03-12-2012 02:49 AM - edited 07-03-2021 09:46 PM
Hope someone can point me in the right direction -
Basically have a Win08 R2 DHCP server, and a 1941w router.
I've got the internet, got the lan clients getting DHCP ok (with ip helper-address set on the 0/0 internal interface).
Also have the SSID, and wireless clients can connect - but no IPs are being handed out, also not sure if I understand or did the bridging correctly or assigned IPs to the vlan or bvi1 correctly.
for ex:
DHCP server IP:
10.10.2.4
Router Ethernet internal interface 0/0 IP:
10.10.2.1
with helper-address 10.10.2.4 (lan clients are resolving IPs correctly from the DHCP server)
Vlan1 IP address:
10.10.3.1
Does this interface need the helper-address as well? (10.10.2.4)?
wlan-ap 0 IP address:
unnumbered
interface BVI1 IP address (static):
10.10.2.2
am i totally off? not even sure if i have the vlan bridged to the 0/0 adapter or not correctly - but as I said, i can get a wireless client to connect with the SSID.
would appreciate any advice/pointers, thanks
03-12-2012 11:25 AM
the client shouldn't be getting an address in 10.10.2.x subnet, as the DHCP request should be encapsulated with 10.10.3.1 when it's sent to the server. So it should get 10.10.3 from teh server, or no address if there is not a scope configured.
Steve
03-12-2012 11:29 AM
currently when the wireless client gets a dhcp assignment - it is assigned from the 10.10.2.x subnet
i.e. wireless client
10.10.2.xx
gate: 10.10.2.1
dns: 10.10.2.4 (dhcp/dns server)
03-12-2012 11:32 AM
do i need a 10.10.3.x scope on the DHCP server?
is there a need for the 'ip helper-address 10.10.2.4' entry on the vlan1?
03-12-2012 11:35 AM
you could put the scope on the router, but if you have a server available that would work as well.
What could be happening, is that the client is not getting a new DHCP address and it's holding on to it's old one.
The ip helper will be needed on the VLAN 1 interface, as it tells the interface where to send a DHCP request.
Steve
03-12-2012 11:41 AM
thought there might be something like that (holding on to the old ip) so before i tested i not only uninstalled/reinstall the net adapter, i flushed dns, and reset the tcp/ip stack... plus i forced an exclusion on the DHCP server to push new ip addresses
still got an ip in the 10.10.2.x range
would it work to put a dhcp scope on the router, would the wireless clients still get a 10.10.2.x ip address and be able to connect to the 10.10.2.x subnet?
03-12-2012 12:00 PM
where ever teh scope is created, the client should pull 10.10.3.x. so long as the router can pass the traffic, they should be able to pass traffic between the subnets.
out of curiosity, does the AP BVI still have a 10.10.2 address? it could be causing a weird encapsulation issue when the packet is getting sent to the DHCP server.
Steve
03-12-2012 12:00 PM
when a wireless client is handed out a DHCP ip in the 10.10.2.x range
i can't ping internal clients (wired or wireless)... ip or name
on a win7 machine - i noticed when a 10.10.2.x range is handed out, the interface reads 'unidentified network'
03-12-2012 12:03 PM
the bvi 1 has an ip address of 10.10.3.2
03-12-2012 12:14 PM
dunno if it would help... current ap config
======================================
Using 2067 out of 32768 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$xKDT$GdLGeA6h.H9LKL9l3dPmj.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid WIFI1
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 044B1E030D2D43632A
!
!
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid WIFI1
!
antenna gain 0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid WIFI1
!
antenna gain 0
dfs band 3 block
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.10.3.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
login local
!
end
03-12-2012 12:24 PM
kind of odd, that when you set the correct subnet/IP it works, but that it's getting DHCP from the wrong subnet. So let's simplify the AP side config to test.
If you're only going to have the one SSID, then you don't need to call the VLAN or the subinterfaces. if you are going to have multiple SSID, we can correct that after we make sure this is all working.
In the AP
conf t
dot11 ssid WIFI1
no vlan 1
no mbssid guest-mode
guest-mode
exit
!
no interface dot 0.1
no interface dot 1.1
interface dot 0
bridge-group 1
no encryptions vlan 1 mode cipher aes
encryption mode cipher aes
ssid WIFI1
exit
int dot 1
bridge-group 1
no encryptions vlan 1 mode cipher aes
encryption mode cipher aes
ssid WIFI1
exit
no int g0.1
int g0
bridge-group 1
Steve
03-12-2012 12:43 PM
here's the new ap config - getting same effect, ip assigned is the 10.10.2.x range, no internet, no local pings successful
========================================
Current configuration : 1811 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$xKDT$GdLGeA6h.H9LKL9l3dPmj.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid WIFI1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 044B1E030D2D43632A
!
!
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
encryption mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid WIFI1
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
!
encryption mode ciphers aes-ccm
!
broadcast-key vlan 1 change 30
!
!
ssid WIFI1
!
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.10.3.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
no activation-character
line vty 0 4
login local
!
end
03-12-2012 01:17 PM
to simplify, moved some things around, removed some hardware.
layout:
1 server (dhcp/dns): 10.10.2.4 (internet access)
1 switch (basic)
1 router/ap: 10.10.2.1
- BVI 1: 10.10.3.2
- Vlan 1: 10.10.3.1
ip helper: 10.10.2.4
- G0/0: 10.10.2.1
ip helper: 10.10.2.4
- wlan-ap 0 - unnumbered (but from the console when i access it - it connects to 10.10.2.1:2067)
2 wireless clients: Can no longer get DHCP, times out.
2 wired clients: receive DHCP correctly on the 10.10.2.x subnet and have internet access.
typical dhcp assignment:
ip: 10.10.2.x
gate: 10.10.2.1 (router)
dns: 10.10.2.4 (server)
03-12-2012 01:39 PM
ok, that actually sounds promising, if the DHCP server doesnt' have a scope for 10.10.3.x yet.
Once the scope is created the client should bet teh correct address.
as for the wlan-ap 0, that's the correct behavior. you are acutally doing a reverse telnet to the AP console.
Steve
03-12-2012 02:01 PM
ok added a 10.10.3.x scope on the DHCP server - wireless clients are getting handed the 10.10.3.x subnet.
i can ping a 10.10.2.x client from a wireless 10.10.3.x client
the wireless now have internet access.
now one issue - because i have 2 scopes on the server - DNS doesn't resolve internal.
... so... question, if there is a scope added to the router will DNS resolve without modification to the DNS database?
03-12-2012 02:04 PM
What's not resolving?
DNS should resolve still, so long as the cleints are getting DHCP. I believe there is an option in the scope to force the DNS update, if the cleint doesn't request to do so itself.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: