Solved: WLAN DHCP IP Assignment by SSID VLAN

phillh1974 · ‎07-22-2020

Hi.

I am new to Cisco configuration, started a couple of weeks ago and purchased a Cisco 1841 router and SG500-28P. I’ve been in the IT industry 20 years as a project manager so never really needed to know the detail but have always been interested.

I have three Unifi AC Pro AP’s with two SSID’s, one for family and one for guests. My previous router an RV320 I had the family SSID provide DHCP addresses on the default VLAN IP 192.168.1.0/24, the guest SSID tagged with VLAN5 providing DHCP addresses from 192.168.5.0/24.

I’ve moved the three AP’s over to the SG500, the AP’s have fixed IP addresses on the 192.168.1.0 network and assign DHCP addresses to family wireless devices fine. I’m now trying to setup the guest SSID to receive DHCP addresses for the 192.168.5.0 network without any joy, the guest SSID is again tagged with VLAN5. The AP’s are connected as follows.

AP1 – 192.168.1.110 – Switch Pt gi1/1/21
AP2 – 192.168.1.111 – Switch Pt gi1/1/22
AP3 – 192.168.1.112 – Switch Pt gi1/1/23

The switch ports have been set as trunk ports with VLAN5 allowed.

Gi1/1/1 is a trunked port linking to the 1841 router f0/1. I have configured the sub interface f0/1.5 and set up the DHCP pool and excluded 192.168.5.1. Wireless devices connecting to the guest SSID are not receiving and IP address.

I can ping the VLAN gateway 192.168.5.1.

I’ve attached from configs for both the router and switch, would someone be able to advise what I am missing please, other than putting my Cisco kit back on EBay :-)

Thank you

Phill

phillh1974 · ‎07-25-2020

Hi.

To put closure on the last issue of VLAN5 not communicating beyond the WAN port f0/0. I placed the ip nat inside command within the sub interface f0/1.5, this now allows VLAN5 traffic out to the internet.

Thanks again for your time, this query is now resolved.

Phill

View solution in original post

Francesco Molino · ‎07-22-2020

Hi

I don't see your configs attached. Based on the description, everything seems to be ok on the switch and router but would require your config to make sure.
Before moving to the ssid part, if you connect any device like laptop on a switch port assigned to vlan 5, is this device getting any ip from your router dhcp?
If this works, can you make sure your ssid guest is configured within vlan 5?
If the first test doesn't work, the LAN part is missing something.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

phillh1974 · ‎07-23-2020

Hi Francesco.

Thanks for getting back to me.

I've tried your suggestion and configured an access port (Gi1/1/10) to VLAN5 and connected my PC set to DHCP, no address was coming through. I re-checked my switch config and realised that I hadn't allowed VLAN5 on the router trunk port, I'm now receiving the DHCP addresses for wired and wireless clients on guest SSID. That's one problem solved, next issue is there's no internet access.

From my PC with DHCP IP 192.168.5.3 I can ping the VLAN DG 192.168.5.1 and the 1841 router WAN interface f0/0 192.168.0.79 but no further. When I move my PC back to it's original port Gi 1/1/2 on network 192.168.1.0/24 I can again ping 192.168.5.1, 192.168.1.1, 192.168.0.1 and out to the internet or any other device on the 192.168.0.0/24 network.

As I'm migrating my existing network onto the SG500 via the 1841 router I've had to leave my original Cisco RV320 router in place, so the 1841 WAN port f0/0 receives a DHCP address of 192.168.0.79. I thought the RV320 may be the cause of the issue so I've connected the 1841 WAN interface f0/0 direct to my ISP modem and I receive my ISP IP address fine, but still cannot ping beyond f0/0.

I've attached the files again but just in case I've placed my switch and router configs below, I've also attached a picture of what my network layout is looking like.

Any advise you can offer on what might be missing would be greatly appreciated.

grey-goose-01#sh run

config-file-header
grey-goose-01
v1.4.11.5 / R800_NIK_1_4_220_026
CLI v1.0
set system mode switch queues-mode 4 

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 5,10,100
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
                                                      
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname grey-goose-01
line console
no autobaud
exit
line console
speed 9600
exit
username admin password encrypted 65b18a347b61962fa035e02417ebed5eadc5b329 privilege 15
username cisco password encrypted 65b18a347b61962fa035e02417ebed5eadc5b329 privilege 15
snmp-server server
snmp-server location "Home office"
snmp-server contact "Dude in the blue shirt"
snmp-server community public ro 192.168.0.2 view Default
snmp-server host 192.168.0.2 traps version 2c public udp-port 161
ip telnet server
!
interface vlan 1
 ip address 192.168.1.100 255.255.255.0
!
interface vlan 5
 name WLAN_GUEST
!
interface vlan 10
 name Home-Net
!
interface vlan 100
 name hm_network
!
interface gigabitethernet1/1/1
 description "Cisco 1841 Trunk Link"
 switchport trunk allowed vlan add 5
!
interface gigabitethernet1/1/2
 switchport mode access
!
interface gigabitethernet1/1/10
 switchport mode access
 switchport access vlan 5
!
interface gigabitethernet1/1/21
 switchport trunk allowed vlan add 5
!
interface gigabitethernet1/1/22
 switchport trunk allowed vlan add 5
!
interface gigabitethernet1/1/23
 switchport trunk allowed vlan add 5
!
exit
grey-goose-01#

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Bandicoot
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$VYHY$4MQyLGEQQTFkAQKo4WbUV1
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.1.100 192.168.1.254
ip dhcp excluded-address 192.168.5.1
!
ip dhcp pool pool-192.168.1.0
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1 
 dns-server 8.8.8.8 
 lease 20
!
ip dhcp pool vlan5
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1 
 dns-server 8.8.8.8 
 lease 3
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FCZ152292GM
!
redundancy
!
!
! 
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN Interface
 mac-address e865.495c.0e79
 ip address dhcp
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description LAN Interface
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.5.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 password xxxxxxxxxxxx
 logging synchronous
line aux 0
line vty 0 4
 password xxxxxxxxxxxx
 login
 transport input all
!
scheduler allocate 20000 1000
end

Bandicoot#

phillh1974 · ‎07-25-2020

Hi.

To put closure on the last issue of VLAN5 not communicating beyond the WAN port f0/0. I placed the ip nat inside command within the sub interface f0/1.5, this now allows VLAN5 traffic out to the internet.

Thanks again for your time, this query is now resolved.

Phill