AP 1200 DHCP server for a specific VLAN

Unanswered Question
Dec 17th, 2009

Hello,

I am trying to set up a 1200 Aironet as a DHCP server but, for a specific VLAN (that is not the default VLAN), i could'nt be able to do that.  I have configured a dhcp pool, an interface bvi3 (coz the VLAN is 3) with ip address inside the subnet dhcp pool.  But it doesn't work for the wireless interface only works for the physical ethernet interface.

Belown the show run.

ip dhcp excluded-address 10.0.0.1 10.0.0.20
!
ip dhcp pool TestWIFI
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.1
   dns-server 201.225.225.225
!
!
no aaa new-model
dot11 vlan-name Usuario vlan 3
dot11 vlan-name guest vlan 4
!
dot11 ssid SSID1
   vlan 3
   authentication open
   mbssid guest-mode
!
dot11 ssid SSID2
   vlan 4
   authentication open
   mbssid guest-mode
!
!
!
username Cisco password 7 047802150C2E
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid SSID1
!
ssid SSID2
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
ip address 10.0.0.2 255.255.255.0
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!        
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
no ip address
no ip route-cache
!
interface BVI3
ip address 10.0.0.1 255.255.255.0
no ip route-cache

I hope some one could help me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
jeff.kish Fri, 12/18/2009 - 08:27

Try removing the IP address on your dot0.3 interface.  There's no reason for it, it should use the BVI3 interface as its L3 interface.

Not sure if that's your problem or not, I've never done this before, but that's what I see that doesn't look quite right.  Let me know if this works, I'm curious!

Jeff

jeff.kish Fri, 12/18/2009 - 08:45

It will do so via BVI3.  A bridge-group is a bunch of L2 interfaces linked together that share a common L3 interface, in this case BVI3.  For access points, IP addresses should never be needed on any interfaces other than BVI interfaces.

SSID 3 is linked to vlan 3, which is tied to bridge-group 3, which is tied to BVI3, dot0.3, and fa0.3

jeff.kish Fri, 12/18/2009 - 09:58

Well, I'm not sure what's going on here.  I just labbed this up, and I immediately got it working by using BVI1 and bridge-group 1.  Then I modified the config to mimic yours, using BVI3 and bridge-group 3, and I can't get an address.

I guess I never asked, but why are you using BVI3 instead of BVI1?  You can assign bridge-group 1 to VLAN 3, which is actually recommended if VLAN 3 is your native VLAN.  I don't like work-around solutions, but maybe try moving to BVI1 and try that.

Can anyone else make this work one BVI3?

ariel.aguirre Fri, 12/18/2009 - 10:51

The problem is that the in the real work, i mean, in my client's AP the BVI1 already has an IP address of VLAN1 with an external dhcp for VLAN1, so I am configuring a guest vlan but, i need the AP as a dhcp server for the guest vlan (security purpose).  If the bvi1 already has a ip address of another VLAN i need to create bvi3 to assign an ip address of the guest VLAN, i guess.

jeff.kish Tue, 12/22/2009 - 06:45

Hi Steve,

Where would the ip helper-address point, and on which interface should it be placed?

This setup/configuration works perfectly when using BVI1 and bridge-group 1.  It's moving to BVI3 and bridge-group 3 that breaks it.

Jeff

Stephen Rodriguez Tue, 12/22/2009 - 06:48

the ip helper would need to go on the L3 interface for that subnet, so where are routing at for that VLAN, and it should point at the address you have configured under BVI3 on the AP.

jeff.kish Tue, 12/22/2009 - 06:50

Oh, I'm sorry, I thought you meant to put it on the access point.  Placing it on the L3 gateway for the subnet should work, but I wonder why it doesn't just work as-configured?  Any thoughts?  Again, it works fine on BVI1, so maybe it has to do with how the AP handles broadcast traffic?

Stephen Rodriguez Tue, 12/22/2009 - 06:52

Correct, normally with an AP, we are only irb for bridge-group 1, which is why it should work.  may also want to check if you have routing enabled for bridge-group 3..

jeff.kish Tue, 12/22/2009 - 06:56

Ah, okay, that makes sense.  It doesn't look like you can configure irb for bridge-group 3, I get an error when I try.

So Ariel, follow Steve's suggestion

Actions

Login or Register to take actions

This Discussion

Posted December 17, 2009 at 9:02 AM
Stats:
Replies:12 Avg. Rating:5
Views:1376 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard