Hello Leonard,

As per your query i can suggest you the following solution-

Please configure ip helper address to resolve this issue.To configure an IP helper address you’ll use the ip helper-address a.b.c.d in interface configuration mode on the interface that is connected to the broadcast domain in which you wish to provide DHCP IP addresses. For example, a VLAN interface or an Ethernet interface on a router connected to a Cisco switch or segregated by a layer 2 VLAN.

Command-

ip helper-address a.b.c.d

This command is executed in interface configuration mode to enable a Layer 3 interface to receive BOOTP DHCP Request and forward them to a specified DHCP server.

Hope this will help you.

I can reach the dhcp server from 1941w. I have configured a trunk on the switch. i have configured the router as below:

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

ip address 10.58.194.2 255.255.255.224

ip helper-address 10.58.193.33

!

interface GigabitEthernet0/0.101

encapsulation dot1Q 101

ip address 10.58.194.66 255.255.255.224

ip helper-address 10.58.193.33

!

interface GigabitEthernet0/0.104

encapsulation dot1Q 104

ip address 10.58.193.2 255.255.255.192

ip helper-address 10.58.193.33

!

on the ap as below:

!

dot11 ssid LAFARGE-ADMIN

   vlan 100

   authentication open

   authentication key-management wpa

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 0 l@farg34dm1n

   information-element ssidl

!

!

!

username Cisco password 7 02250D480809

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm tkip

!

encryption vlan 101 mode ciphers aes-ccm tkip

!

encryption vlan 100 mode ciphers aes-ccm tkip

!

ssid LAFARGE-ADMIN

!

antenna gain 0

mbssid

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1

no ip route-cache

!

interface Dot11Radio0.100

encapsulation dot1Q 100 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

We have this configured on the 4507 switch:

!

interface Vlan100

description finance vlan gateway

ip address 10.58.194.30 255.255.255.224 secondary

ip address 10.58.193.93 255.255.255.224

ip helper-address 10.58.193.33

no ip redirects

standby 2 ip 10.58.193.94

standby 2 timers 5 15

standby 2 preempt

!

interface Vlan101

description Admin Vlan Gateway

ip address 10.58.194.94 255.255.255.224 secondary

ip address 10.58.193.125 255.255.255.240

ip helper-address 10.58.193.33

no ip redirects

standby 2 ip 10.58.193.126

standby 2 timers 5 15

standby 2 preempt

!

interface Vlan102

description sales vlan gateway

ip address 10.58.193.109 255.255.255.240

ip helper-address 10.58.193.33

standby 2 ip 10.58.193.110

standby 2 timers 5 15

standby 2 preempt

!

interface Vlan103

description IT vlan gateway

ip address 10.58.193.141 255.255.255.240

ip helper-address 10.58.193.33

standby 2 ip 10.58.193.142

standby 2 timers 5 15

standby 2 preempt

!

interface Vlan104

description servers vlan gateway

ip address 10.58.193.61 255.255.255.192

ip helper-address 10.58.193.33

no ip redirects

standby 2 ip 10.58.193.62

standby 2 timers 5 15

standby 2 preempt

!

i am able to ping the dhcp server from the router and also this IPs for the respective vlans that i have assigned.

I will have multiple ssid for the different vlans on ap.
i have tried to assign myself an IP on the vlan 100 scope, ping failed.

Are the clients even associating? I would use WPA version 2 since your using AES. I would also remove information-element ssidl. When using WPA you would enable TKIP and WPA2 you use AES.

Sent from Cisco Technical Support iPhone App

Yeah but it fails after a minute.

Sent from Cisco Technical Support iPhone App

If you look, the log shows WPA2 but your SSID is only setup for WPA.

Sent from Cisco Technical Support iPhone App

Make the two changes I posted earlier and see if it helps.

Sent from Cisco Technical Support iPhone App

I have made the changes but still no luck

on ap:

!

dot11 ssid ADMIN

   vlan 100

   authentication open

   authentication key-management wpa version 2

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 0 l@farg34dm1n

!

!

!

username Cisco password 7 02250D480809

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

encryption vlan 100 mode ciphers aes-ccm

!

ssid ADMIN

!

antenna gain 0

mbssid

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1

no ip route-cache

!

interface Dot11Radio0.100

encapsulation dot1Q 100 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!