08-27-2019 10:43 AM
Hi guys.
My schemma looks like:
cisco router (DHCP ---- non cisco wireless AP -- cisco wireless AP)
I'm configureing cisco wireless access point (ap801) to get IP from DHCP server (cisco router) via non-cisco AP. This non cisco AP perworming just WPA2&PSK and no filtering:
++++++++++++++++++++
root@ap:/home/sam# iptables -vnL
Chain INPUT (policy ACCEPT 73 packets, 5877 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 59 packets, 7184 bytes)
pkts bytes target prot opt in out source destination
root@
++++++++++++++++++++
from this non-cisco AP (MAC c24a.0040.9f36) I see cisco wireless AP (MAC 2c54.2dba.136e) successfully joined:
++++++++++++++++++++
root@ap:/home/sam# iwinfo wlan0-1 ass
2C:54:2D:BA:13:6E -38 dBm / -95 dBm (SNR 57) 300 ms ago
RX: 144.4 MBit/s, MCS 15, 20MHz 896 Pkts.
TX: 1.0 MBit/s 4 Pkts.
expected throughput: unknown
root@ap:/home/sam#
++++++++++++++++++++
I see same from cisco cisco wireless AP
++++++++++++++++++++
ap#sh dot11 ass all | i State|c24a|Strength
Address : c24a.0040.9f36 Name : NONE
State : Assoc Parent : -
Signal Strength : -36 dBm Connected for : 1268 seconds
ap#
++++++++++++++++++++
Cisco AP config looks like:
++++++++++++++++++++
dot11 ssid a81m-guest
vlan 20
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 siper-puper-password
!
bridge irb
!
interface Dot11Radio0
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid a81m-guest
!
antenna gain 0
station-role workgroup-bridge universal c24a.0040.9f36
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
bridge-group 1
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
!
interface GigabitEthernet0.20
encapsulation dot1Q 20 native
bridge-group 1
!
interface BVI1
mac-address 00ed.b184.2174
ip address dhcp
++++++++++++++++++++
finnally cisco wireless AP int bvi 1 not assigned IP from cisco router DHCP
++++++++++++++++++++
ap#sh ip int bri | i bvi
BVI1 unassigned YES DHCP up up
ap#
++++++++++++++++++++
but I see IP has been assigned by cisco router DHCP server:
++++++++++++++++++++
gate#sh ip dhcp bin
-= ommited for briefly=-
192.168.172.50 0063.6973.636f.2d30. Aug 27 2019 01:07 PM Automatic
3065.642e.6231.3834.
2e32.3137.342d.4256.
31
gate#
++++++++++++++++++++
whenever run debug dhcp at cisco wireles AP and debug ip dhcp packets at cisco DHCP server I've fount DHCP serverr got discover and sent offer messages proposing IP 192.168.172.50 in this case
++++++++++++++++++++
Aug 27 13:33:14 gate.sidko.org 070013: Aug 27 13:33:14.078: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 on interface Vlan12.
Aug 27 13:33:14 gate.sidko.org 070020: Aug 27 13:33:14.078: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 (192.168.172.50).DHCPD: Setting only requested parameters
++++++++++++++++++++
but cisco wireless client doesn't get them and sending discover again
++++++++++++++++++++
*Mar 1 00:41:32.687: DHCP: SDiscover attempt # 3 for entry:
*Mar 1 00:41:32.687: Temp IP addr: 0.0.0.0 for peer on Interface: BVI1
*Mar 1 00:41:32.687: Temp sub net mask: 0.0.0.0
*Mar 1 00:41:32.687: DHCP Lease server: 0.0.0.0, state: 3 Selecting
*Mar 1 00:41:32.687: DHCP transaction id: 124F
*Mar 1 00:41:32.687: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Mar 1 00:41:32.687: Next timer fires after: 00:00:04
*Mar 1 00:41:32.687: Retry count: 3 Client-ID: cisco-00ed.b184.2174-BV1
*Mar 1 00:41:32.687: Client-ID hex dump: 636973636F2D303065642E623138342E
*Mar 1 00:41:32.687: 323137342D425631
ap#
*Mar 1 00:41:32.687: Hostname: ap
*Mar 1 00:41:32.687: DHCP: SDiscover placed class-id option: 436973636F204150383031
*Mar 1 00:41:32.687: DHCP: SDiscover: sending 302 byte length DHCP packet
*Mar 1 00:41:32.687: DHCP: SDiscover 302 bytes
*Mar 1 00:41:32.687: B'cast on BVI1 interface from 0.0.0.0
ap#
*Mar 1 00:41:36.687: DHCP: QScan: Timed out Selecting state
ap#%Unknown DHCP problem.. No allocation possible
++++++++++++++++++++
Could you guys help?
Thank you.
08-28-2019 11:36 AM
Hello Andriy,
as far as I know about IPtables in Linux system the Forward CHAIN should be used.
In your case the FORWARD CHAIN has 0 packets.
You may need to enable either IP routing or bridging on the third party AP to make possible DHCP communication between server and client.
The two Cisco devices look like to be configured correctly and the debug output also shows expected output.
You lab setup is not usual as the common setup is to have the AP connected to a POE enabled switch port and to get an IP address on the wired giga interface.
It looks like you would like to get an IP address on WIFI via the third party AP.
The DHCP request has a broadcast destination , the DHCP offer should have a unicast destination that should be Cisco device MAC address.
The third party AP looks like to be able to propagate broadcast frames but to block unicast frames with a destination different from their own MAC address.
Hope to help
Giuseppe
08-28-2019 07:11 PM - edited 08-28-2019 07:23 PM
Hi Giuseppe.
Thank you for your email.
iptables is nor filtering any packets because it's it flush (permit any) state. All chains (input, output, forward, pre&post routing in ACCEPT state for all tables: filter, nat and mangle
Moreover, whenever I'm connecting my android phone to "a81m-guest" SSID I got right IP, wireshark screenshot attached. (attachment name DHCP-client-android-phone) Just regular DHCP process: discover, offer, request, acknowledgment.
But.... Cisco 891W router acting as uWGB to thirst party AP and requesting IP from DHCP server (cisco 2921) got in stack in offer, no request
(attachment file name: DHCP-client-cisco-891w)
Anyway, do you have fresh idea what it could be?
p.s. LAB is need to do unusual things no well known ones. :) Actually I just need to connect nearest building to corporate network by using universal WBG.
Thank you Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide