CHALLENGE: Can you configure DHCP server on IOS-AP for multiple VLANs ?!

Unanswered Question
Oct 23rd, 2007
User Badges:

Hi,

we are talking here about autonomous AP in latest 12.4 IOS release.

I know well how to create a dhcp pool on an AP and distribute addresses to clients when you have a single interface (radio and Ethernet).

But what can we do when we want to create multiple DHCP scope for multiple radio sub-interfaces for multiple VLANs at the end!!!???

It tried fixing an IP addresse in the sub-interface, and using it as DHCP server with the standard DHCP scope definition, but no way, it does not work.

And when searching more on CCO, I cannot find any doc solving that case.

Thanks for help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tpacjer Wed, 10/24/2007 - 07:29
User Badges:

create a vlan for each ssid and trunk using a subinterface for each vlan.



herve.collignon Wed, 10/24/2007 - 07:39
User Badges:

Sorry Jeremy but that's what I already done since I need several SSID/VLANs.

Here below the main extract of the config.

Then if I create a DHCP Scope for each VLAN, I do not have a way to ask the AP to assign scope30 to VLAN30, scope50 to VLAN50, etc...

It only work if you define 1 single scope matching the same subnet as the BVI int!

----------------------------------------

dot11 vlan-name Employee-WiFi vlan 30

dot11 vlan-name Guest-WiFi vlan 50

!

dot11 ssid FAGUEST

vlan Guest-WiFi

max-associations 10

authentication open

authentication key-management wpa

wpa-psk ascii ------------

!

dot11 ssid FALAN

vlan Employee-WiFi

max-associations 10

authentication open eap EAP

authentication key-management wpa

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption vlan Employee-WiFi mode ciphers aes-ccm

encryption vlan Guest-WiFi mode ciphers aes-ccm tkip

ssid FAGUEST

ssid FALAN

BLABLABLA...

BLABLABLA...

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

no cdp enable

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled

!

interface Dot11Radio0.50

encapsulation dot1Q 50

no ip route-cache

no cdp enable

bridge-group 50

bridge-group 50 subscriber-loop-control

bridge-group 50 block-unknown-source

no bridge-group 50 source-learning

no bridge-group 50 unicast-flooding

bridge-group 50 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

no bridge-group 30 source-learning

bridge-group 30 spanning-disabled

!

interface FastEthernet0.50

encapsulation dot1Q 50

no ip route-cache

bridge-group 50

no bridge-group 50 source-learning

bridge-group 50 spanning-disabled

!

interface FastEthernet0.99

encapsulation dot1Q 99 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.74.101.208 255.255.255.0

no ip route-cache

!

ip default-gateway 10.74.101.1

!

bridge 1 route ip

!

------------------------------------------


edliu Sat, 01/19/2008 - 19:56
User Badges:

Like the wire LAN DHCP,you must creat BVI

for every WLAN/VLAN.

For example:

interface BVI 30

ip address x.x.x.x **must belong dhcp scope30

interface BVI 50

ip address x.x.x.x **must belong dhcp scope50



tpacjer Wed, 10/24/2007 - 08:12
User Badges:

maked sure that the uplink port is configuried as a trunk and that the vlans are allowed. also you need to have those vlans on the uplink switch and so on till you get to your core. you might have to add helper address on the vlan interfaces so that those interfaces know wher to send dhcp requestes

herve.collignon Thu, 10/25/2007 - 08:31
User Badges:

Hi jeremy,

do you mean I should configure on the 'int vlan x' of the switch a 'ip helper-address' pointing to the AP's BVI ip address?

And just defining a scope in the AP that matchs the same subnet as the switch IP address that relay the DHCP request?

In fact you are proposing to let request goes out of the AP to go back again in the AP for proposal, right ?

scottmac Sun, 01/20/2008 - 06:57
User Badges:
  • Green, 3000 points or more

On the AP itself? NO, you can't.


A network-based DHCP server (Windows or *nix) will work OK, assuming you have the trunking and switches configured properly.


The AP-based RADIUS also has limited functionality.


APs have just little teeney tiny CPUs (compared to a real server) and limited memory and storage. Aside from handing traffic to/from the wired/wireless domains, it's not meant to handle enterprise server functionality.


Single DHCP service, like for a small or temporary location, no problem. Multiple DHCPs domains ... get a server.


Good Luck

Scott


Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode