Aironet 1130AG - external DHCP

Unanswered Question
Sep 22nd, 2010

I have got two Aironet 1130AG, let's call them A and B.

A is working, B not. They have same configuration (I did compare-by-content and found no differencies).

The problem is when I connect to B, I don't get IP address from DHCP server.

But with A I got IP address (I checked linux DHCP daemon logs to be sure).

I tried to manually set IP address but I couldn't ping the gateway.

Here's config of B (I deleted some data):

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap-not_working
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
ip name-server xxx.xxx.xxx.xxx
!
!
!
dot11 ssid ap-not_working
   authentication open
   guest-mode
!
power inline negotiation prestandard source
!
!
username administrator privilege 15 password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7  transmit-key
encryption mode wep mandatory
!
ssid ap-herdu-prizemie
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit 7  transmit-key
encryption mode wep mandatory
!
ssid ap-not_working
!
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.20.245 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.20.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Surendra BG Wed, 09/22/2010 - 05:18

if we are not able ping the DG by assigning the static IP.. then its not the issue with the wireless, its the issue with the network.

>> Whats the switchport config? are we connecting to the same port on which the AP A is getting connected to?

>> Can the AP ping the Default gateway? If the AP is not able to then the clients will not based on the configuration that you have pasted.

>> Please check the access point ports are trunk ports allowing all vlans.

l request you to check the above..

Regards

Surendra

Surendra BG Wed, 09/22/2010 - 05:20

oops if my first question was not clear..

>> Whats the switchport config? are we connecting the AP B to the same port on which the AP A is getting connected to and can we test?

marian0001 Wed, 09/22/2010 - 22:11
  1. AP B is connected to switch with any management features turned off (as well as AP A).
  2. I configure AP B by connecting to its IP address (via web management or CLI - PuTTY).
  3. AP B can ping default gateway (and APs can ping each other).
  4. I went through gateway IPTable's logs and found nothing.
marian0001 Fri, 09/24/2010 - 00:03

Today I turned off and turned on AP B.

Client is still not able to obtain IP via DHCP. But when I manually set IP address I can ping AP B (and I am sure I am pinging it - checked MAC address),

but cannot ping other IPs in network including default gateway or AP A.

davekinsley Thu, 09/23/2010 - 05:55

Please forgive me if this appears to be a thread hijack - I'll be happy to open a new post if I'm stepping on anyone's toes.

I am experiencing a very similiar issue.  In my case, our main switch stack is supposed to be serving as the DHCP server.  That portion of its config:

ip dhcp pool VOICE

   network 192.168.13.0 255.255.255.0

   default-router 192.168.13.1

   option 150 ip 192.168.11.2

!

ip dhcp pool WIFI-VOICE

   network 192.168.14.0 255.255.255.0

   default-router 192.168.14.1

   option 150 ip 192.168.11.2

I included the two subnets because the 13.x network, which serves the desk phones, is working correctly.  There is something fundamentally wrong with my configuration.  Near as I can tell it has never worked properly.  My Aironet 1130AG is connected to a switch port configured for the vlan associated with the 14.x network, but its network interface has an address in another subnet (1.x) (which makes it accessible for management) - that in and of itself may be the issue here .  The mobile phones are picking up an address from our internal Windows DHCP server (again, in the 1.x network).  Oddly enough (at least to me) the phones work for receiving and sending calls, and can call another mobile phone, make a connection, but then there is no voice traffic.  I'd like to think that if they were to pick up the proper address from the dhcp scope on the switch they'd be able to properly pass traffic between each other.
I've tried manually configuring two phones with addresses in the 14.x network - they then show up in the Aironet interface with an address of 0.0.0.0.  When the phone is switched to that profile, I can see it connecting to the Call Manager (11.2).  One other thing worthy of note is all phones show an association VLAN ID of 14, which is logically correct (the engineer who configured this system aligned VLAN IDs with subnet numbers) in one aspect (that is the VLAN the switch should be tagging that traffic with), but not in the other sense, since the phones are picking up an address in the 1.x network.  So something is really outta whack.
In addition to setting manual addresses, I tried turning on DHCP debugging on the switch in question - it shows no DHCP activity at all.
Here's the switch port config the Aironet is plugged in to:
interface GigabitEthernet1/0/20
description WAP Uplink 2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 14
srr-queue bandwidth shape  10  0  0  0
spanning-tree portfast
service-policy input IngressMark
Thanks much for any insight you can give.
Kayle Miller Thu, 09/23/2010 - 06:01

Dave,

     2 Things, #1) do you have an IP Helper address (that points to the proper DHCP Server) on the voice vlan interface?  #2) can you provide an AP config?

Thanks,

Kayle

davekinsley Thu, 09/23/2010 - 06:14

I didn' think I'd need an IP helper statement since the switch itself is the DHCP server - there is not one pointed to the DHCP that is actually servicing the requests.  So that again suggests to me that it could be VLAN related.

AP config attached.

Kayle Miller Thu, 09/23/2010 - 06:39

Dave,

     Looking at your ap config the only thing I see that is different from my typical deployment would be the way you have the interfaces configured. Normally I make the AP's management vlan the native vlan and then have the AP tag the respective VLANs for the ssid's; because you indicated that the Voice VLAN and the AP BVI ip ranges were different.

     I would try adding this to the config and see if it resolves your issue.

interface FastEthernet0.x
encapsulation dot1Q x native
no ip route-cache
no snmp trap link-status
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled

interface FastEthernet0.14
encapsulation dot1Q 14
no ip route-cache
no snmp trap link-status
bridge-group 14
no bridge-group 14 source-learning
bridge-group 14 spanning-disabled

Hope this helps.... Please rate useful posts.

Thanks,

Kayle

davekinsley Thu, 09/23/2010 - 06:52

Sure seems reasonable.   That could be it.  I'll give it a shot as soon as I can (which may be a few days away - the few phones on the Aironet can't be tinkered with during business hours as they receive support calls.

Thanks much for the help!

davekinsley Thu, 09/23/2010 - 07:59

Kayle - I should have figured what was going to happen next.  I made that switch to the 0.14 sub interface and immediately lost connection to the device.  Would I be able to configure the interface itself with the IP it has (shows no ip address now) without screwing something up?  Obviously I was connected to it over the subinterface that I made a change to.   The web interface for it shows that the Ethernet interface is statically defined, but the config file shows FastEthernet 0 with no ip address - the Bridge-Group Virtual Interface has the statically defined address, so I don't understand why I lost connection.

At any rate, how can I get around this?

Dave

Kayle Miller Thu, 09/23/2010 - 08:03

Dave,

     The bvi interface stays the same; did you at the fa0.x interface first?  if you modified the fa0.14 first then you removed the native interface without a new one, so you will need to add switchport mode trunk vlan native 14 t the switch interface and then you should regain access to the AP.

Thanks,

Kayle

davekinsley Fri, 09/24/2010 - 09:14

Kayle,

I was able to revert the interface back with a simple unplug, so not necessary to change the switchport.  I've since had a chance to try again - have the new subinterface defined as native, and changed the bridge-group line on the 0.14 interface:

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

no snmp trap link-status

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.14

encapsulation dot1Q 14

no ip route-cache

no snmp trap link-status

bridge-group 14

no bridge-group 14 source-learning

bridge-group 14 spanning-disabled

The mobile phones are still picking up an address from the Windows DHCP server, not the switch.  But I can still talk to the Aironet - hurray!!

Actions

This Discussion

Related Content