03-14-2012 10:52 PM - edited 07-03-2021 09:47 PM
Hello,
I have a problem
We have cisco ap 500 series, it was lightweight, but we migrate it to standalone, now, the scheme is simple.
We have a router 2811 and dhcp created on it, also we have f0/0.30 virtual interface with ip of 10.10.30.1
On switch one interface (trunk) goes to router f0/0 interface, and one interface (access) goes to ap
On AP we have BVI interface with 10.10.30.10, and default route to 10.10.30.1
So when we connecting to our SSID, it connect but doestn receive DHCP, and takes APIPA address, please explain why ap doesnt assign ip to clients
Also ap config.txt here
Thank you
Solved! Go to Solution.
03-15-2012 12:22 AM
Kamran,
Yes, sorry, that was unclear. Make your switchport interface the trunk. You do this on the switch:
(config-if)switch# switchport trunk encap dot1q
(config-if)switch# switchport mode trunk
Justin
Sent from Cisco Technical Support iPhone App
03-14-2012 11:16 PM
Kamran,
Can you ping from the router to the AP? From the AP to the router?
Assuming your 2811's fa0/0.30 is encapsulation dot1q 30, is your switchport that your AP is connected to set to switchport access vlan 30?
Make sure VLAN 30 exists on your switch ((config)#vlan 30). You can have it assigned on a switchport, but if it doesn't exist in the VLAN database, no traffic will pass on VLAN 30.
Justin
03-14-2012 11:23 PM
Yep, Ping is going from ap to router and vice versa, fa0/0.30 also has encapsulation dot1q30
Ap connect to switchport with switchport access vlan 30
Vlan 30 in database
I dont understand why ap doesnt broadcast dhcp
03-14-2012 11:28 PM
Kamran,
Can you post the AP config? I think you tried to post it in your first message, but it didn't come through.
Justin
03-14-2012 11:29 PM
Kamran,
Also, the router config? Remove passwords, keys, etc. Thanks.
Justin
03-14-2012 11:37 PM
Here is AP configs:
show run
*Mar 1 00:25:26.377: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
Current configuration : 1607 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$cFC2$NdW0rVFAwPMOIuKhfk6G1/
!
aaa new-model
!
!
!
aaa session-id common
!
!
dot11 vlan-name VLAN30 vlan 30
!
dot11 ssid VLAB
vlan 30
authentication open
guest-mode
!
power inline negotiation prestandard source
!
!
username Cisco
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid VLAB
!
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 195
bridge-group 195 subscriber-loop-control
bridge-group 195 block-unknown-source
no bridge-group 195 source-learning
ap#
ap#
ap#show run
Building configuration...
Current configuration : 1607 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$cFC2$NdW0rVFAwPMOIuKhfk6G1/
!
aaa new-model
!
!
!
aaa session-id common
!
!
dot11 vlan-name VLAN30 vlan 30
!
dot11 ssid VLAB
vlan 30
authentication open
guest-mode
!
power inline negotiation prestandard source
!
!
username Cisco
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid VLAB
!
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 195
bridge-group 195 subscriber-loop-control
bridge-group 195 block-unknown-source
no bridge-group 195 source-learning
no bridge-group 195 unicast-flooding
bridge-group 195 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 195
no bridge-group 195 source-learning
bridge-group 195 spanning-disabled
!
interface BVI1
ip address 10.10.30.10 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.30.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
and Router config:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQRTR
!
boot-start-marker
boot-end-marker
!
card type e1 0 0
logging message-counter syslog
!
no aaa new-model
memory-size iomem 10
clock timezone AZT 4
network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 10.10.30.1 10.10.30.10
ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool HQPHONES
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
option 150 ip 10.1.200.101 10.1.200.102
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
isdn switch-type primary-net5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
dspfarm
dsp services dspfarm
!
!
application
service aa flash:app-b-acd-aa-2.1.2.3.tcl
paramspace english index 1
param number-of-hunt-grps 1
param menu-timeout 6
param handoff-string aa
param dial-by-extension-option 5
param max-time-vm-retry 2
param aa-pilot 5555
param max-extension-length 4
paramspace english location flash:
param voice-mail 6000
param service-name queue
!
service queue flash:app-b-acd-2.1.2.3.tcl
param aa-hunt3 2222
param queue-len 10
param number-of-hunt-grps 1
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
controller E1 0/0/0
ds0-group 1 timeslots 1-5 type fxo-loop-start
!
controller E1 0/0/1
!
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.1.200.1
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.10.20.1 255.255.255.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.10.30.1 255.255.255.0
!
interface FastEthernet0/0.39
!
interface FastEthernet0/1
ip address 172.31.7.21 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/1/0.1 point-to-point
ip address 10.10.111.1 255.255.255.0
ip ospf mtu-ignore
snmp trap link-status
frame-relay interface-dlci 201
!
interface Serial0/1/0.2 point-to-point
ip address 10.10.112.1 255.255.255.0
ip ospf mtu-ignore
snmp trap link-status
frame-relay interface-dlci 202
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.1.200.1 0.0.0.0 area 0
network 10.10.20.1 0.0.0.0 area 0
network 10.10.30.1 0.0.0.0 area 0
network 10.10.111.1 0.0.0.0 area 0
network 10.10.112.1 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.31.7.1
ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface FastEthernet0/1 overload
!
ip access-list standard NAT
permit 10.0.0.0 0.255.255.255
!
!
!
!
!
!
!
control-plane
!
!
!
voice-port 0/0/0:1
output attenuation 0
!
ccm-manager redundant-host 10.1.200.102
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server 10.1.200.101
!
mgcp
mgcp call-agent 10.1.200.102 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
!
mgcp profile default
!
!
!
dial-peer voice 1004 voip
service aa
destination-pattern 5555
session target ipv4:192.168.1.1
incoming called-number 5555
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
!
dial-peer voice 2222 voip
destination-pattern 2222
session target ipv4:10.1.200.101
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
!
dial-peer voice 50 pots
destination-pattern 555
port 0/0/0:1
03-14-2012 11:49 PM
Kamran,
The problem is that your AP is set up for trunking. The client associates, sends a DHCP request, and the AP tags it with 802.1q tag 30 before sending to the switch. The switchport is set up for access and doesn't understand tags, so the packet is dropped.
You need to change your switchport for your AP to look like this:
interface
description AP
switchport trunk encapsulation dot1q
switchport mode trunk
You will need to tag your BVI interface with VLAN 30 and put it in bridge-group 195 if you want to reach its management IP (30.10).
Alternatively, you can strip out all the VLAN tagging and subinterfaces on your AP and just do everything on the default VLAN. In this setup you can leave your switchport as an access port in VLAN 30.
Justin
03-15-2012 12:02 AM
Justin,
But on AP interface there is no command to change switchport encapsulation or make trunk,
or you mean Switchport ?
03-15-2012 12:22 AM
Kamran,
Yes, sorry, that was unclear. Make your switchport interface the trunk. You do this on the switch:
(config-if)switch# switchport trunk encap dot1q
(config-if)switch# switchport mode trunk
Justin
Sent from Cisco Technical Support iPhone App
03-15-2012 01:13 AM
Yep, it worked, thank you Justin
Also it the first time i see config like
switchport access vlan 30
switchport trunk encapsulation dot1q
switchport mode trunk
Cisco classic wireless scheme when ap is in access mode by default with switchport
thank you
03-15-2012 08:35 AM
Kamran,
When a switchport is in trunking mode, the switchport access vlan
Justin
03-15-2012 10:24 PM
Justin, if it has no effect, why when i remove access vlan, wireless ap stops broadcasting dhcp?
03-15-2012 11:08 PM
Kamran,
The switchport access vlan
At least that’s my understanding. ☺
Because you are using dot1q encapsulation on your AP, the AP is sending frames out with the vlan 30 tag and with your switchport in trunking mode, the traffic flows. Your BVI1 interface is essentially in the default vlan, which is why pings worked when you still had your switchport as an access port set for vlan 30.
Can you copy/paste the configuration for the switchport? Now you have me scratching my head..
Justin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: