Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp server

Hi All,

i had a problem configuring my AP with 2 different SSID on both vlan 2 and 3 respectively, the port are trunked with vlan 4 as native, the AP is connected to a Cat3750G acting as the DHCP server with 2 different pool of ip range 192.168.2.0/24 and 192.168.3.0/24 assigned to vlan 2 and vlan 3 respectively.

I had no problem obtaining the dhcp for vlan 2 and 3 directly when plugin to the switch but both the ssid wont give the dhcp ip allocation correctly instead its giving 169.X.X.X ips. The requirement are when im connecting to SSID2 on the AP im supposed to obtain 192.168.2.0/24 ip ranges and on SSID3 im supposed to obtain 192.168.3.0/24 ip ranges. but why am i getting 169.x.x.x.......  can somebody help me.. thanks, im able to ping to all the vlans from the AP.

the Switch config as below

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname C3750G-DHCPCore

!

enable secret 5 $1$z520$VyzdV1AsDthxhIfXl3f8b0

!

no aaa new-model

switch 1 provision ws-c3750g-48ts

system mtu routing 1500

ip subnet-zero

ip routing

ip dhcp excluded-address 192.168.2.0 192.168.2.100

ip dhcp excluded-address 192.168.3.0 192.168.3.100

!

ip dhcp pool vlan2

import all

network 192.168.2.0 255.255.255.0

dns-server 8.8.8.8

default-router 192.168.2.1

!

ip dhcp pool vlan3

import all

network 192.168.3.0 255.255.255.0

dns-server 8.8.8.8

default-router 192.168.3.1

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 4

switchport trunk allowed vlan 1-4

switchport mode trunk

switchport nonegotiate

!

interface GigabitEthernet1/0/48

switchport access vlan 2

switchport mode access

!

interface Vlan1

shutdown

!

interface Vlan2

description Wifi_dhcp_test

ip address 192.168.2.254 255.255.255.0

ip helper-address 192.168.2.1

!

interface Vlan3

description Wifi_dhcp_test2

ip address 192.168.3.254 255.255.255.0

ip helper-address 192.168.3.1

!

interface Vlan4

description native vlan for wireless

ip address 192.168.4.254 255.255.255.0

!

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

password cisco

login

line vty 5 15

login

!

end

The AP config as below.

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP-WhizzTestDHCP

!

enable secret 5 $1$YjDw$CbhYVcc.9TQkhM0RgVJPF.

!

no aaa new-model

ip dhcp relay information trust-all

!

!

!

dot11 ssid Whizztest

vlan 2

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 045802150C2E1D1C5A

!

dot11 ssid Whizztest_2

vlan 3

authentication open

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 7 110A1016141D5A5E57

!

power inline negotiation prestandard source

!

!

username cisco privilege 15 password 7 13061E010803

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 2 mode ciphers aes-ccm tkip

!

encryption vlan 3 mode ciphers aes-ccm tkip

!

ssid Whizztest

!

ssid Whizztest_2

!

mbssid

station-role root access-point

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio0.3

encapsulation dot1Q 3

no ip route-cache

bridge-group 3

bridge-group 3 subscriber-loop-control

bridge-group 3 block-unknown-source

no bridge-group 3 source-learning

no bridge-group 3 unicast-flooding

bridge-group 3 spanning-disabled

!

interface Dot11Radio0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface GigabitEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface GigabitEthernet0.3

encapsulation dot1Q 3

no ip route-cache

bridge-group 3

bridge-group 3 block-unknown-source

no bridge-group 3 source-learning

no bridge-group 3 unicast-flooding

bridge-group 3 spanning-disabled

!

interface GigabitEthernet0.4

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.4.253 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.4.254

ip http server

no ip http secure-server

ip http help-path

http://www.cisco.com/warp/public/779/smbiz...config/help/eag

bridge 1 protocol ieee

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

password 7 14141B180F0B

login local

!

end

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Cisco AP dual SSID in different Vlans using Cat 3750G as dhc

Couple other changes. For vlan 2 only use TKIP since your using WPA v1. For vlan 3 use AES since your using WPA v2.

encryption vlan 2 mode ciphers tkip
encryption vlan 3 mode ciphers aes-ccm

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
7 REPLIES

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp se

Do a show vlan , and make sure that vlan 2 and 3 are created at L2

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
VIP Purple

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp se

Hi Kian

I believe your switch acting as L3 gateway for these user vlans, If so where is 192.168.x.1 defined & what is the purpose of forwarding DHCP request to that IP. Your DHCP server is your switch itself & no helper addresses required.

Also in the DHCP pool configuration make sure you set the correct gateway for the end users. If this L3 switch SVI become gateway then default router should be 192.168.x.254.

interface Vlan2

description Wifi_dhcp_test

ip address 192.168.2.254 255.255.255.0

ip helper-address 192.168.2.1

!

interface Vlan3

description Wifi_dhcp_test2

ip address 192.168.3.254 255.255.255.0

ip helper-address 192.168.3.1

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp se

Rasikana, i have changed the default router address to 192.168.X.254, i supposed you were refering to that? the ip helper address were supposed to point to the default router address of which pool i want to use for my DHCP IP range scope. without the IP helper set in the vlans, i will not be able to get DHCP ip assigned. right now the port 48 is configured with vlan 2 access port and port 47 is configured with vlan 3 access, and directly plugin to the switch gets me correct DHCP IP range assigned both at 192.168.2.0/24 and 192.168.3.0/24, i did changes as these

ip dhcp pool vlan2

   import all

   network 192.168.2.0 255.255.255.0

   dns-server 8.8.8.8

   default-router 192.168.2.254

!

ip dhcp pool vlan3

   import all

   network 192.168.3.0 255.255.255.0

   dns-server 8.8.8.8

   default-router 192.168.3.254

!

interface Vlan2

description Wifi_dhcp_test

ip address 192.168.2.254 255.255.255.0

ip helper-address 192.168.2.254

!

interface Vlan3

description Wifi_dhcp_test2

ip address 192.168.3.254 255.255.255.0

ip helper-address 192.168.3.254

!

Hi Stephen, i have checked the vlans on both the Switch and AP, both vlans was already created.

New Member

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp se

anyone can help??? clueless after trying 2 weeks

Hall of Fame Super Silver

Re: Cisco AP dual SSID in different Vlans using Cat 3750G as dhc

Couple other changes. For vlan 2 only use TKIP since your using WPA v1. For vlan 3 use AES since your using WPA v2.

encryption vlan 2 mode ciphers tkip
encryption vlan 3 mode ciphers aes-ccm

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Cisco AP dual SSID in different Vlans using Cat 3750G as dhcp se

thanks Scott, manage to get this working already,,, didnt know encyrption combination with vlan plays an important part for DHCP IP allocation thou..... haha, and needed to configure "no bridge-group (no) block-unknown-source" on each subinterface....

dot11 ssid Whizztest_1

   vlan 1

   authentication open

   mbssid guest-mode

!

dot11 ssid Whizztest_2

   vlan 2

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 045802150C2E1D1C5A

!

dot11 ssid Whizztest_3

   vlan 3

   authentication open

   authentication key-management wpa version 2

   mbssid guest-mode

   wpa-psk ascii 7 110A1016141D5A5E57

!

power inline negotiation prestandard source

!

!

username Cisco privilege 15 password 7 13061E010803

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 key 1 size 40bit 7 130F8A565122 transmit-key

encryption vlan 1 mode wep mandatory

!

encryption vlan 2 mode ciphers tkip

!

encryption vlan 3 mode ciphers aes-ccm

!

ssid Whizztest_1

!

ssid Whizztest_2

!

ssid Whizztest_3

!

mbssid

station-role root access-point

!

Hall of Fame Super Silver

Re: Cisco AP dual SSID in different Vlans using Cat 3750G as dhc

Encryption combination affects many Apple Devices and some windows. This means that the client device may never authenticate properly and thus fail authentication and never get an IP address. Or they might obtain an IP address but will loose connectivity later. The IEEE standard for WPA v1 is TKIP only and WPA v2 is to use AES. So manufactures try to follow that standard and when you mix and match, it causes stability issues. Apple Devices doesn't allow you to choose TKIP or AES like windows.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
337
Views
0
Helpful
7
Replies
CreatePlease login to create content