Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1055
Views
0
Helpful
6
Replies

CHALLENGE: Can you configure DHCP server on IOS-AP for multiple VLANs ?!

herve.collignon
Level 1
Level 1

‎10-23-2007 09:16 AM - edited ‎07-03-2021 02:49 PM

Hi,

we are talking here about autonomous AP in latest 12.4 IOS release.

I know well how to create a dhcp pool on an AP and distribute addresses to clients when you have a single interface (radio and Ethernet).

But what can we do when we want to create multiple DHCP scope for multiple radio sub-interfaces for multiple VLANs at the end!!!???

It tried fixing an IP addresse in the sub-interface, and using it as DHCP server with the standard DHCP scope definition, but no way, it does not work.

And when searching more on CCO, I cannot find any doc solving that case.

Thanks for help.

Labels:
0 Helpful
6 Replies 6

tpacjer
Level 1
Level 1

‎10-24-2007 07:29 AM

create a vlan for each ssid and trunk using a subinterface for each vlan.

0 Helpful

herve.collignon
Level 1
Level 1
In response to tpacjer

‎10-24-2007 07:39 AM

Sorry Jeremy but that's what I already done since I need several SSID/VLANs.

Here below the main extract of the config.

Then if I create a DHCP Scope for each VLAN, I do not have a way to ask the AP to assign scope30 to VLAN30, scope50 to VLAN50, etc...

It only work if you define 1 single scope matching the same subnet as the BVI int!

----------------------------------------

dot11 vlan-name Employee-WiFi vlan 30

dot11 vlan-name Guest-WiFi vlan 50

!

dot11 ssid FAGUEST

vlan Guest-WiFi

max-associations 10

authentication open

authentication key-management wpa

wpa-psk ascii ------------

!

dot11 ssid FALAN

vlan Employee-WiFi

max-associations 10

authentication open eap EAP

authentication key-management wpa

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption vlan Employee-WiFi mode ciphers aes-ccm

encryption vlan Guest-WiFi mode ciphers aes-ccm tkip

ssid FAGUEST

ssid FALAN

BLABLABLA...

BLABLABLA...

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

no cdp enable

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled

!

interface Dot11Radio0.50

encapsulation dot1Q 50

no ip route-cache

no cdp enable

bridge-group 50

bridge-group 50 subscriber-loop-control

bridge-group 50 block-unknown-source

no bridge-group 50 source-learning

no bridge-group 50 unicast-flooding

bridge-group 50 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

no bridge-group 30 source-learning

bridge-group 30 spanning-disabled

!

interface FastEthernet0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

no bridge-group 50 source-learning

bridge-group 50 spanning-disabled

!

interface FastEthernet0.99

encapsulation dot1Q 99 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.74.101.208 255.255.255.0

no ip route-cache

!

ip default-gateway 10.74.101.1

!

bridge 1 route ip

!

------------------------------------------

0 Helpful

edliu
Level 1
Level 1
In response to herve.collignon

‎01-19-2008 07:56 PM

Like the wire LAN DHCP,you must creat BVI

for every WLAN/VLAN.

For example:

interface BVI 30

ip address x.x.x.x **must belong dhcp scope30

interface BVI 50

ip address x.x.x.x **must belong dhcp scope50

0 Helpful

tpacjer
Level 1
Level 1
In response to tpacjer

‎10-24-2007 08:12 AM

maked sure that the uplink port is configuried as a trunk and that the vlans are allowed. also you need to have those vlans on the uplink switch and so on till you get to your core. you might have to add helper address on the vlan interfaces so that those interfaces know wher to send dhcp requestes

0 Helpful

herve.collignon
Level 1
Level 1
In response to tpacjer

‎10-25-2007 08:31 AM

Hi jeremy,

do you mean I should configure on the 'int vlan x' of the switch a 'ip helper-address' pointing to the AP's BVI ip address?

And just defining a scope in the AP that matchs the same subnet as the switch IP address that relay the DHCP request?

In fact you are proposing to let request goes out of the AP to go back again in the AP for proposal, right ?

0 Helpful

scottmac
Level 10
Level 10

‎01-20-2008 06:57 AM

On the AP itself? NO, you can't.

A network-based DHCP server (Windows or *nix) will work OK, assuming you have the trunking and switches configured properly.

The AP-based RADIUS also has limited functionality.

APs have just little teeney tiny CPUs (compared to a real server) and limited memory and storage. Aside from handing traffic to/from the wired/wireless domains, it's not meant to handle enterprise server functionality.

Single DHCP service, like for a small or temporary location, no problem. Multiple DHCPs domains ... get a server.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top