Re: User cant get IP address from the DHCP server?

c.ong · ‎10-07-2004

Dear Sir,

My AP is to supoprt multiple VLAN and the switchport that connects to the AP has the following commands

Int fa0/1

Switchport mode trunk

Switchport encapsulation dot1Q

Duplex Full

Speed 100

Below is the partial configurations of my AP due to the limitations of characters allowed in this message

!

hostname A6FRONT

!

username admin privilege 15 password xxxx

ip subnet-zero

!

dot11 network-map

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 201 key 1 size 128bit 7 xxxx transmit-key

encryption vlan 201 mode wep mandatory

!

encryption vlan 202 key 2 size 128bit 7 xxx transmit-key

!

broadcast-key vlan 201 change 6000

!

ssid 4eVerDiaL911

vlan 202

max-associations 5

authentication open

!

ssid EazzzYYY88

vlan 201

max-associations 15

authentication open

authentication network-eap eap_methods

!

ssid GoLIve4eVer

vlan 200

max-associations 5

authentication open

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

rts threshold 2312

power local 50

power client 30

channel 2437

station-role root

no dot11 extension aironet

!

interface Dot11Radio0.2

encapsulation dot1Q 2 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.200

encapsulation dot1Q 200

no ip route-cache

bridge-group 200

bridge-group 200 subscriber-loop-control

bridge-group 200 port-protected

bridge-group 200 block-unknown-source

no bridge-group 200 source-learning

no bridge-group 200 unicast-flooding

bridge-group 200 spanning-disabled

!

interface Dot11Radio0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 subscriber-loop-control

bridge-group 201 port-protected

bridge-group 201 block-unknown-source

no bridge-group 201 source-learning

no bridge-group 201 unicast-flooding

bridge-group 201 spanning-disabled

!

interface Dot11Radio0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 subscriber-loop-control

bridge-group 202 port-protected

bridge-group 202 block-unknown-source

no bridge-group 202 source-learning

no bridge-group 202 unicast-flooding

bridge-group 202 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

!

interface FastEthernet0.2

encapsulation dot1Q 2 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.200

encapsulation dot1Q 200

no ip route-cache

bridge-group 200

bridge-group 200 port-protected

no bridge-group 200 source-learning

bridge-group 200 spanning-disabled

!

interface FastEthernet0.201

encapsulation dot1Q 201

no ip route-cache

bridge-group 201

bridge-group 201 port-protected

no bridge-group 201 source-learning

bridge-group 201 spanning-disabled

!

interface FastEthernet0.202

encapsulation dot1Q 202

no ip route-cache

bridge-group 202

bridge-group 202 port-protected

no bridge-group 202 source-learning

bridge-group 202 spanning-disabled

!

interface BVI1

ip address 10.15.7.38 255.255.252.0

no ip route-cache

!

ip default-gateway 10.15.4.1

bridge 1 route ip

!

line con 0

line vty 5 15

!

end

Is there any additioanl comand swhich I have left out? I failed to get IP address assignment from the DHCP server.

Thank you for your help.

Regards,

Delon

paddyxdoyle · ‎10-07-2004

Delon,

It looks like you need to add a helper address on your BVI1 interface.

e.g.

#interface BVI1

ip helper-address IP_OF YOUR_DHCP_SERVER

HTH

Paddy

hsaenz · ‎10-08-2004

I had the same problem. Is it a 1220 with a 802.11g radio upgrade? Put this IOS on it and it will work fine.

12.2.13-JA4

dixho · ‎10-08-2004

Based on the speed parameter in the AP, the AP only 802.11b radio. (i.e. there is no speed for 802.11g).

Also, you do not need ip helper-address on the BVI. You need ip helper-address on the ethernet interface on an external router.

From the configuration, VLAN 2 is set as native VLAN in the AP. There is no native VLAN setting in the switch. Thus, VLAN 1 is used. Please try the following command under int fa0/1 in the switch "switch trunk native vlan 2."

c.ong · ‎10-08-2004

Hi,

In fact I have put in the commands you suggested in the switchport which connects to the AP.

However, problem still persists.

In fact, I found a workaround to it. Under the VLAN configuration on the AP, you should not check enable public secure packet forwarding. Then the client on VLAN 202 is able to get IP address from the DHCP server. However, I would like to disable inter client communication. How can I achieve that since enabling it will cause the client fail to grab IP from a DHCP server.

Please advise.

Regards,

Delon

bcho · ‎10-10-2004

Hi,

You don't have to enable PSPF on the FastEthernet subinterfaces to block communciation between wireless clients. You only need to enable it on the radio subinterfaces.

The thing about PSPF is that communication between all interfaces with PSPF enabled will fail. This included DHCP traffic.

Kind Regards,

Byung

c.ong · ‎10-10-2004

Hi Byung,

I am confused. How can I enable pspf on the radio interface only? I usually configure the AP using web-based interface. The pspf feature is found on the page we define VLAN. If I check the box to enable pspf on the VLAN creation page, does it mean that I am enabling pspf on the fastEthernet and radio interface as well?

Can I know the command in IOS to enable pspf on the radio interface?

Thank you.

Regards,

Delon

dixho · ‎10-11-2004

I overlooked the public secure packet forwarding configuration. If you enable secure packet forwarding, you need to have a DHCP server on each VLAN.