cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2011
Views
0
Helpful
14
Replies

Cisco 3550 and Wireless Access Points

Chris Whiteley
Level 1
Level 1

Hello All,

I am hoping someone can help me with insight on what I can do to accomplish my end goal of safe public wifi and configuration.

I have 2 domain controllers (for redundancy) with a split scope for DHCP and they both serve DNS.

I have VLAN 2 (management), VLAN 3 (Servers), VLAN 4 (Wired Access), VLAN 6 (Wireless Access) and VLAN 480 (Outside Wireless).

I have setup INT VLANs for all of these on my main router (Cisco 3550) with the ip-helper address to the DC for all but the VLAN 480. All of this works great, and the scopes are setup just like the VLANs. (ie 192.168.2.0 (management) .3 (servers) etc.)

I was wondering if there is a way to have VLAN 480 get DHCP from the cisco 3550 as a random address say, 172.16.0.0 255.255.248.0?

On a side note, I have seperate Wireless Access Points for the outside. (From a guy before me) I understand you can have a guest wireless setup on the newer Access Points, and trunk (cisco term) the 2 VLANs and seperate them out with Access Control Lists so they don't talk to each other, but I would rather just give the VLAN 480 it's own DHCP from the router.

Is this possible or am I just thinking about this too much?

Thanks for any comments!!

1 Accepted Solution

Accepted Solutions

Hello Chris,

First of all dont be sorry for asking - this is what CSC is for- There is so much technical support for free on here you should be able to find a solution to most networking problems.

regards your queries, Yes apply the secondary address on the

3550

#####

interface Vlan480

description Outside Wireless

ip address 172.16.0.1 255.255.255.0

ip address  10.10.1.1 255.255.255.0 secondary

wlan ap - 10.10.1.2 255.255.255.0
######

configure terminal

ip dhcp excluded-address 10.10.1.1  10.10.1.2

ip dhcp pool vlan 480

network 10.10.1.0 255.255.255.0

lease 10

default-router 10.10.1.2

end

res

paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

14 Replies 14

Gregory Snipes
Level 4
Level 4

I am not sure I fully understand your need, but if you are just asking if you can have your 3550 act as a DHCP server for that VLAN, the answer is a definite yes.

Here is a configuration guide for setting up a DHCP server in IOS. If this is not what you are looking for or you need any further assistance with this, let me know.

Best Regards,

Greg

I am going to attach a very very rough outline of my network and my end goal. With at the end of my access switch 2

WAP's.

Leo Laohoo
Hall of Fame
Hall of Fame
I was wondering if there is a way to have VLAN 480 get DHCP from the cisco 3550 as a random address say, 172.16.0.0 255.255.248.0?

On VLAN 480, stick a secondary IP address of 172.16.0.X 255.255.248.0.

Here is my switch config. Let me know if I am doing this right or not

#sh run

Building configuration...

Current configuration : 10787 bytes

!

! Last configuration change at 17:28:14 PDT Sun Oct 7 2012 by admin

! NVRAM config last updated at 16:52:35 PDT Tue Aug 7 2012 by admin

!

version 12.2

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

!

hostname Switch

!

logging buffered 16384

no logging console

enable secret 5 $1$JwuS$pZzOBIIyfkICo2bionMs40

!

username admin privilege 15 password 7 113B2F3544071B1C54383F

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

!

aaa session-id common

clock timezone PST -8

clock summer-time PDT recurring

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause l2ptguard

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery interval 400

ip subnet-zero

ip routing

ip name-server 192.168.3.21

ip name-server 192.168.3.22

ip dhcp excluded-address 172.16.0.1

!

ip dhcp pool GuestWLAN

   Network 172.16.0.0 255.255.248.0

   Default-router 172.16.0.1

   dns-server 8.8.8.8 8.8.4.4.4

!

!

crypto pki trustpoint TP-self-signed-1707699712

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1707699712

revocation-check none

rsakeypair TP-self-signed-1707699712

!

!

crypto pki certificate chain TP-self-signed-1707699712

certificate self-signed 01

  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31373037 36393937 3132301E 170D3131 30313035 31333139

  32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303736

  39393731 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B5D9 FFF52E45 9792108A 049792F2 FADF1086 3B96E2DC 135B98A3 2B2F84B7

  935C763A A47B3AA5 DF7F4E06 401E2F5C 5201B1F5 4CBE97EE 5C572736 5429AE5D

  5D160311 5061B6C1 CBED14FA D203A802 5E891603 52D6FF93 5EA34D6F 515F9360

  DD5A4549 8E051E13 225F5597 6EF931F0 C527A727 AB531C9F 59D840B0 7FF7502E

  1E5D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

  551D1104 1B301982 17727670 2D72656D 6F74652D 312E7276 646F6373 2E6E6574

  301F0603 551D2304 18301680 140DE10A E69572F5 95BF5CC7 52935ACA 1DDFDB2B

  75301D06 03551D0E 04160414 0DE10AE6 9572F595 BF5CC752 935ACA1D DFDB2B75

  300D0609 2A864886 F70D0101 04050003 81810055 1D10804C FDB2A4E9 64FF1DB9

  425AA2B9 E1058E58 BF1B7373 C9B8BBA7 44C80C87 F5967E63 838ED60D D38FD20F

  2376660F B662C479 0EC21793 715EB681 349D60FA EA71C63A 9DD68240 5AC83801

  A4C4BC29 FF5FC2AC 60D8BBAA 42E95578 6106086F 42339BED 66E8024B E23933D4

  5A579CBE 0E5588D9 A9422731 A2E3F2DD 715DE7

  quit

!

!

!

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

!

!

!

interface FastEthernet0/47

description Inside Wireless AP

switchport mode access

switchport access VLAN 6

!

interface FastEthernet0/48

description Outside Wireless AP

switchport mode access

switchport access VLAN 480

!

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

description Management

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.3.21

!

interface Vlan3

description Servers

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.3.21

!

interface Vlan4

description Wired Access

ip address 192.168.4.1 255.255.254.0

ip helper-address 192.168.3.21

!

interface Vlan6

description Wireless Access

ip address 192.168.6.1 255.255.254.0

ip helper-address 192.168.3.21

!

interface Vlan13

description Inside

ip address 192.168.13.1 255.255.255.0

ip helper-address 192.168.3.21

!

interface Vlan480

description Outside Wireless

ip address 172.16.0.1 255.255.255.0

!

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.13.2 (Pointing to Cisco ASA 5505)

!

no ip http server

ip http secure-server

!

Hello chirs,

Is there a reason why you dont wont to create a new dhcp scope  on the exisiing dhcp servers for vlan 480?

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I don't want the outside wireless to go through the network at all. I want it to go from the access point, trunked to the router, trunked to the cisco asa 5505 and out. I don't want anyone on the outside using the internal DHCP or DNS servers.

Hello Chirs,

So you can do as lealaloo has suggested and  add a secondary ip address on the 3350 svi 480 and set the outside WLAN AP a dhcp server.

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I am so sorry to ask this of you, but could you show me via some code as to where the secondary IP address is supposed to go? Are you talking about just setting the IP address of the interface, and then on the Access Point itself change it to DHCP, so that the AP is giving it out and not the switch?

Hello Chris,

First of all dont be sorry for asking - this is what CSC is for- There is so much technical support for free on here you should be able to find a solution to most networking problems.

regards your queries, Yes apply the secondary address on the

3550

#####

interface Vlan480

description Outside Wireless

ip address 172.16.0.1 255.255.255.0

ip address  10.10.1.1 255.255.255.0 secondary

wlan ap - 10.10.1.2 255.255.255.0
######

configure terminal

ip dhcp excluded-address 10.10.1.1  10.10.1.2

ip dhcp pool vlan 480

network 10.10.1.0 255.255.255.0

lease 10

default-router 10.10.1.2

end

res

paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

What if my access point are just some horrible Linksys WRT54g's? I don't think I can configure them this way...unless I probably installed DD-WRT on them. I guess I was hoping to turn those into just access points, and not setup dhcp on them, but if there is no way to set the router to give DHCP to only 1 vlan and not the others, than I guess this is the only option I have.

Hello chris,

Yes of course you can, I was assuming your aps were cisco, but If the ap's are no cisco or not able to support the dhcp service  then you can enable it on your switch instead.

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

So how would I accomplish this?

int vlan 480

ip address 192.168.2.5 255.255.255.0

ip address 172.16.0.1 255.255.248.0 secondary

is this correct?

Chris,

conf t

int vlan  480

ip address

172.16.0.X 255.255.248.0 secondary

end

Chris Whiteley
Level 1
Level 1

I have figured out my issue... I had the dhcp pool and everything setup correctly, however I had my access list backwards. I had:

access-list 199 deny ip 192.168.0.0 255.255.224.0 any instead of

access-list 199 deny ip any 192.168.0.0 255.255.224.0

Thanks for all your guys help!

Review Cisco Networking for a $25 gift card