Re: DHCP from a different vlan on WLAN

gvarghese1975 · ‎07-18-2005

I am having an issues where in I need the clients to authenticate to the AP , but the AP has only the mgmt ip address which is 10.10.1.x , but I need all the client to get an ip from 10.10.100.x . How will I accomplish this , are there any sample configs available. I have ip ahelper address command on the 10.10.100.x (vlan 100) on my layer 3 device .

Alss what commands will I need on the switch port ?

This is my config snipet

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 100 mode ciphers tkip

!

ssid 802.1x

vlan 100

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

!

short-slot-time

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 100 mode ciphers tkip

!

ssid 802.1x

vlan 100

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

interface BVI1

ip address 10.10.1.30 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.1.1

paddyxdoyle · ‎07-22-2005

Hi,

This should work, are you trunking VLAN 100 between your Access Point and Switch?

Something like:

AP

---

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

ntp broadcast client

!

interface FastEthernet0.1

description management VLAN

encapsulation dot1Q 1 native

no ip address

no ip route-cache

speed 100

full-duplex

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.100

desciption user VLAN

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

local switch

----

interface FastEthernet0/1

description To AP

duplex full

speed 100

switchport trunk encapsulation dot1q

switchport trunk native vlan 1

switchport trunk allowed vlan 100,1002-1005

switchport mode trunk

!

HTH

PJD

wong34539 · ‎07-22-2005

You can use the DHCP server in the AP1200 to service clients in non-native VLANs. To do this, you need to configure an ip helper-address on the inter-VLAN router. The Cisco AP1200 is only allowed to have one BVI interface with only one IP address configured on the AP. Therefore you cannot have two BVIs with seperate IPs, one for management VLAN subnet and one for wlan clients/dhcp subnet.