03-15-2012 01:18 AM - edited 07-03-2021 09:47 PM
I am explaining the scenario and issues…
I have configured DHCP server on AP.When wireless clients(MAC binding configured) are conecting AP using network key , some time client are getting IP address from DHCP pool configured in APand some from other DHCP server exist in the network. Then what I did that time , just implemented a ACL to block DHCP request not to go outside(I mean that ACL will not permit DHCP request traffic to go outside.). After that clients were getting IPs from exact DHCP server running on WAP. That time another problem comes into the picture that is , some time client are neither able to reach gateway nor getting internet, if I just reconnect the AP(or relase/renew) ,again both are working. I am observing these malfunction.
I think that every time when I will connect the AP, client should get IP address from AP DHCP pool . No need to put ACL to block other DHCP server in the network.
I faced a unexpected situation that without any ACL, when client connects AP, if client gets IP from AP DHCP pool ,then it is working fine.
configuration::
sh run
Building configuration...
Current configuration : 3037 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$57nX$m6i8CP0UASrwQ8N.tTt4G0
enable password 7 096F471A1A0A
!
no aaa new-model
ip name-server 4.2.2.2
ip name-server 8.8.8.8
no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.0.1 10.2.65.34
!
ip dhcp pool abpitdhcp
network 10.2.0.0 255.255.0.0
dns-server 8.8.8.8
--More-- default-router 10.2.50.1
!
!
dot11 syslog
!
dot11 ssid ABP1142
authentication open
guest-mode
!
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 082CC74122C6 transmit-key
encryption mode wep mandatory
--More-- !
ssid ABP1142
!
antenna gain 0
station-role root
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 40bit 7 141F0744A8FC transmit-key
encryption mode wep mandatory
antenna gain 0
--More-- dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
ip access-group 101 in
ip access-group 101 out
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
--More-- ip address 10.2.65.173 255.255.0.0
no ip route-cache
!
ip default-gateway 10.2.50.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 101 deny udp any any range bootps bootpc
access-list 101 permit ip any any
access-list 700 permit 0012.f090.5851 0000.0000.0000
access-list 700 permit ccaf.785b.3717 0000.0000.0000
access-list 700 permit ccaf.785b.1c8b 0000.0000.0000
access-list 700 permit 0cee.e693.ee87 0000.0000.0000
access-list 700 permit 0cee.e68d.2691 0000.0000.0000
access-list 700 permit 3859.f900.17e5 0000.0000.0000
access-list 700 permit 3451.c95b.9a71 0000.0000.0000
access-list 700 permit 0018.deae.fd8f 0000.0000.0000
access-list 700 permit 0026.5a74.9726 0000.0000.0000
access-list 700 permit 904c.e5b1.b0c3 0000.0000.0000
access-list 700 permit 904c.e5b1.6474 0000.0000.0000
access-list 700 permit 0018.deae.eb61 0000.0000.0000
access-list 700 permit 0013.02d7.006d 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
--More-- bridge 1 route ip
!
!
!
line con 0
password 7 13261E010803
line vty 0 4
password 7 112A1016141D
login local
line vty 5 15
password 7 112A1016141D
login local
!
end
Please help....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide