Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
1
Replies

Handout DHCP for Two seperate AP VLANs and give them access to the Internet

Mahmoudhbm
Level 1
Level 1

‎05-19-2019 07:20 PM - edited ‎07-05-2021 10:26 AM

Dear All,

 

I have setup AP 2702i, 3560G Swicth, and 800 ISR Router.

 

Wired users are in VLAN7 > Network: 192.168.7.0 /24 with SVI 192.168.7.10

 

The Router is the default gateway: 192.168.7.1 which is connected to the Internet.

AP is connected to the Swicth on port Gigabit Ethernet 0/21 and i configured as Trunk.

I have created VLAN 1 for 2.4-GHz traffic and VLAN 10 for 5-GHz traffic.

I prefer to configure the DHCP on the Switch,As per the configuration below, how do i configure DHCP

Relay so i give VLAN1 > 192.168.1.0 /24 range and VLAN10 > 192.168.10.0 /24 range? and then Inter-VLAN between VLAN1,7, and 10? after that connect them to the Internet?

 

As shown below is the output from AP and the Switch for your kind information.

 

Thank you very much.

 

AP:

Jamaica#sh running-config
Building configuration...

Current configuration : 3447 bytes
!
! Last configuration change at 02:36:16 UTC Wed Mar 3 1993
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Jamaica
!
!
logging rate-limit console 9
enable secret 5 $1$eeUu$QbCxMj9kqloxyx9i6ZhLK1
!
no aaa new-model
no ip source-route
no ip cef
ip domain name sybex.ae
!
!
!
!
dot11 pause-time 100
dot11 syslog
dot11 vlan-name GoodLuck vlan 1
dot11 vlan-name GoodLuck-ac vlan 10
!
dot11 ssid GoodLuck
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 06080A35191A5E4C544345
!
dot11 ssid GoodLuck-ac
vlan 10
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 151C0E18517E7C71796762
!
!
!
no ipv6 cef
!
!
username Cisco password 7 05280F1C2243
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
shutdown
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid GoodLuck
!
ssid GoodLuck-ac
!
antenna gain 0
stbc
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
ssid GoodLuck
!
ssid GoodLuck-ac
!
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 spanning-disabled
no bridge-group 10 source-learning
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address f44e.0580.f094
ip address 192.168.7.7 255.255.255.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login local
transport input all
!
end

 

Switch:

Switch#sh run
Building configuration...

Current configuration : 8273 bytes
!
! Last configuration change at 16:22:56 PST Sun May 19 2019 by mahmoudmdce
! NVRAM config last updated at 09:00:27 PST Fri May 17 2019 by mahmoudmdce
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$OggG$Kf3ZobWgqWMVtMsbHtLaD1
!
username mahmoudmdce privilege 15 secret 5 $1$xcRm$ihqslSYa/csUT7oJGTevb1
!
!
aaa new-model
!
!
aaa authentication login AUTHEN_via_TACACS group tacacs+ local
aaa authorization exec Auther-Exec_via_TACACS group tacacs+ local
!
!
!
aaa session-id common
clock timezone PST -8
system mtu routing 1500
vtp mode transparent
udld aggressive

ip routing
no ip domain-lookup
ip domain-name sybex.ae
ip dhcp excluded-address 192.168.7.1 192.168.7.10
!
ip dhcp pool Home_LAN
network 192.168.7.0 255.255.255.0
default-router 192.168.7.1
dns-server 8.8.8.8 4.2.2.2
!
!
ip dhcp snooping vlan 1,10
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-1921006848
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1921006848
revocation-check none
rsakeypair TP-self-signed-1921006848
!
!
crypto pki certificate chain TP-self-signed-1921006848
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393231 30303638 3438301E 170D3933 30333031 30303031
34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39323130
30363834 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C22C EEFD2BA0 083525CD 8CD62767 C984A0B6 5EE3B9FC 6D086144 88D79586
F03AACBC 979247C1 55841893 42F0A844 82B09E17 D2CEEB21 9547E280 6CDDB3B2
567A1F65 5E0A1773 757C0E33 2C0C8BD5 08F9BA5F 3D786780 E0713542 EEDE5C73
C5021F6B 171FF9CD 7E231A3D 326E482B F348DEBE 065148A9 2F04DB7F 53917919
E8AB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F537769 7463682E 73796265 782E6165 301F0603 551D2304
18301680 1456CF60 98839EBB 358C0689 7712A2AC C643A916 F0301D06 03551D0E
04160414 56CF6098 839EBB35 8C068977 12A2ACC6 43A916F0 300D0609 2A864886
F70D0101 04050003 81810081 657A3B55 A0005FE8 A8C7460B 92126D85 20EA43D5
7CC1FC6D CFF7D6F7 278111CC 030B3869 E3F3154C C26B3556 C6A7D97D A5796B0B
CBCF7895 CF49A7CE 409E765E CC011B7A 13C24F02 CDA5FA39 3A6D0405 7DB369ED
E47F8E4F A44911EB 34114890 78ED8A16 9E30FEAC 8F17FF3C 7B45A18A C57174F2
FFB5FE40 E567A856 1E578E
quit
dot1x system-auth-control
!
!
!
errdisable recovery cause bpduguard
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 7
name HOME_USERS
!
vlan 10
name Wi-Fi
!
!
!
interface GigabitEthernet0/1
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/2
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/3
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/4
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/5
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/6
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/7
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/8
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/9
description LAN
switchport access vlan 7
switchport mode access
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/10
switchport access vlan 7
switchport mode access
!
interface GigabitEthernet0/11
switchport access vlan 7
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/13
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/14
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/15
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/16
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/17
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/18
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/19
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/20
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/21
description CONNECTED TO CISCO AP
switchport access vlan 7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,7,10
switchport mode trunk
power inline never
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/22
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/23
description CONNECTED TO CISCO 800 ISR ROUTER
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/24
description CONNECTED TO CISCO ISR 870
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard disable
!
interface GigabitEthernet0/25
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/26
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/27
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/28
description LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
interface Vlan3
no ip address
shutdown
!
interface Vlan7
ip address 192.168.7.10 255.255.255.0
!
interface Vlan8
ip address 192.168.8.2 255.255.255.0
!
interface Vlan9
ip address 192.168.9.2 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
no cdp run
snmp-server community test RO
tacacs-server host 192.168.7.252 key 7 0520071D204743080A041B1352
tacacs-server directed-request
!
vstack
banner motd ^C^C
!
line con 0
exec-timeout 0 0
password 7 01031405581F0F0C24
logging synchronous
line vty 0 4
exec-timeout 0 0
password 7 01031405581F0F0C24
authorization exec Author-Exec_via_TACACS
login authentication AUTHEN_via_TACACS
length 0
transport input all
line vty 5 15
exec-timeout 0 0
!
ntp clock-period 36028834
ntp server 192.168.7.1
end

 

Labels:
0 Helpful
1 Reply 1

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎05-19-2019 11:10 PM

Hi,

Please do these chnages and try again:

 

interface BVI1
mac-address f44e.0580.f094

no ip address 192.168.7.7 255.255.255.0
ip address 192.168.1.7 255.255.255.0
!
interface GigabitEthernet0/21
description CONNECTED TO CISCO AP
no switchport access vlan 7

switchport trunk native vlan 1

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,7,10
switchport mode trunk
power inline never
spanning-tree portfast
spanning-tree bpduguard disable

 

 

Regards

Dont forget to rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card