No Client DHCP Using ASA 5505 and AIR-AP1041N-A-K9

waynemdwt1 · ‎05-24-2013

I have setup hundreds of different routers, switches, and access points from multiple vendors over the years, but have virtually no Cisco experience so please forgive my ignorance.

I need to configure public and private wireless access using an ASA 5505 and an Aironet AIR-AP1041N-A-K9. I need to be able to do this via ASDM and http if at all possible. I simply do not have the time to learn hundreds of lines of arcane CLI code.

The Aironet connects to the ASA successfully, and receives an IP. I can then connect to the AP wirelessly, but do not receive an IP. I have setup a second SSID\VLAN on the AP, and can't connect to it at all.

Please point me in the right direction. Thanks!

waynemdwt1 · ‎05-28-2013

Bump

siddhartham · ‎05-28-2013

ASA drops the unicast DHCP requests. So if the AP is acting as a Proxy for the client DHCP requests, it won't work. Can you post your config of the access point.

Siddhartha

waynemdwt1 · ‎05-29-2013

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname CB

!

logging rate-limit console 9

enable secret 5 $1$82pL$3KLewL/tBDJqMKMqKFm98/

!

no aaa new-model

!

dot11 syslog

!

dot11 ssid CBCustomer

vlan 2

authentication open

guest-mode

!

dot11 ssid CBSecure

vlan 1

authentication open

!

username Cisco password 7 072C285F4D06

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 key 1 size 128bit 7 DC09DE3C9349E57CDB2E2B52782F transmit-key

encryption vlan 1 mode wep mandatory

!

ssid CBCustomer

!

ssid CBSecure

!

antenna gain 0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface BVI1

ip address dhcp client-id GigabitEthernet0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path

http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

line con 0

line vty 0 4

login local

!

end

siddhartham · ‎05-29-2013

Please add the below command under interface BVI1 and see if that fixes your issue

ip helper-address X.X.X.X (address of your DHCP server)

interface BVI1

ip helper-address X.X.X.X (address of your DHCP server)

Siddhartha