Wireless client cannot grab IP from DHCP server

Unanswered Question
Dec 22nd, 2009

Hi all,

          I have a wireless AP(1200 Series) connected to a 3550 switch and the switch is connected to a 2811 router. The 2811 router is all in one(voice,data). There are 3 DHCP pools set up on that router.

The lap is able to associate with the AP, but cannot gab an IP address. Just for troubleshooting, I set one port on the switch as access port and set it to access vlan 30 which is the vlan for the wireless devices, the devices connected to this port is able to grab an IP from the DHCP server.

----- There is config for both device.

interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 30 key 1 size 40bit 7 C5A3C4038969 transmit-key
encryption vlan 30 mode wep mandatory
!
ssid HOT_WIRE_WAP
    vlan 30
    authentication open
    guest-mode
!
short-slot-time
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
ip helper-address 172.16.3.1
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
ip address 10.10.1.254 255.255.255.0
no ip route-cache
!
interface FastEthernet0.20
encapsulation dot1Q 20
ip address 172.16.1.254 255.255.255.0
no ip route-cache
!
interface FastEthernet0.30
encapsulation dot1Q 30
ip address 172.16.3.254 255.255.255.0
ip helper-address 172.16.3.1
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface BVI1
ip address 172.16.3.254 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.3.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
access-list 710 permit 0013.e89a.3197   0000.0000.0000
access-list 710 deny   0000.0000.0000   ffff.ffff.ffff
bridge 1 route ip
!
!
!
---------------------------------------CME-ROUTER------------------------------------------------

no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1 10.10.1.10
ip dhcp excluded-address 10.10.1.245 10.10.1.254
ip dhcp excluded-address 172.16.1.1 172.16.1.15
ip dhcp excluded-address 172.16.1.245 172.16.1.254
ip dhcp excluded-address 172.16.3.1 172.16.3.10
ip dhcp excluded-address 172.16.3.245 172.16.3.254
!
ip dhcp pool CME-PHONE
   network 10.10.1.0 255.255.255.0
   default-router 10.10.1.1
   domain-name fleuzinord.com
   option 150 ip 10.10.1.1
!
ip dhcp pool DATA-POOL
   network 172.16.1.0 255.255.255.0
   default-router 172.16.1.1
   domain-name fleuzinord.com
!
ip dhcp pool WAP
   network 172.16.3.0 255.255.255.0
   default-router 172.16.3.1
   domain-name fleuzinord.com
!
!
no ip domain lookup
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
voice register pool  1
max registrations 42
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
no ip address
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.10
description VOICE_VLAN
encapsulation dot1Q 10
ip address 10.10.1.1 255.255.255.0
!
interface FastEthernet0/0.20
description DATA_VLAN
encapsulation dot1Q 20
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0.30
description WIRE_ACCESS
encapsulation dot1Q 30
ip address 172.16.3.1 255.255.255.0
!
interface FastEthernet0/1
ip address dhcp
duplex auto
speed auto
!
interface Serial0/3/0
no ip address
shutdown
no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
no ip http secure-server
!
logging trap debugging
logging 172.16.1.16
!
tftp-server flash:cp7912080002SCCP060817A.sbin
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
telephony-service
load 7912 cp7912080002SCCP060817A
max-ephones 40
max-dn 60
ip source-address 10.10.1.1 port 2000
system message Welcome to Eddy's LAB
time-zone 7
time-format 24
date-format dd-mm-yy
create cnf-files version-stamp Jan 01 2002 00:00:00
max-conferences 8 gain -6
web admin system name Admin secret 5 $1$CcRE$Pu91X54N9zmX5H0Rj8J6P1
dn-webedit
time-webedit
!
ephone-dn  1
number 4510
label CISCO_SOFT_PHONE
!
!
ephone-dn  2  dual-line
number 4511
label 7912
!
!
ephone  1
mac-address 0010.B59D.DA61
button  1:1
!
!
!
ephone  2
mac-address 0012.0014.489D
type 7912
button  1:2
!
!
!
line con 0
logging synchronous
line aux 0
logging synchronous
line vty 0 4
password 7 0115090A5E1F120A
login
!
scheduler allocate 20000 1000
time-range Ca
absolute start 22:00 19 November 2009
!
!
end

CME-01#

Thanks,

Ersnest

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Tue, 12/22/2009 - 21:05

Hi Jean

Can you please copy the switchport configurations on the 3550 , connecting to WAP & router ?

interface FastEthernet0.30
encapsulation dot1Q 30
ip address 172.16.3.254 255.255.255.0
ip helper-address 172.16.3.1

You really dont need ip helper address on the local segment of vlan 30, since a dhcp broadcast will reach local LAN segment to the DHCP server, if the layer 2 connectivity between the AP and router is fine.. we need to test layer 2 between WAP and switch , then switch -> router to troubleshoot where the DHCP fails !! do you see any logs on the switch / router etc ?

Raj

Jean Paul Enerst Tue, 12/22/2009 - 22:07

I have set the switch port that the AP connected to as a trunk, but I did not give it an IP address as I want to use the switch as Layer 2 for now. And I am able to ping the AP from from the SWITCh and fromthe router.

I did a debug DHCP in the router, i did a release/renew on the Host connected to the AP. I did see any request coming from the HOST. I guess the AP did not send the broadcast to the CME-router. But when I tested with a host connect on vlan 30, I could see the request come in and an ip is given to host. I guess the AP did not send the broadcast to the CME-Router with/out the ip helper-address. I tried with both.

I have a feeling if I put the IP addresss under the port connected to vlan 30, it will work. But that is not the way I want it. I want to the switch to remain Layer with only one IP address in Vlan 20 and a default-gateway pointed to the router.

Thanks,

sachinraja Wed, 12/23/2009 - 06:42

Hi Jean

You do not need to have layer 3 addresses defined on the access point & switch for vlan 30 ... you need to have it on layer 2 trunk configured till the router for the dhcp broadcast to happen.. if you want to manage the switch, you can configure a seperate native vlan and span it across the switch...

have a simple config like this:

AP

AccessPoint(config) interface fastethernet 0.30
AccessPoint(config-subif) encapsulation dot1Q 30
AccessPoint(config-subif) bridge-group 30
AccessPoint(config-subif) exit

AccessPoint(config) interface dot11radio 0.30
AccessPoint(config-subif) encapsulation dot1Q 30
AccessPoint(config-subif) bridge-group 30
AccessPoint(config-subif) exit

Switch:

Switch#configure terminal (Connecting to router & WAP)
Switch#interface fastethernet x/x
Switch#switchport mode trunk
Switch#switchport trunk encapsulation dot1q
Switch#switchport nonegotiate

Router config looks OK to me.. Have a pure layer 2 trunk between WAP, Switch, and router, and remove any layer 3 configs on the WAP & Switch for VLAN 30... Test this and let us know if the problem is solved.

Hope this helps.. all the best...

Raj

Jean Paul Enerst Wed, 12/23/2009 - 06:57

Hi RAJ,

             Thanks for your help on this. The only thing that you suggest and I have yet set is the switchport nonegotiate. I am going to test this one and let you know. But I am not so sure this will solve the issue. I issued the command show int trunk, the output shows me that the port is already a trunk port and as I said earlier, I am able to ping the AP from any workstaion behind vlan 20(172.16.1.0), from the router, and from the switch. The AP can ping vlan 10 and vlan 20. This shows that there is no layer 1 and layer 2 issues with the configuration.

Thanks,

sachinraja Wed, 12/23/2009 - 07:15

Hi Jean

Have a plain configuration as given in my previous post.. I actually saw ip helper address statements on your WAP on VLAN 30, which isnt required.. you can remove those, and layer 3 ip addresses on the WAP for VLAN 30... did you try giving your laptop a static IP on Wireless ? did it work ?

Raj

Actions

This Discussion