Hello Paul,

I did turn the dhcp service off, and the devices don't get any IP address at all.

However, I did make all the changes below and that works (woohoo finally some progress).

I tested it with two wireless devices, and they get indeed a dynamic IP  192.168.37.2 and 192.168.37.3

The dhcp pool I have looks like this, when I do a "show run"

ip dhcp pool DHCP_LAN
import all
network 192.168.1.0 255.255.255.0
network 192.168.2.0 255.255.255.0 secondary
override default-router 192.168.2.1
network 192.168.37.0 255.255.255.0 secondary
override default-router 192.168.37.1
default-router 192.168.1.1
dns-server 192.168.1.1
lease 0 8

Of course I would need to get those 2 groups of devices with a static IP back in place.

So if I need the static bindings, would I just use that list  and add this to those pools?:

import all
override default-router 192.168.2.1
override default-router 192.168.37.1
default-router 192.168.1.1
dns-server 192.168.1.1

The 192.168.37.0 network is justthere fr getting to the management interface of the APs, the APs themselves have 192.168.37.x addresses.

I am real happy that things are starting to work!

thanks!!

Ron

Hello
Glad it is now working.
As for the .37.0/24 subnet then you can remove the dhcp pool for that if you dont require it.

For the static addressing can you confirm if that these hosts that require the static addressing do so by dhcp or are they manually assigned?

If the former and you have multiple hosts then your origin file would be the most viable option however it isnt applicable with dhcp pools but you can still apply static bindings in the example below, If the latter then you just need to exclude them from the dhcp pools and manually assign the addressing to your static hosts.

Example: - host ip 192.168.1.100 - mac addresss 2222:3333:4444
ip dhcp excluded-address 192.168.1.100
ip ip dhcp pool static_1
host 192.168.1.100 255.255.255.0
client-identifier 0122.2233.3344.44 < 01 is required which states the media type of the interface 10/100/1000 ethernet)
default-router 192.168.1.1

Hello Paul,

Yes it is working IF the nodes/hosts that connect through a wireless AP, end up with an IP in the same subnet as the APs have their ip addresses.  I can either do that dynamically or I can do that with an origin file, as long as the addresses handed out are in the same subnet. (So the wireless APs all have an address like 192.168.37.x)

It is probably not a good idea to have these nodes in the same subnet. The static addresses have to be done with DHCP, the nodes/hosts are sensors and pretty simple for the network part, when powered they send DHCP discovery broadcasts immediately. (aptops etc of course I could configure).

I think the origin file is not really the issue.  I tried a few things after applying your initial suggestion to see what happens with just one dhcp pool with 3 different subnets.

Since that worked really well,  I wondered why never an address from the first two pools were handed out  (192.168.1.0 and 192.168.2.0 subnets) but always in the 192.168.37.0. subnet.

I changed the pool you suggested as a test to just use the 192.168.2.0 network, and that resulted in the same issues (regardless if I used a dynamic pool or static), dhcp server doesn't send out a response to the discovery client.

If I use the 192.160.37.0 network, regardless of if I uses dynamic IP assignments or static with an origin file, it just works (as long as the AP's ip addresses are in the same subnet.)

This is what I see with 'debug ip dhcp server events'  and 'debug ip dhcp server packet':
Apr 27 13:39:24.586: DHCPD: client's VPN is .

Apr 27 13:39:24.586: DHCPD: No option 125
Apr 27 13:39:24.586: DHCPD: Sending notification of DISCOVER:
Apr 27 13:39:24.586: DHCPD: htype 1 chaddr 58ef.689e.9981
Apr 27 13:39:24.586: DHCPD: remote id 020a0000c0a8250101000025
Apr 27 13:39:24.586: DHCPD: circuit id 00000000
Apr 27 13:39:24.586: DHCPD: DHCPDISCOVER received from client 58ef.689e.9981 on interface GigabitEthernet0/1.37.
Apr 27 13:39:24.586: DHCPD: Seeing if there is an internally specified pool class:
Apr 27 13:39:24.586: DHCPD: htype 1 chaddr 58ef.689e.9981
Apr 27 13:39:24.586: DHCPD: remote id 020a0000c0a8250101000025
Apr 27 13:39:24.586: DHCPD: circuit id 00000000
Apr 27 13:39:24.586: DHCPD: there is no address pool for 192.168.37.1.
Apr 27 13:39:24.586: DHCPD: setting giaddr to 192.168.37.1.
Apr 27 13:39:24.586: DHCPD: BOOTREQUEST from 58ef.689e.9981 forwarded to 192.168.1.1.

About hardware address vs client-id, and them being very similar, I read in a few places that it's the MS windows machines use/change their MAC address (and for example Cisco equipment has a completely different identifier all together?)

I see the actual hardware addresses in the discover packets, just as in the excerpt above.

From what I understand, but not sure,  because the discovery packet was forwarded by by 192.168.37.1 (through interface GI0/1.37) dhcp tries to find a pool for that subnet, but there isn't a pool with anything 192.168.37.0 subnet in it.

I tried to read up on pool classes, but don't really understand how to set that up. I have the impression, that something like a pool class would be needed? The APs are connected through a trunk, so technically those would be able to pass through traffic from different subnets?

thanks,

Hello

I may think I have lost you on this, The dhcp pool is now working isnt it, so why change it?
The issue now was the dynamic reservation and allocation of static hosts?

---

@roncro wrote:
Since that worked really well, I wondered why never an address from the first two pools were handed out (192.168.1.0 and 192.168.2.0 subnets) but always in the 192.168.37.0. subnet

---

You only need to create the one pool and have only subnet scopes active for the vlans that clients in those vlans require.
So the end hosts need to be in the correct access vlan to pole their correct dhcp scope and that is including the wifi access-points (unless those APs are autonomous)  and as for the problem with the incorrect dhcp allocation well I think the problem was the result of having direct broadcasting running.

Hello Paul,

well, the nodes/hosts need to be in different subnets than the APs themselves.

That is what I originally thought, the issue being the static allocation, but the issue appeared to be the dhcp clients

being on a different subnet than the wireless APs are.

The APs are autonomous.

What I ultimately want:

- 1 type of hosts is statically assigned an IP, through DHCP in for examle the 192.168.2.0 subnet

- another type of hosts is statically assigned an IP, through DHCP in for examle the 192.168.3.0 subnet

I want to be able to have several subnets, for different types of hosts/nodes.

The wireless APs I want in another subnet,  192.168.37.0

At first I though that somehow the router didn't like the static pools but it looks like it just doesn't like them to be in a different subnet.

Should I start a new thread for that?

thanks!!

Ron

Hello

Have you created the radio subinterfaces on each Access Point for the vlans and assigned a SSID to each of these vlans for you WIFI clients!
Obviously then the Access Point port connecting to the switch then needs to be administratively trunked.

you must be on a cell phone or so,  I am trying to decipher your post.

subnets on each AP you mean?

Yes the ports the APs are connected to are truncked.

I don't know if this gives more info, but I used to have a small business router, an RV320. The setup hasn't change.  I could use the APs, with the same 2960 switches and that router. That router is simpler, I did do static MAC-IP binding  and it had 3 VLANS but VLANS on it could only be define with IP ranges, where I used 192.168.1.0 for VLAN1,  192.168.2.0 for VLAN2 and 192.168.3.0 for VLAN3.  Other than that,  that RV320 router didn't need any thing else, nor did the switches.).

That being said;  I think I probably have to make some vlans on the switch (and possibly router)  since that RV320 is a router with a little integrated 4-port switch.

I am trying to figure out how to do that.

thanks!,

Ron

Hello Ron
Okay so the RV router is gone and in place of that is a 2900 rtr correct so the physical setup would be
2900 <---> L2switch <--->Access-points<--- wifi clients

If so the rtr configuration with the changes i proposed would be correct, So you need to create the L2 vlans on the switch that associate with the L3 subinterfaces on the rtr and then to attach the switch to this router and have that port on the switch be a trunk.

Pease confirm you have this setup if not elaborate on the physical setup a bit more.

Switch
config t
no ip routing
vlan 2, 37
exit

int x/x
description link to 2900 rtr
switchport mode trunk
exit

int x/x
description link to Access-point
switchport mode trunk
exit

Yes exactly;

it used to be:

rv320 <---> L2switch <--->Access-points<--- wifi clients

now it is:

2900 <---> L2switch <--->Access-points<--- wifi clients

However I needed to change the connection from the Cisco 2690 switch to the Cisco 2900 router to a trunk, to make the 2900 work with the switch and also, changed the ports of the 3 APs that were on that switch to trunk and native vlan 37.

Yes on the L2 vlans on the switch with the L3 on the rtr,  I think that is what that old router did too.

Also, yes, the  connection between the switch, and  the ports that connect the APs are trunks.

I did try the "no ip route",  apparently the switch doesn't know about that one.

below is the running config (left the pki key out):

thanks!!

Ron

Current configuration : 3859 bytes
!
! Last configuration change at 18:01:40 UTC Sun Jan 1 2006 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname North
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S873$6ik6XiM5OMHyd3u/oKuOc/
!
username admin password 7 05190559706C5A1A0C0B161F025F53
no aaa new-model
clock timezone UTC -7 0
clock summer-time UTC recurring
switch 1 provision ws-c2960s-24ps-l
!
!
ip domain-name localdomain
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1466853504
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1466853504
revocation-check none
rsakeypair TP-self-signed-1466853504
!
!

quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
interface Vlan37
no ip address
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
!
!
line con 0
logging synchronous
login local
line vty 0 4
password 7 1405115D5D243E38312632382B4050
login local
transport input ssh
line vty 5 15
login
!
end

Hello
For you information the native vlan assignment inst globally applied on any device but its interface specific so this means you can have multiple native (untagged) trunk interconnects on one switch, which is applicable but i wouldn't say viable,

Now It looks like that you have vlan 37 untagged (native vlan) on the the switch trunk link towards the access points, But you don't have the native vlan on the sub-interface gig0/1.37 on the 2900 and on the switch trunk port connecting to the rtr?

Suggest to make the native vlan on gig0/1.37 on the rtr and its connecting switchport on the switch to have parity with the other trunks on the switch

Please make the following changes:

2900
int gig0/1.37
encapsulation dot1q 37 native

Switch
interface GigabitEthernet1/0/24
switchport mode trunk

switchport trunk native vlan 37

Hello Paul,

I tried what you suggested, 

it seems that I cannot reach anything outside my own subnet after I do

2900
int gig0/1.37
encapsulation dot1q 37 native

I tried both switch and router separately, and with the settings 'active' on both.

Switch
interface GigabitEthernet1/0/24
switchport mode trunk

switchport trunk native vlan 37

Witch both setting I can only touch the switch from my workstation, nothing else.

switchport mode trunk seems to be fine

the native vlan 37 doesn't work in either case, nor combined.

thanks

Ron

Hello

Apologies for that maybe I have missed something here or not just fully aware of your configuration.
Are those two interfaces connecting to each other?
Can you post the config of the rtr, switch and access point please and in that can you append.

sh ip interface brief
sh ip route
sh interface trunk
sh vlan brief

Hello Paul,

No problem, that happened more often by doing that myself.  Yes,  the router's port GI0/1 and the switch's port GI1/0/24 are connected. The APS (one 100 and 2 1200's are connected to 10, 11 and 12 on the switch respectively.  Port 28 on teh switch is connected to a little Cisco SR2024C (un-managed switch) for now (going to be replaced by another 2960).

The router is called Charon, the 2960 switch is called North, the AP I used is called ap2.

I took the public IP out, not that i mind you knowing it, but this being a public forum ....

looks this is going to be a very long post...

thanks for all the time spending on this !!

Ron

Router (Cisco 2900) configs:

Charon#show run
Building configuration...

Current configuration : 3905 bytes
!
! Last configuration change at 17:15:59 UTC Tue Apr 28 2020 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Charon
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Y6Ap$foIYqVqbcci.b9/iOKKVt/
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.2.1 192.168.2.5
ip dhcp ping timeout 600
!
ip dhcp pool VLAN1-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-1
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name localdomain
!
ip dhcp pool VLAN2-POOL
import all
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.1.1
!
!
!
ip domain name localdomain
ip host trotter68.localdomain 192.168.1.110
ip host charon.localdomain 192.168.1.1
ip host waves.localdomain 192.168.1.117
ip host zoneminder.localdomain 192.168.2.8
ip host trotter67.localdomain 192.168.1.109
ip host cisco-ap6.localdomain 192.168.1.6
ip host C2960s-north.localdomain 192.168.1.2
ip host cisco-ap1.localdomain 192.168.1.11
ip host cisco-ap5.localdomain 192.168.1.5
ip host cisco-ap9.localdomain 192.168.1.19
ip host cuda.localdomain 192.168.1.116
ip host seismo.localdomain 192.168.2.4
ip host cnc.localdomain 192.168.1.115
ip host wintrotter.localdomain 192.168.1.106
ip host picopod.localdomain 192.168.1.107
ip host wemo.localdomain 192.168.2.2
ip host Samsung-HDTV.localdomain 192.168.3.3
ip host picoscope.localdomain 192.168.3.37
ip host cisco-ap7.localdomain 192.168.37.17
ip host cisco-ap8.localdomain 192.168.37.18
ip host cisco-ap2.localdomain 192.168.37.12
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2911/K9 sn FCZ192771UU
!
!
username admin password 7 1500085A550A3F373D3D342F1A5441
username wwwadmin privilege 15 password 7 061118365E4D5F48251B130500
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.37
encapsulation dot1Q 37
ip address 192.168.37.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns view default
domain list localdomain
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
control-plane
!
!
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 105C0A4F54370618190A2B262D7B64
login local
transport input ssh
line vty 5 392
password 7 131714445A2C10393E2A293E3C7144
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server time.nist.gov
!
end

Charon#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 69.my.pub.ip YES DHCP up up
GigabitEthernet0/1 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1.2 192.168.2.1 YES NVRAM up up
GigabitEthernet0/1.37 192.168.37.1 YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
NVI0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset down down

Charon#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 69.254.150.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 69.254.150.1, GigabitEthernet0/0
69.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 69.isp.ip.addr/32 [254/0] via 69.isp.sub.1, GigabitEthernet0/0
C 69.my.sub.0/23 is directly connected, GigabitEthernet0/0
L 69.my.pub.ip/32 is directly connected, GigabitEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/1.2
L 192.168.2.1/32 is directly connected, GigabitEthernet0/1.2
192.168.37.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.37.0/24 is directly connected, GigabitEthernet0/1.37
L 192.168.37.1/32 is directly connected, GigabitEthernet0/1.37

Charon#sh interface trunk
Charon#

Charon#sh vlan brief
% Ambiguous command: "sh vlan brief"
Charon#sh vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: GigabitEthernet0/1

This is configured as native Vlan for the following interface(s) :
GigabitEthernet0/1 Native-vlan Tx-type: Untagged

Protocols Configured: Address: Received: Transmitted:

GigabitEthernet0/1 (1)
IP 192.168.1.1 182864 187385
Other 0 319

182988 packets, 12748210 bytes input
187704 packets, 39962178 bytes output

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: GigabitEthernet0/1.2

Protocols Configured: Address: Received: Transmitted:

GigabitEthernet0/1.2 (2)
IP 192.168.2.1 167684 164026
Other 0 13

167684 packets, 17852685 bytes input
164039 packets, 11484275 bytes output

Virtual LAN ID: 37 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: GigabitEthernet0/1.37

Protocols Configured: Address: Received: Transmitted:

GigabitEthernet0/1.37 (37)
IP 192.168.37.1 197 110
Other 0 5

197 packets, 41287 bytes input
115 packets, 6786 bytes output

Switch  (Cisco 2960) configs:

North#show run
Building configuration...

Current configuration : 3850 bytes
!
! Last configuration change at 17:00:46 UTC Sun Jan 1 2006
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname North
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S873$6ik6XiM5OMHyd3u/oKuOc/
!
username admin password 7 05190559706C5A1A0C0B161F025F53
no aaa new-model
clock timezone UTC -7 0
clock summer-time UTC recurring
switch 1 provision ws-c2960s-24ps-l
!
!
ip domain-name localdomain
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1466853504
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1466853504
revocation-check none
rsakeypair TP-self-signed-1466853504
!
!
crypto pki certificate chain TP-self-signed-1466853504
certificate self-signed 01
..................
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk native vlan 37
switchport mode trunk
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
interface Vlan37
no ip address
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
!
!
!
line con 0
logging synchronous
login local
line vty 0 4
password 7 1405115D5D243E38312632382B4050
login local
transport input ssh
line vty 5 15
login
!
end

orth#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.2 YES NVRAM up up
Vlan37 unassigned YES unset up up
FastEthernet0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset up up
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset up up
GigabitEthernet1/0/12 unassigned YES unset up up
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset up up
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/0/25 unassigned YES unset down down
GigabitEthernet1/0/26 unassigned YES unset down down
GigabitEthernet1/0/27 unassigned YES unset down down
GigabitEthernet1/0/28 unassigned YES unset up up

North#sh ip route
^
% Invalid input detected at '^' marker.

North#sh interface trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/10 on 802.1q trunking 37
Gi1/0/11 on 802.1q trunking 37
Gi1/0/12 on 802.1q trunking 37
Gi1/0/24 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/10 1-4094
Gi1/0/11 1-4094
Gi1/0/12 1-4094
Gi1/0/24 1-4094

Port Vlans allowed and active in management domain
Gi1/0/10 1-2,37
Gi1/0/11 1-2,37
Gi1/0/12 1-2,37
Gi1/0/24 1-2,37

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/10 1-2,37
Gi1/0/11 1-2,37
Gi1/0/12 1-2,37
Gi1/0/24 1-2,37

North#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28
2 PUB-ACC-SERVER active Gi1/0/1    (there is a machine that I use for outside world stuff,  I can move that and have a separate IP/VLAN for it if needed)
37 AIRONET-AP-VLAN active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

AP (Aironet 1100) configs:

ap2#show run
Building configuration...

Current configuration : 1319 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap2
!
no logging console
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
!
dot11 ssid The Matrix
authentication open
!
!
!
username admin privilege 15 password 7 13110407050D09237A77
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid The Matrix
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.37.12 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.37.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

ap2#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
BVI1 192.168.37.12 YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM up up
FastEthernet0 unassigned YES NVRAM up up

ap2#sh ip route
^
% Invalid input detected at '^' marker.

Hello Ron
I am quite surprised you have reverted your original old configuration on the rtr, running ip helper addressing and directed broadcasts especially when I’ve been trying to troubleshoot your issue thinking you have already appended the changes i initially suggested.

Anyway Ive attached is a file with suggestions i believe you require to get your network into a running state with correct dhcp allocatio.

Its mainly what ive proposed in earlier posts regards this issue with the addition of a new specific native vlan for mgt and a basic autonomous multiple ssid access-point configuration which correlates with your vlans and user base so whatever SSID a wifi client chooses will be allocated an ip address from the dhcp scope of its related vlan.

If you decide to implement these suggestions please let me know how you get on, Id be happy to assist further if necessary