 gateway. It also has the 10.10.10.1 gateway.

 

Any ideas what I'm doing wrong? Let me know if you need any other info and thanks for any help you can give. Even just some high-level ideas without code are helpful. Like how does the Aironet handle DHCP. I found that the BVI has to have the same number as the VLAN to pass DHCP IPs. How does the BVI behave at this point? Is it a bridge? Does it translate the 10.10.10.0 address to the next switch down the line or does it try and route it?

 

 

7 Replies 7

Hello
The AP interconnects to a switch via a trunk or access porrt and from the switch to a router correct? Can you post a simple topology diagram to visualize the setup,

From your AP configuration I can see your addressing is set to BVI 10 however youve enabled routing/bridging to bridge-group 1 & 10 globally and also on some of your radio interfaces.


bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Network diagram attached as requested.

As for running the commands:

no bridge 1 protocol ieee
Please remove the BVI 1 interface first!

1530i(config)#no bridge 1 route ip
%command not allowed, cannot remove bridge 1 route ip
1530i(config)#no int bvi 1
%command not allowed, cannot remove BVI 1

 

So it seems it won't allow me to mess with bridge 1 and I remember reading that somewhere.

Hello

Add the L3 addressing to BVI 1 instead.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks Paul and sorry about taking so long to get back to you. I'm in the middle of studying for my CCNA...

If I remember correctly I did add the addressing to BV1 way back when I started this project. It didn't work.

But I have a second unit and am starting to config it from the beginning. Fresh unit with default config.

I'm not messing with the radios or Vlans right now. Just want to see if it will talk with the local network (192.168.1.0/24)

I've set BV1 to have an address of 192.168.1.251, an address in the local network and it STILL won't see the network that is surrounding it. I can ping 192.168.1.251 from the 1532 but I can't get to the gateway. Yes, I set the default gateway. That shouldn't happen and I'm at wit's end.

 

If I can't get it to communicate on the local network how am I going to get it to bridge a wireless network with a local network. My old Net Admin never had a high opinion of these units and now I'm beginning to see why. I think these were meant to work with a controller and autonomous operation is tough.

 

By the way, I have a small delib APC-2MI unit and I can get it to do this easy as pie. Not sure what the problem is with this one.

 

What I don't understand is why all the bridges. RBI, BVI, I have no idea what does what. I'm reading up on them but nothing is clicking.

 

Thanks,

Hello,

 

the main problem seems to be that you put Vlan 10 in the wrong bridge group. Make the changes marked in bold:

 

Building configuration...

Current configuration : 6405 bytes
!
version 15.2
!
service password-encryption
!
hostname 1530i
!
aaa new-model
!
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common

ip domain name local
ip name-server 10.10.10.1
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.120 10.10.10.254
!
ip dhcp pool Garage
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1

dot11 vlan-name Wireless vlan 10
!
dot11 ssid Garage
vlan 10
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 01070E01560A1F0033455D0817040401
!
dot11 ssid Garage-5
vlan 10
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 0310530E0B0E38435C000A041913181F
!
dot11 guest
!
ip ssh version 2
bridge irb
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid Garage
!
antenna gain 0
packet retries 64 drop-packet
station-role root
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
--> bridge-group 10
--> bridge-group 10 subscriber-loop-control
--> bridge-group 10 spanning-disabled
--> bridge-group 10 block-unknown-source
--> no bridge-group 10 source-learning
--> no bridge-group 10 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid Garage-5
!
antenna gain 0
peakdetect
dfs band 3 block
packet retries 64 drop-packet
channel dfs
station-role root
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.10
encapsulation dot1Q 10
--> bridge-group 10
--> bridge-group 10 subscriber-loop-control
--> bridge-group 10 spanning-disabled
--> bridge-group 10 block-unknown-source
--> no bridge-group 10 source-learning
--> no bridge-group 10 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
--> bridge-group 10
--> bridge-group 10 spanning-disabled
--> no bridge-group 10 source-learning

!

interface BVI1
no ip address
!
interface BVI10
ip address 10.10.10.11 255.255.255.0
!
ip default-gateway 10.10.10.1
ip forward-protocol nd
ip forward-protocol spanning-tree
ip http server
ip http secure-server
!
access-list 111 permit tcp any any neq telnet
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
!
end

Oh if only I could...

 

1530i(config)#int do0.10
1530i(config-subif)#bridge-group 10

Interface already configured within Bridge Group 1.

1530i(config)#int do0
1530i(config-if)#brid
1530i(config-if)#bridge-group 1

Interface already configured within Bridge Group 10.

 

And as I remember I did have it the way you mentioned originally...I've tried a lot of different configs... With bridge group 10 on the .10 interface the laptop wouldn't pull a DHCP IP. It authenticated and I could set the IP manually but no DHCP.

 

These Aironets are really difficult to work with, I've done a lot of research on them.  Just when I think I've got it, I fail again.

 

Thanks for the help guys.

Hey all, I thought I would check in with the solution...if you can call it that.

I bought a lightly used 2901 router and configured it for DHCP. I'm using router on a stick. gig0/1.10 ip add 10.1.1.254

I then wiped the 1532 and started again. This time I kept it simple and let the router do the DHCP work. It just ended up working.

As you all mentioned about this simple config worked at that point:

 

interface GigabitEthernet0.10
encapsulation dot1Q 10 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
!
interface BVI1
ip address 10.1.1.250 255.255.255.0
!
ip default-gateway 10.1.1.254

 

Glad to get it working but I don't know if I could have using the Mikrotik router and letting the 1532 do the DHCP work. But then again, I'm a noob so what do I know.

Review Cisco Networking for a $25 gift card