Hello, I am having a problem with my standalone Aironet 2600 WAPs. My network consists of three buildings connected through fiber to create one big LAN. Each building has it's own Aironet 2600 and acts as a DHCP server for the wireless clients that connect. The problem is that the APs are handing out addresses that are setup to be excluded.
Here is a breakdown. For organization and control purposes I set aside the 192.168.3.X subnet for the wireless network. The address assignments are as follows.
192.168.3.0 to 192.168.3.25 - Reserved for wireless equipment.
192.168.3.26 to 192.168.3.124 - Reserved for Building #1. So I setup.... ip dhcp excluded-address 192.168.3.0 192.168.3.25 ip dhcp excluded-address 192.168.3.125 192.168.3.255
192.168.3.125 to 192.168.3.175 - Reserved for Building #2. So I setup....
ip dhcp excluded-address 192.168.3.0 192.168.3.124
ip dhcp excluded-address 192.168.3.176 192.168.3.255
192.168.3.176 to 192.168.3.255 - Reserved for Building #3. So I setup..... ip dhcp excluded-address 192.168.3.0 188.8.131.52.175
Each AP has a single pool, configured alike aside from the names. The default router (and gateway) 192.168.3.25 is the firewall used for context filtering.
ip dhcp pool Building1
network 192.168.3.0 255.255.255.0
lease 0 4
For some reason the access points are ignoring these exclusions and will often (but not always) assign addresses reserved for other buildings. This is a problem because the firewall is setup (for security purposes) to only allow Building #1 addresses out to the Internet from the AP at building #1 and vise versa. When Building #1 AP hands out a Building #2 address there is no Internet access for that client.
For example, this is a copy of the table (from the webpage) of connected clients at Building #1. These are the addresses assigned AFTER clearing the address bindngs, rebooting the device, and then having the clients connect.
SSID Building#1 :
Device Type Name IP Address MAC Address State Parent VLAN
This is what the show ip dhcp binding brings up. The command was executed at the same time as the above was copied. For some reason the incorrectly assigned addresses/devices do not show.
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
192.168.3.69 01c0.9f42.0cb9.8d Dec 17 2013 10:42 PM Automatic
192.168.3.107 017c.6193.f985.de Dec 17 2013 10:29 PM Automatic
192.168.3.108 0198.fe94.11e4.0c Dec 17 2013 10:05 PM Automatic
192.168.3.112 0190.187c.c797.bc Dec 17 2013 10:37 PM Automatic
192.168.3.113 0110.40f3.339c.0f Dec 17 2013 10:51 PM Automatic
Please help me resolve this. I have spent alot of time and money on these access points and I need them to work properly. Static IPs by MAC address is not an option as there are to many clients. Any help is greatly appreciated. Thank you!
Unfortunately making the default router a DHCP server is not an option. Why is making the AP a DHCP server not a good idea? I could understand it being a problem if it was being used as a DHCP server for an entire large network, but I'm only using it to serve the wireless clients at a single site of no more than 100 people. Usually less than 20 at once. Wasn't the AP designed to work as a DHCP server in this way if needed? Is this a known issue? Is there anything I can try to resolve this? Thank you for your help.
Re: Aironet 2600s are Assigning Excluded Addresses
If your wireless is critical, then don't use the AP as a dhcp server for wireless clients. Yes it can be used as a dhcp server, but it's not as reliable as a true dhcp server. If you have issues with dhcp and you can reboot the AP, then I would say go for it. What Leo is suggesting is best practice, but it doesn't mean you can't use the AP to hand out IP address.
Why is making the AP a DHCP server not a good idea?
Practicality and ease of management. I'm just looking at your opening thread. You have two APs and both acting out as DHCP server dishing out SAME IP SUBNET to clients. This is a big no-no. Not that your APs are acting as DHCP server but both "DHCP servers" dishing out the same subnet and they don't talk to each other.
Ok, you're going to reason "but they have different exclusion list". True. But what stops Building 1 clients snaking down the link and getting Building 2 IP addresses? Nothing is going to stop you from doing this.
Besides, the way you've set up your APs and wireless IP address for clients is just plain wrong. Two sites, two IP addresses subnet. Period. Putting both sites into one big fat subnet maybe an easy-way-out but in the long term, you'll get more management overhead and troubles.