DHCP through vlans

Unanswered Question
Oct 3rd, 2007

I have a 3750 switch. I am creating a wireless guest network using an ASA 5550 dmz to provide dhcp for this guest network. I have created the dmz network and placed it in VLAN 200. If I plug my laptop into a port on the switch in vlan 200 I receive the proper ip address from the ASA and am able to reach the internet. I then configured the SSID on my 1200 series aironet access point. I also configured the appropriate trunk port settings for this access point on the 3750. I know this is working properly as my corporate wpa is working on the 1200 AP. When I configure a laptop to use the guest ssid, they connect to the ap using the wep key but do not receive an ip address. There are no errors indicating that it is a wep key miss match. I have configured an ip helper-address within the vlan 200 settings pointing to the ASA but I cannot get an ip address from the access point. Would this have something to do with the fact that these are two different address ranges?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
glen.grant Wed, 10/03/2007 - 10:01

things to check would be to see if trunk is working correctly, when you have to force them on they can look like they are working when they are not . Did you match the native vlans on the WAP for the radio and the ethernet subinterface . and switchport side for the trunk ? If you do a show int trunk on the switch does it look right ?

mrrlg Wed, 10/03/2007 - 10:29

The trunk ports appear to be working as I am able to connect via the corporate SSID on the same AP.

SSCU3750#show int trunk

Port Mode Encapsulation Status Native vlan

Gi1/0/23 on 802.1q trunking 1

Gi1/0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/0/23 1-4094

Gi1/0/24 1-4094

Port Vlans allowed and active in management domain

Gi1/0/23 1-3,10,103,200,899

Gi1/0/24 1-3,10,103,200,899

Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/23 1-3,10,103,200,899

Gi1/0/24 1-3,10,103,200,899


Not sure I understand the last part of your answer. Each sub-interface on the WAP is it's own bridging group and the WAP itself is part of the same native vlan as the switch.

mrrlg Wed, 10/03/2007 - 10:34

How would a computer plugged into a port on the 3750 configured as a member of vlan 200 (with an ip helper-address pointing to the ASA) be able to receive an ip address when a dhcp request coming from the WAP on a trunk port on the same switch fails? Shouldn't they both fail?


This Discussion