cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live- Understanding How Multicast Works with Cisco
1757
Views
0
Helpful
19
Replies

Capwap with static ip adresses, ruined by dhcp server

Hi!

i have a setup using a WLC 2504 and several Aironet 1852e's.

The AP's are configured to a static ip adress using:

capwap ap ip 172.18.15.xx 255.255.0.0 172.18.1.1

and

capwap ap primary-base wlcname 172.18.15.xx

This works, as i can connect the AP's to the WLC and have a look at the configuration etc.

BUT, as soon as i connect them to the existing company network (which also has a network using DHCP) and the AP's reboot, the AP is getting a new ip adress from the DHCP. This address isn't even in the same subnet as the configured fixed IP-address.

How do i FIX the ip adress of the AP so that it does not acquire a different one from the DHCP??

Thanks,

Fabian

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Yes, basically that should be

Yes, basically that should be enough.
You may need some extra commands on the managed switch port to accept the unmanaged switch, or for the managed switch to accept the wlc vlans

vlan5  on the corporate is used to connect the wlc and the unmanaged switch
but form a separate network isolated from corporate data traffic.

on the managed switch, set the switch port for the wlc to vlan trunking
and on the wlc se the management (ap manager) vlan id to 5
this setup enables you to add wlans mapped to different vlans later
so this is the preferred setup.

or set the switch port as access port in vlan 5
or set the switch port to trunk and native vlan to 5
in both situations on the wlc set the management (the ap manager) vlan id to 0 (untagged packets from/to the wlc)

maybe i'm making it too complicated, but you can also separate the management interface and the ap-manager interface, to make the wlc manageable from the corporate network, but still keep the AP's on a separate vlan, isolated from the corporate network.

View solution in original post

19 REPLIES 19
Rising star

investigate if you "saved"

investigate if you "saved" the config before disconnecting power from the AP?

if the AP still uses dhcp, your remark: This address isn't even in the same subnet as the configured fixed IP-address.
sound an normal behaviour, your device will get an ip address suitable for that part of the network. this is dependand on the configuration of the corporate network and the vlan/subnet you attach the device to.
evenso if you connect the AP with a static IP to a part of the network segment that has no route to this static assigned address, then your AP will not be reachable !
and vica versa, your static ip will not be able to reach your controller if thats on a diferent network.

Beginner

This sounds like odd behavior

This sounds like odd behavior. Normally when you have configured "capwap ap ip address...." it will be remember beyond a reboot.

Can you console into the AP and give the output of show capwap ip config?

The fact that your device is not even getting an address in the correct range sounds suspect. Are you using any DHCP helpers to forward to a windows server or such like?

See the post above. I added

See the post above. I added it.

I am not using DHCP in this cisco configuration, only fixed ip adresses. There is only a windows sbs 2010 dhcp server running in a different subnet on the same physical network.

Rising star

Where is the wlc in the

Where is the wlc in the corporate network?
What is its information of the APs configuration?

In the working configuration

In the working configuration it is directly connected to the AP.

The error occurs when i connect the AP and the WLC to the same switch (unmanaged) which is connected to the corporate network.

I can still find the AP under AP join statistics:

Last Error Occurred: Lwapp discovery request rejected

Last Error Occurred Reason: Discovery request decoding with subnet broadcast and wrong AP IP address

The error is clear, because it has the wrong subnet and ip adress...but why...

Highlighted
Beginner

Hi, this is starting to make

Hi, this is starting to make more sense to me now. 

On your WLC what is the VLAN ID for the management interface,  is it set to 0?

As you are plugging the AP's into an unmanaged switch in production I presume it will have no capabilities for VLAN support, that is everything will be on the native VLAN.

What do you normally treat as the native vlan on any managed switches that you have?

The vlan identifier is 0

The vlan identifier is 0

The corporate network seems to be configured on vlan id 1 (default on dell switch?).

Beginner

Do you know whether the Port

Do you know whether the Port that the WLC connects to the switch on is trunking? I presume you cannot check this.

My knowledge on Dell switches is limited but to me this sounds like a vlan mismatch. If the network is not live can you set the management interface to vlan 1 rather than 0 on the WLC?

Do you have the model number of the dell switch?

My knowledge is limited, my

My knowledge is limited, my access is not ;)

The ports are set to access, not trunk.

At the moment it is just an environment for an inital setup, so i can set the WLC to whatever i want. Just to be clear, i am not planning to integrate the WLC/AP's into the corporate network. I was just trying to understand why the AP's are connecting to the corporate network.

I am currently just setting up the WLC and AP's to install them on a different location. So my issue is not the corporate network itself, but that the WLC and AP's are interferred by the DHCP (because that could definitly happen there as well).

So am i understanding correct that, if i would set up the WLC to an own VLAN that i would no longer have the AP's trying to connect to the DHCP?

Sorry if i am totally of the track, but thats not really my field of knowledge...

Rising star

our post crossed, :-)

our post crossed, :-)

Yes your third option is to use the wlc and ap on a different vlan

Ah yeah, thanks for the

Ah yeah, thanks for the explanation :)

So i changed the Vid of the management interface to 5 (because i know it isnt used here and will not be used in the final location).

But after booting up the ap i find the following lines:

[*05/03/2017 10:05:04.4842] wired0: 100 Mbps Full Duplex
[*05/03/2017 10:05:04.4842]
[*05/03/2017 10:05:04.7441] ethernet_port wired0, ip 172.18.15.102, netmask 255.255.0.0, gw 172.18.1.1, mtu 1500, bcast 172.18.255.255, dns1 172.17.99.10, is_static true, vid 0, static_ip_failover false, dhcp_vlan_failover false
[*05/03/2017 10:05:09.8825] Loading sha2...
[*05/03/2017 10:05:09.8825] Dumpping sha1...
[*05/03/2017 10:05:09.9125] ethernet_port wired0, ip 172.16.0.xx, netmask 255.255.255.0, gw 172.16.0.xx, mtu 1500, bcast 172.16.0.xx, dns1 172.16.0.120, dns2 172.17.99.10, domain domain.localLoading MIC cert and key
[*05/03/2017 10:05:10.8422] Dumpping sha2...

First one is the right configuration, but the vid ist still 0. Second one ist the one from the DHCP.

Thanks again for your support.

Beginner

If I am understanding what

If I am understanding what you are doing correctly here, you also need to set the VLAN on the switch port that your AP is plugged into to 5.

I think the unmanaged switch is making this very complicated for you.

Regards

Rising star

Hi Fabian, as Mikey says this

Hi Fabian, as Mikey says this will not work with an unmanaged switch connected to your corparate netwerk
(it may work with a stand-alone unmanaged switch :-) )

ths unmanaged switch still regard all packets as incomming to vlan1 !!!
it ignores the vlan tags in the packets from the wlc.
so both AP and WLC devices are still connected to the SBS network.

First you need a managed switch.

vlans are used to keeps data separate like separate switches.
using a managed switch with vlans is like merging multiple stand-alone switches into a single device.
- create a new vlan (5 is ok)
- assign an access port (i.e. vlan5 only) for the AP
- assign a trunk port (multiple vlans allowed) for the WLC.

then you AP is communicating with the WLC on vlan 5
and data from your clients connecting to the WLAN / SSID kan deliver packets on a wlc interface on another vlan
- maybe vlan 1 if you want your wireless clients to communicate with the corporate network
- or another vlan (like 6) if you want to keep your wireless client fully separated from the corporate network

Ok i think i got it.

Ok i think i got it.

Luckily for me the setup on site is a bit different.

There will be 8 AP's connected to an unmanaged switch BUT this one is connected to a managed layer 2+ switch. So if i set the port of the managed switch, where the unmanaged one is connected to, to vlan 5 i should be fine?! (The WLC will be directly connected to the managed switch and i will set that port to VLAN 5 as well).

Thanks for your help guys!

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards