Re: DHCP - clients on Aironet1232 not working

jay.stanley · ‎05-25-2005

I have several new 1232's installed, all interfaces in default vlan1, all ap's connected to Cat 3550's with in-line power. I get DHCP when clients are plugged into the 3550's. Using Cisco LAN PCMCIA a/b/g adapter, and it won't get DHCP from the Aironet 1232's. It sees good signal and connects to the AP, show dot11 associations and it sees the Cisco a/b/g adapter's MAC, but no IP address. I tried the ip helper-address with my DHCP server adddress on both the 3550's and the AP1232's. The 1232's are running IOS version 12.3(2)JA2. The cat 3550's are running 12.1(20)EA1a. Anyone know what else I can try? Thanks.

syanda · ‎05-26-2005

You can have associations show up in the AP, but that is just reflecting the 802.11 protocol / RF communications. Acquiring an IP address requires that there be at least one security model the same between client and AP (or no security at all on either). Otherwise, RF can pound all day and you'll get nowhere.

Remember, all Aironet APs are just bridges, so all traffic is passed right on upstream - UNLESS - there's a security selection preventing client communication upstream.

Also, if the 3550s are your L-3 boundary, and you intend to use more than one SSID, you'll need to define VLAN subinterfaces and do trunking to the AP.

Finally, another thing I've seen is make sure there are no connection speed selections chosen on the AP - that is - select 'Basic' for any/all radios in the AP. This allows connectivity to the the widest possible number of devices out there (e.g., if the ap radio is 802.11g and you're trying to connect with an 802.11b client)

Hope that helps.

jay.stanley · ‎05-27-2005

When I turn all security off, DHCP works fine to all clients. When I turn basic 128 bit WEP encryption on, create a static key, turn off key rotation it will not work. I've tried IOS version 12.3(2)JA, 12.3(2)JA2, and just upgraded one AP to 12.3(4)JA. Here is the config for radio0:

version 12.3

no service pad

service tcp-keepalives-in

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname lab-ap1

!

enable secret 5 ############################

enable password 7 #############

!

username ###### password 7 ################

clock timezone CST -6

clock summer-time CST recurring

ip subnet-zero

!

no aaa new-model

!

dot11 ssid tsunami

authentication open

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit 7 ############################ transmit-key

encryption mode wep mandatory

!

ssid tsunami

!

short-slot-time

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

Radio1 is shutdown.

When I take the following out of the config:

encryption key 1 size 128bit 7 ############################ transmit-key

encryption mode wep mandatory

DHCP to clients works fine. My keys match on the clients and the AP. I've triple checked the keys many times. Tried different Cardbus adapters, Proxim, Linksys, Cisco. Have IBM Thinkpad T-41's and have tried the onboard wireless adapater. All running Windows XP.

Any more ideas?

Thanks.

jay.stanley · ‎05-27-2005

Ok, I think I just figured this out. When I put the line below in the config, for key rotation interval, bada bing, DHCP to all clients works. All client adapters come right up and get good DHCP address. When I take this out and the clients try to re-associate, they do not get DHCP address. Is this a bug? Or do I have something else set wrong?

broadcast-key change 14400

The time interval for the key change is in seconds and tunable from 10-10000000 sec.

Now, what I want to know is why this command would have to be configured so DHCP packets will be sent to clients? I have only one 128 bit WEP key configured.