Assigning DHCP IP address by SSID

Answered Question
Apr 25th, 2009
User Badges:

Hello,


I want to assign IP addreses by SSID on the 861W. I have two Vlans on the router on two different subnets, and one DHCP pool for each subnet. On the AP I have two SSIDs on each of the Vlans.


However, when I associate with the different SSIDs, I get an ip address from the same DHCP pool, instead of different pools. I want ip from different subnets with different SSIDs.


Any help is greatly appreciated.


Here's the AP config:


version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 <hash>

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

!

!

!

dot11 ssid Public

vlan 1

authentication open

!

dot11 ssid Voices

vlan 2

authentication open

!

!

!

username Cisco password 7 <hash>

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid Public

!

ssid Voices

!

station-role root access-point

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp client-id GigabitEthernet0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

no activation-character

line vty 0 4

login local

!

end

Correct Answer by jeff.kish about 7 years 11 months ago

To answer your earlier post, you do not need to create BVI2.


I think you should need to trunk your gig0 interface on the router. Try:


interface Wlan-GigabitEthernet0

switch trunk encapsulation dot1q

switch mode trunk


Let me know if that doesn't work.


Jeff

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jeff.kish Mon, 04/27/2009 - 04:59
User Badges:
  • Silver, 250 points or more

Enter the following commands:


int dot0.2

bridge-group 2

int g0.2

bridge-group 2


That should work. Cisco APs use bridge-groups to link the radio interface to the wired side. So despite you correctly configuring the VLANs, all traffic is currently getting placed on VLAN 1.

thomasmcleod Mon, 04/27/2009 - 07:43
User Badges:

Thanks for the suggestion. However, when I implement these commands clients on SSID Voices (Vlan2) cannot connect to the DHCP server on the router.


Here is my config on the router:



Current configuration : 2200 bytes

!

! Last configuration change at 10:45:20 EDT Mon Apr 27 2009 by Thomas

! NVRAM config last updated at 15:26:52 EDT Sat Apr 25 2009 by Thomas

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname pa-router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

!

!

no ip source-route

no ip dhcp conflict logging

!

ip dhcp pool 0

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 65.19.88.195

!

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 65.19.88.195

!

!

ip cef

!

!

!

!

username Thomas privilege 15 secret 5

!

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

no cdp enable

!

interface FastEthernet2

switchport access vlan 2

no cdp enable

!

interface FastEthernet3

switchport access vlan 2

no cdp enable

!

interface FastEthernet4

ip address 65.19.88.211 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0 secondary

ip address 207.136.203.109 255.255.255.252

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 65.19.88.193 permanent

no ip http server

no ip http secure-server

!

ip nat inside source list NAT interface FastEthernet4 overload

!

ip access-list standard NAT

permit 192.168.0.0 0.0.0.255

permit 192.168.1.0 0.0.0.255

!

no cdp run


!

control-plane

!

!

line con 0

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

exec-timeout 120 0

privilege level 15

login local

!

scheduler max-task-time 5000

end


thomasmcleod Mon, 04/27/2009 - 08:02
User Badges:

When I turn on ip packet debugging on the AP, I see packets going to the DHCP server on when I associate with Vlan 1, but nothing when I associate on Vlan 2.

Correct Answer
jeff.kish Mon, 04/27/2009 - 11:20
User Badges:
  • Silver, 250 points or more

To answer your earlier post, you do not need to create BVI2.


I think you should need to trunk your gig0 interface on the router. Try:


interface Wlan-GigabitEthernet0

switch trunk encapsulation dot1q

switch mode trunk


Let me know if that doesn't work.


Jeff

Actions

This Discussion