cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1605
Views
0
Helpful
12
Replies

Wireless DHCP problem

Hello,

I have a problem

We have cisco ap 500 series, it was lightweight, but we migrate it to standalone, now, the scheme is simple.

We have a router 2811 and dhcp created on it, also we have f0/0.30 virtual interface with ip of 10.10.30.1

On switch one interface (trunk) goes to router f0/0 interface, and one interface (access) goes to ap

On AP we have BVI interface with 10.10.30.10, and default route to 10.10.30.1

So when we connecting to our SSID, it connect but doestn receive DHCP, and takes APIPA address, please explain why ap doesnt assign ip to clients

Also ap config.txt here

Thank you

1 Accepted Solution

Accepted Solutions

Kamran,

Yes, sorry, that was unclear. Make your switchport interface the trunk. You do this on the switch:

(config-if)switch# switchport trunk encap dot1q

(config-if)switch# switchport mode trunk

Justin

Sent from Cisco Technical Support iPhone App

View solution in original post

12 Replies 12

Justin Kurynny
Level 4
Level 4

Kamran,

Can you ping from the router to the AP? From the AP to the router?

Assuming your 2811's fa0/0.30 is encapsulation dot1q 30, is your switchport that your AP is connected to set to switchport access vlan 30?

Make sure VLAN 30 exists on your switch ((config)#vlan 30). You can have it assigned on a switchport, but if it doesn't exist in the VLAN database, no traffic will pass on VLAN 30.

Justin

Yep, Ping is going from ap to router and vice versa, fa0/0.30 also has encapsulation dot1q30

Ap connect to switchport with switchport access vlan 30

Vlan 30 in database

I dont understand why ap doesnt broadcast dhcp

Kamran,

Can you post the AP config? I think you tried to post it in your first message, but it didn't come through.

Justin

Kamran,

Also, the router config? Remove passwords, keys, etc. Thanks.

Justin

Here is AP configs:

show run

*Mar  1 00:25:26.377: %SYS-5-CONFIG_I: Configured from console by console

Building configuration...

Current configuration : 1607 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 $1$cFC2$NdW0rVFAwPMOIuKhfk6G1/

!

aaa new-model

!

!

!

aaa session-id common

!

!

dot11 vlan-name VLAN30 vlan 30

!

dot11 ssid VLAB

   vlan 30

   authentication open

   guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid VLAB

!

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 195

bridge-group 195 subscriber-loop-control

bridge-group 195 block-unknown-source

no bridge-group 195 source-learning

ap#

ap#

ap#show run

Building configuration...

Current configuration : 1607 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 $1$cFC2$NdW0rVFAwPMOIuKhfk6G1/

!

aaa new-model

!

!

!

aaa session-id common

!

!

dot11 vlan-name VLAN30 vlan 30

!

dot11 ssid VLAB

   vlan 30

   authentication open

   guest-mode

!

power inline negotiation prestandard source

!

!

username Cisco

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

ssid VLAB

!

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 195

bridge-group 195 subscriber-loop-control

bridge-group 195 block-unknown-source

no bridge-group 195 source-learning

no bridge-group 195 unicast-flooding

bridge-group 195 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 195

no bridge-group 195 source-learning

bridge-group 195 spanning-disabled

!

interface BVI1

ip address 10.10.30.10 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.30.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end

and Router config:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname HQRTR

!

boot-start-marker

boot-end-marker

!

card type e1 0 0

logging message-counter syslog

!

no aaa new-model

memory-size iomem 10

clock timezone AZT 4

network-clock-participate wic 0

!

dot11 syslog

ip source-route

!

!

ip cef

ip dhcp excluded-address 10.10.30.1 10.10.30.10

ip dhcp excluded-address 10.10.20.1 10.10.20.10

!

ip dhcp pool HQPHONES

   network 10.10.30.0 255.255.255.0

   default-router 10.10.30.1

   option 150 ip 10.1.200.101 10.1.200.102

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

isdn switch-type primary-net5

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

voice-card 0

dspfarm

dsp services dspfarm

!

!

application

service aa flash:app-b-acd-aa-2.1.2.3.tcl

  paramspace english index 1

  param number-of-hunt-grps 1

  param menu-timeout 6

  param handoff-string aa

  param dial-by-extension-option 5

  param max-time-vm-retry 2

  param aa-pilot 5555

  param max-extension-length 4

  paramspace english location flash:

  param voice-mail 6000

  param service-name queue

!

service queue flash:app-b-acd-2.1.2.3.tcl

  param aa-hunt3 2222

  param queue-len 10

  param number-of-hunt-grps 1

!

!

!

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

controller E1 0/0/0

ds0-group 1 timeslots 1-5 type fxo-loop-start

!

controller E1 0/0/1

!

!

!

!

!

interface Loopback0

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 10.1.200.1 255.255.255.0

ip nat inside

ip virtual-reassembly

h323-gateway voip interface

h323-gateway voip bind srcaddr 10.1.200.1

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.0

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 10.10.30.1 255.255.255.0

!

interface FastEthernet0/0.39

!

interface FastEthernet0/1

ip address 172.31.7.21 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/1/0

no ip address

encapsulation frame-relay IETF

no fair-queue

frame-relay lmi-type ansi

!

interface Serial0/1/0.1 point-to-point

ip address 10.10.111.1 255.255.255.0

ip ospf mtu-ignore

snmp trap link-status

frame-relay interface-dlci 201

!

interface Serial0/1/0.2 point-to-point

ip address 10.10.112.1 255.255.255.0

ip ospf mtu-ignore

snmp trap link-status

frame-relay interface-dlci 202

!

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

network 10.1.200.1 0.0.0.0 area 0

network 10.10.20.1 0.0.0.0 area 0

network 10.10.30.1 0.0.0.0 area 0

network 10.10.111.1 0.0.0.0 area 0

network 10.10.112.1 0.0.0.0 area 0

network 192.168.1.1 0.0.0.0 area 0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.31.7.1

ip http server

no ip http secure-server

!

!

ip nat inside source list NAT interface FastEthernet0/1 overload

!

ip access-list standard NAT

permit 10.0.0.0 0.255.255.255

!

!

!

!

!

!

!

control-plane

!

!

!

voice-port 0/0/0:1

output attenuation 0

!

ccm-manager redundant-host 10.1.200.102

ccm-manager mgcp

no ccm-manager fax protocol cisco

ccm-manager music-on-hold

ccm-manager config server 10.1.200.101

!

mgcp

mgcp call-agent 10.1.200.102 2427 service-type mgcp version 0.1

mgcp rtp unreachable timeout 1000 action notify

mgcp modem passthrough voip mode nse

mgcp package-capability rtp-package

mgcp package-capability sst-package

mgcp package-capability pre-package

no mgcp package-capability res-package

no mgcp timer receive-rtcp

mgcp sdp simple

mgcp fax t38 inhibit

!

mgcp profile default

!

!

!

dial-peer voice 1004 voip

service aa

destination-pattern 5555

session target ipv4:192.168.1.1

incoming called-number 5555

dtmf-relay h245-alphanumeric

codec g711ulaw

no vad

!

dial-peer voice 2222 voip

destination-pattern 2222

session target ipv4:10.1.200.101

dtmf-relay h245-alphanumeric

codec g711ulaw

no vad

!

dial-peer voice 50 pots

destination-pattern 555

port 0/0/0:1

Kamran,

The problem is that your AP is set up for trunking. The client associates, sends a DHCP request, and the AP tags it with 802.1q tag 30 before sending to the switch. The switchport is set up for access and doesn't understand tags, so the packet is dropped.

You need to change your switchport for your AP to look like this:

interface

description AP

switchport trunk encapsulation dot1q

switchport mode trunk

You will need to tag your BVI interface with VLAN 30 and put it in bridge-group 195 if you want to reach its management IP (30.10).

Alternatively, you can strip out all the VLAN tagging and subinterfaces on your AP and just do everything on the default VLAN. In this setup you can leave your switchport as an access port in VLAN 30.

Justin

Justin,

But on AP interface there is no command to change switchport encapsulation or make trunk,

or you mean Switchport ?

Kamran,

Yes, sorry, that was unclear. Make your switchport interface the trunk. You do this on the switch:

(config-if)switch# switchport trunk encap dot1q

(config-if)switch# switchport mode trunk

Justin

Sent from Cisco Technical Support iPhone App

Yep, it worked, thank you Justin

Also it the first time i see config like

switchport access vlan 30

switchport trunk encapsulation dot1q

switchport mode trunk

Cisco classic wireless scheme when ap is in access mode by default with switchport

thank you

Kamran,

When a switchport is in trunking mode, the switchport access vlan command has no effect. You can remove it safely with the no form of that command.

Justin

Justin, if it has no effect, why when i remove access vlan, wireless ap stops broadcasting dhcp?

Kamran,

The switchport access vlan command is only relevant when the switchport is set to switchport mode access. In access mode, the configured VLAN acts like a “native” vlan—all untagged traffic coming into the port is classified on the switch as part of that vlan-id. When you change the switchport mode to trunking (switchpport mode trunk), the access vlan statement is ignored and the port starts using the 802.1q extensions for frame classification. By default, the native vlan is 1 (this is the vlan that untagged traffic coming or going is placed in) and tagged traffic is both accepted incoming and passed outgoing.

At least that’s my understanding. ☺

Because you are using dot1q encapsulation on your AP, the AP is sending frames out with the vlan 30 tag and with your switchport in trunking mode, the traffic flows. Your BVI1 interface is essentially in the default vlan, which is why pings worked when you still had your switchport as an access port set for vlan 30.

Can you copy/paste the configuration for the switchport? Now you have me scratching my head..

Justin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: