currently when the wireless client gets a dhcp assignment - it is assigned from the 10.10.2.x subnet

i.e. wireless client

10.10.2.xx

gate: 10.10.2.1

dns: 10.10.2.4 (dhcp/dns server)

do i need a 10.10.3.x scope on the DHCP server?

is there a need for the 'ip helper-address 10.10.2.4' entry on the vlan1?

you could put the scope on the router, but if you have a server available that would work as well. 

What could be happening, is that the client is not getting a new DHCP address and it's holding on to it's old one.

The ip helper will be needed on the VLAN 1 interface, as it tells the interface where to send a DHCP request.

Steve

thought there might be something like that (holding on to the old ip) so before i tested i not only uninstalled/reinstall the net adapter, i flushed dns, and reset the tcp/ip stack... plus i forced an exclusion on the DHCP server to push new ip addresses

still got an ip in the 10.10.2.x range

would it work to put a dhcp scope on the router, would the wireless clients still get a 10.10.2.x ip address and be able to connect to the 10.10.2.x subnet?

where ever teh scope is created, the client should pull 10.10.3.x.  so long as the router can pass the traffic, they should be able to pass traffic between the subnets.

out of curiosity, does the AP BVI still have a 10.10.2 address?  it could be causing a weird encapsulation issue when the packet is getting sent to the DHCP server.

Steve

when a wireless client is handed out a DHCP ip in the 10.10.2.x range

i can't ping internal clients (wired or wireless)... ip or name

on a win7 machine - i noticed when a 10.10.2.x range is handed out, the interface reads 'unidentified network'

the bvi 1 has an ip address of 10.10.3.2

dunno if it would help... current ap config

======================================

Using 2067 out of 32768 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 $1$xKDT$GdLGeA6h.H9LKL9l3dPmj.

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid WIFI1

   vlan 1

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 044B1E030D2D43632A

!

!

!

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

broadcast-key vlan 1 change 30

!

!

ssid WIFI1

!

antenna gain 0

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

broadcast-key vlan 1 change 30

!

!

ssid WIFI1

!

antenna gain 0

dfs band 3 block

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.10.3.2 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

no activation-character

line vty 0 4

login local

!

end

kind of odd, that when you set the correct subnet/IP it works, but that it's getting DHCP from the wrong subnet. So let's simplify the AP side config to test.

If you're only going to have the one SSID, then you don't need to call the VLAN or the subinterfaces.  if you are going to have multiple SSID, we can correct that after we make sure this is all working.

In the AP

conf t

dot11 ssid WIFI1

no vlan 1

no mbssid guest-mode

guest-mode

exit

!

no interface dot 0.1

no interface dot 1.1

interface dot 0

bridge-group 1

no encryptions vlan 1 mode cipher aes

encryption mode cipher aes

ssid WIFI1

exit

int dot 1

bridge-group 1

no encryptions vlan 1 mode cipher aes

encryption mode cipher aes

ssid WIFI1

exit

no int g0.1

int g0

bridge-group 1

Steve

here's the new ap config - getting same effect, ip assigned is the 10.10.2.x range, no internet, no local pings successful

========================================

Current configuration : 1811 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 $1$xKDT$GdLGeA6h.H9LKL9l3dPmj.

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid WIFI1

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 044B1E030D2D43632A

!

!

!

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

!

encryption mode ciphers aes-ccm

!

broadcast-key vlan 1 change 30

!

!

ssid WIFI1

!

antenna gain 0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

!

encryption mode ciphers aes-ccm

!

broadcast-key vlan 1 change 30

!

!

ssid WIFI1

!

antenna gain 0

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.10.3.2 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

no activation-character

line vty 0 4

login local

!

end

to simplify, moved some things around, removed some hardware.

layout:

1 server (dhcp/dns): 10.10.2.4 (internet access)

1 switch (basic)

1 router/ap: 10.10.2.1

     - BVI 1: 10.10.3.2

     - Vlan 1: 10.10.3.1

          ip helper: 10.10.2.4

     - G0/0: 10.10.2.1

          ip helper: 10.10.2.4

     - wlan-ap 0 - unnumbered (but from the console when i access it - it connects to 10.10.2.1:2067)

2 wireless clients: Can no longer get DHCP, times out.

2 wired clients: receive DHCP correctly on the 10.10.2.x subnet and have internet access.

typical dhcp assignment:

ip: 10.10.2.x

gate: 10.10.2.1 (router)

dns: 10.10.2.4 (server)

ok, that actually sounds promising, if the DHCP server doesnt' have a scope for 10.10.3.x yet.

Once the scope is created the client should bet teh correct address.

as for the wlan-ap 0, that's the correct behavior.  you are acutally doing a reverse telnet to the AP console.

Steve

ok added a 10.10.3.x scope on the DHCP server - wireless clients are getting handed the 10.10.3.x subnet.

i can ping a 10.10.2.x client from a wireless 10.10.3.x client

the wireless now have internet access.

now one issue - because i have 2 scopes on the server - DNS doesn't resolve internal.

... so... question, if there is a scope added to the router will DNS resolve without modification to the DNS database?

What's not resolving?

DNS should resolve still, so long as the cleints are getting DHCP.  I believe there is an option in the scope to force the DNS update, if the cleint doesn't request to do so itself.