Aironet 1041 is not accepting mobile devices

Unanswered Question
Apr 27th, 2012

Hi everyone, and thanks in advance for responses.

I got an Aironet 1041 (Air-LAP1041N-E-K9), and it's configured as standalone mode. I mean, after I've recieved it, I followed the steps to administrate it with web console.

So, everything is working perfect with PC laptops, but there's no internet connection with the mobile devices associated. Sometimes, the AP assigns an IP out of the dhcp excluded range, and sometimes when assigns a correct IP, there's no internet connection on the device.

Something special for the mobile devices? Maybe the "domain-name" option? (because the mobile devices are not in domain of course...)

Thak you.

JDR

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
grabonlee Fri, 04/27/2012 - 05:41

In response to your question, I would like to assume the following. Please provide clarification if I assume wrongly:

1. You are using WPA or WPA2 PSK.

2. The laptops are associated and are able to access the internet and network resources.

Now please could you provide answers to the following:

1. What do you mean by standalone? was the AP converted to Autonomous

2. Are the laptops using a proxy server address to connect to the Internet

3. Do the mobile devices connect then fall off --- You were not clear when you said they sometimes get assigned an IP

4. Is the problem with specific mobiles or all mobiles whether Apple or Android

josepdiaz Fri, 04/27/2012 - 07:31

Hi Osita,

1. Using WPA2

2.Correct. Associated, connecting to the internet and surfing across the lan.

1. You are right, I meant Autonomous, when I said standalone

2. Aren't using a proxy, because the dhcp addresses assigned are out of the proxy-range.

3. The mobile devices are always assigned, but sometimes they are getting a correct IP (inside the defined range), and sometimes they are getting a incorrect IP (outside the range). We did this config in console mode:

ip dhcp excluded address 192.168.1.1 192.168.1.180

ip dhcp excluded address 192.168.1.190 192.168.1.254

ip dhcp pool aphall

network 192.168.1.0 /24

lease 1

default-router 192.168.1.70

dns-server 192.168.1.235 8.8.8.8

domain-name hall.hallinside.com


So, the range 192.168.1.181 192.168.1.189 is the range assigned from our Domain Controller. And it works perfectly on laptops (verified looking the ipconfig)

4. The problem affects Android and Apple devices

Thanks a lot in advance, and sorry for my poor cisco knowledge...

josepdiaz Fri, 04/27/2012 - 07:33

By the way, returning to point 3, the mobile devices aren't connecting to the internet with any IP (correct or incorrect)

grabonlee Fri, 04/27/2012 - 08:29

From your config, you have allowed only 10 IP addresses to be assigned. How many laptops do you have connected. Also by proxy, I mean do the corporate devices access the internet through a proxy server. Check from internet options on the web browser of one of the laptops

josepdiaz Fri, 04/27/2012 - 08:36

There's no laptops right now. With no devices associated, any mobile device gets the same problem.

The laptop that I've been tested, had no proxy configuration.

grabonlee Fri, 04/27/2012 - 08:49

A bit confusing. You mentioned that the mobile devices sometimes get an ip. Could you paste the config of the AP. Also your lease is to short to retain an IP. How long is your key and are you using AES.  Could you test with a shorter key length and use TKIP

josepdiaz Fri, 04/27/2012 - 09:01

Mobile devices always get an IP. Some gets a correct IP, and some gets a incorrect IP. But both, are not connecting to Internet.

The key is 9 characters long.

The lease is only for a day because of this access point is for devices that no more than two or three hours online.

Here is the Cipher, Client Authentication Settings and Client Authenticated Key Management.

grabonlee Fri, 04/27/2012 - 09:55

My bad, I thought I saw the lease as 001. Anyway, if your mobile devices do get an IP, then we need to focus on their inability to connect to the internet. I need to understand how your network is set up. For the corporate devices to access the Internet, they must go through a device which NATs the private IPs to a public IP.  If your mobile devices get the same IP in the range as the corporate, then only a specific rule which allows only corporate devices can block external devices. To test, connect a laptop which has never been connected to your domain, to your wireless SSID and test to see if it connects to the Internet

josepdiaz Sat, 04/28/2012 - 04:32

Ok, good advice.

I will focus on that, this monday morning. I'll keep you informed about that. I'll make the test with a completely foreign laptop, and then will see...

Thanks!

josepdiaz Mon, 04/30/2012 - 02:01

Hi,

I've been tested with a foreign laptop.

So, the laptop gets a IP out of the dhcp range. I think I've found the problem, maybe it's the dhcp relay into the Aironet.

How can be disabled the dhcp relay in the Aironet?

Thanks!

josepdiaz Mon, 04/30/2012 - 02:17

Googling, I think this is the option:

Enabling the Cisco IOS DHCP Server and Relay Agent Features

By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To reenable these features if they are disabled, use the following command in global configuration mode:

Command

Purpose

Router(config)# service dhcp

Enables the Cisco IOS DHCP server and relay features on your router.

Use the no form of this command to disable the Cisco IOS DHCP server and relay features.

If I do that, all the clients will be looking for the Windows-dhcp, right?
grabonlee Mon, 04/30/2012 - 02:33

You have to use the no service dhcp option to disable DHCP server and relay options. However, another device would have to act as a dhcp server. Are you sure that you do not have a network range overlap with another subnet? If devices get assigned addresses outside a specified, then there is most likely an overlap. Was the foreign laptop able to connect to the Internet?

josepdiaz Mon, 04/30/2012 - 04:44

I think I only need to deactivate the dhcp relay option. placed outside this LAN, The AP assigns correct IP's. But I don't know how.

When the AP is on the corporate LAN again, then assigns a wrong IP's. These wrong ip's are from a windows dhcp range property.

So, why when the AP is on the corporate LAN, is not doing the assignation of her range of ip's?

grabonlee Mon, 04/30/2012 - 05:54

You need to check if IP helper-address is configured on the switch port that the AP is connected to. If it is, remove it. Also make sure that the AP native vlan, if specified, is not the same vlan as your corporate LAN.

josepdiaz Mon, 05/07/2012 - 04:09

Hi again and sorry for the delay.

Already checked both things, nothing has changed. No vlan specified and no IP helper into the switch..
More ideas?

Thanks in advance!

grabonlee Mon, 05/07/2012 - 07:35

Hi

You didn't confirm if the foreign laptop was able to connect to the internet or not and neither did you confirm if the mobile devices are also able to get to the internet. Going back to the dhcp isssue, what type of switch is the AP connected to - Layer 2 or Layer 3?. Also what is the set up of the switch port the AP is connected to, Access or Trunk

josepdiaz Mon, 05/07/2012 - 07:56

My friend, no one of them is able to get to the internet, 'cause they are getting a wrong IP address.

I think the switch isn't the problem. I tried into a layer 2 switch and into a layer 3 switch with the same result.

Devices are getting a wrong IP address.

grabonlee Mon, 05/07/2012 - 11:42

I never said that the switch is the problem. I can only give advice based on the sketchy info that you provided. You have to understand that the clients can't pluck an IP address from the air. The dhcp requests have to be directed somewhere or ignored. The reason I asked about the switch port is to know if other vlans are allowed based on being a trunk or not allowed either by being an access port or vlans are manually restricted. If th clients pick up the wrong IP, that means you have an existing subnet with that IP ranges and the AP relays the requests to that subnet. If you paste the running config of the AP and the switch port that it is connected to. Also if you connected the AP to a layer 2 switch, the only way to get an IP from another subnet is through a router. Hence I would suggest that you disconnect the switch from the network and see if the clients pick up the right ip addresses from the AP

Scott Fella Mon, 05/07/2012 - 11:49

Here is my 2¢... from what you stated here:

3. The mobile devices are always assigned, but sometimes they are getting a correct IP (inside the defined range), and sometimes they are getting a incorrect IP (outside the range). We did this config in console mode:

ip dhcp excluded address 192.168.1.1 192.168.1.180

ip dhcp excluded address 192.168.1.190 192.168.1.254

ip dhcp pool aphall

network 192.168.1.0 /24

lease 1

default-router 192.168.1.70

dns-server 192.168.1.235 8.8.8.8

domain-name hall.hallinside.com


So, the range 192.168.1.181 192.168.1.189 is the range assigned from our Domain Controller. And it works perfectly on laptops (verified looking the ipconfig)

You have the AP dhcp scope and the DC dhcp scope on the same subnet, so this doesn't mean that the AP will exclude dhcp from the DC if the DC responds first.  The excluded is only for the AP dhcp scope.  Your default router is 192.168.1.70... is this correct?  this has to be the same gateway as what is configured on your router.  .70 is kind of wierd for a /24 subnet.  What is your scope options on the DC dhcp?

There is no need to have two dhcp scope on the same subnet unless you have a backup dhcp.

Actions

Login or Register to take actions

This Discussion

Posted April 27, 2012 at 4:36 AM
Stats:
Replies:19 Avg. Rating:
Views:2028 Votes:0
Shares:0

Related Content

Discussions Leaderboard