06-07-2013 12:49 AM - edited 07-04-2021 12:11 AM
I have a 1941W and an external DHCP server. Wireless clients should get their IPs the same way when they are wired. I have checked the documentation but no help. Someone share such a document or help on how it can be done.
Solved! Go to Solution.
06-07-2013 04:22 AM
You just need to out an ip helper address under the L3 interface that points to your DHCP server. If its not wiring please lost the config from the router as well as the AP
Steve
Sent from Cisco Technical Support iPhone App
06-07-2013 04:22 AM
You just need to out an ip helper address under the L3 interface that points to your DHCP server. If its not wiring please lost the config from the router as well as the AP
Steve
Sent from Cisco Technical Support iPhone App
06-08-2013 12:41 PM
Hello Leonard,
As per your query i can suggest you the following solution-
Please configure ip helper address to resolve this issue.To configure an IP helper address you’ll use the ip helper-address a.b.c.d in interface configuration mode on the interface that is connected to the broadcast domain in which you wish to provide DHCP IP addresses. For example, a VLAN interface or an Ethernet interface on a router connected to a Cisco switch or segregated by a layer 2 VLAN.
Command-
ip helper-address a.b.c.d
This command is executed in interface configuration mode to enable a Layer 3 interface to receive BOOTP DHCP Request and forward them to a specified DHCP server.
Hope this will help you.
06-11-2013 02:36 AM
I can reach the dhcp server from 1941w. I have configured a trunk on the switch. i have configured the router as below:
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 10.58.194.2 255.255.255.224
ip helper-address 10.58.193.33
!
interface GigabitEthernet0/0.101
encapsulation dot1Q 101
ip address 10.58.194.66 255.255.255.224
ip helper-address 10.58.193.33
!
interface GigabitEthernet0/0.104
encapsulation dot1Q 104
ip address 10.58.193.2 255.255.255.192
ip helper-address 10.58.193.33
!
on the ap as below:
!
dot11 ssid LAFARGE-ADMIN
vlan 100
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 0 l@farg34dm1n
information-element ssidl
!
!
!
username Cisco password 7 02250D480809
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
encryption vlan 101 mode ciphers aes-ccm tkip
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
ssid LAFARGE-ADMIN
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
We have this configured on the 4507 switch:
!
interface Vlan100
description finance vlan gateway
ip address 10.58.194.30 255.255.255.224 secondary
ip address 10.58.193.93 255.255.255.224
ip helper-address 10.58.193.33
no ip redirects
standby 2 ip 10.58.193.94
standby 2 timers 5 15
standby 2 preempt
!
interface Vlan101
description Admin Vlan Gateway
ip address 10.58.194.94 255.255.255.224 secondary
ip address 10.58.193.125 255.255.255.240
ip helper-address 10.58.193.33
no ip redirects
standby 2 ip 10.58.193.126
standby 2 timers 5 15
standby 2 preempt
!
interface Vlan102
description sales vlan gateway
ip address 10.58.193.109 255.255.255.240
ip helper-address 10.58.193.33
standby 2 ip 10.58.193.110
standby 2 timers 5 15
standby 2 preempt
!
interface Vlan103
description IT vlan gateway
ip address 10.58.193.141 255.255.255.240
ip helper-address 10.58.193.33
standby 2 ip 10.58.193.142
standby 2 timers 5 15
standby 2 preempt
!
interface Vlan104
description servers vlan gateway
ip address 10.58.193.61 255.255.255.192
ip helper-address 10.58.193.33
no ip redirects
standby 2 ip 10.58.193.62
standby 2 timers 5 15
standby 2 preempt
!
i am able to ping the dhcp server from the router and also this IPs for the respective vlans that i have assigned.
I will have multiple ssid for the different vlans on ap.
i have tried to assign myself an IP on the vlan 100 scope, ping failed.
06-11-2013 03:50 AM
Are the clients even associating? I would use WPA version 2 since your using AES. I would also remove information-element ssidl. When using WPA you would enable TKIP and WPA2 you use AES.
Sent from Cisco Technical Support iPhone App
06-11-2013 05:02 AM
my laptop was able to associate...as below
*Mar 1 17:00:52.175: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ap 0022.fa2c.2f4e Associated KEY_MGMT[WPAv2 PSK]
*Mar 1 17:01:57.559: %DOT11-4-MAXRETRIES: Packet to client 0022.fa2c.2f4e reached max retries, removing the client
*Mar 1 17:01:57.559: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0022.fa2c.2f4e Reason: Previous authentication no longer valid
*Mar 1 17:01:57.563: %DOT11-4-MAXRETRIES: Packet to client 0022.fa2c.2f4e reached max retries, removing the client
06-11-2013 05:04 AM
Yeah but it fails after a minute.
Sent from Cisco Technical Support iPhone App
06-11-2013 05:06 AM
If you look, the log shows WPA2 but your SSID is only setup for WPA.
Sent from Cisco Technical Support iPhone App
06-11-2013 05:08 AM
Make the two changes I posted earlier and see if it helps.
Sent from Cisco Technical Support iPhone App
06-14-2013 01:16 AM
I have made the changes but still no luck
on ap:
!
dot11 ssid ADMIN
vlan 100
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 0 l@farg34dm1n
!
!
!
username Cisco password 7 02250D480809
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 100 mode ciphers aes-ccm
!
ssid ADMIN
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
06-14-2013 02:03 AM
Can you ssh or telnet from the wired side to your AP without having to session into the AP itself. So this is the config on the AP, but are you trunking and allowing the vlan from the router to the AP?
Sent from Cisco Technical Support iPhone App
06-14-2013 02:17 AM
i have done a simple test...i can ping the wlan-ap0 but i cant ping the bvi. This is when am connected via a lan cable
06-14-2013 02:18 AM
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.10.2 255.255.255.0
!
C:\Users\BT>ping 10.10.10.2
Pinging 10.10.10.2 with 32 bytes of data:
Reply from 10.10.10.2: bytes=32 time<1ms TTL=255
Reply from 10.10.10.2: bytes=32 time<1ms TTL=255
Reply from 10.10.10.2: bytes=32 time<1ms TTL=255
Reply from 10.10.10.2: bytes=32 time<1ms TTL=255
Ping statistics for 10.10.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\BT>ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
06-14-2013 02:19 AM
interface BVI1
ip address 10.10.10.1 255.255.255.0
no ip route-cache
!
06-14-2013 02:24 AM
That interface is for your session. You need to configure the gigabit interface to the AP and that has to be a trunk with native vlan 100
interface Wlan-GigabitEthernet0/0
description CONNECTION_TO_AP
switchport trunk native vlan 100
switchport mode trunk
no ip address
spanning-tree portfast
!
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: