Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router not issusing DHCP addresses to AP clients

So I have configured a DHCP pool on my router to issue DHCP leases to wireless clients in my network - the clients can see the SSID broadcasting and can connect successfully. The only problem is that they don't receive an IP address.

 

IPCONFIG shows the 169.254 etc address...the network status shows "Limited or no connectivity" when hovering over the icon.

 

We used to have the clients receive their leases from a server which worked with the IP helper command...is there something simple I'm missing here?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

it looks right, the only

it looks right, the only thing I would think is stopping it would be the ACL, and you modified the UDP portion for bootps.

 

maybe remove the ACL completely and test again.

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
7 REPLIES

without seeing your config,

without seeing your config, it's hard to know. Can you show the router config?

 

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Please see below...Last

Please see below...

Last configuration change at 16:18:21 UTC Thu Jul 10 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.26.129.1
ip dhcp excluded-address 10.26.129.253
ip dhcp excluded-address 10.26.129.254
ip dhcp excluded-address 10.26.129.2
!
ip dhcp pool guest
 network 10.26.129.0 255.255.255.0
 dns-server 208.67.222.222 208.67.220.220
 default-router 10.26.129.1
!

interface Tunnel5
 ip address 172.17.5.4 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 12.1xx.xx.xx
 tunnel destination 199.4x.xxx.xx

interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Data Networks
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 description Main Data VLAN
 encapsulation dot1Q 1 native
 ip address 10.27.129.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/0.3
 description DMZ VLAN
 encapsulation dot1Q 3
 ip address 10.28.129.2 255.255.255.0
!
interface GigabitEthernet0/0.20
 description Guest VLAN
 encapsulation dot1Q 20
 ip address 10.26.129.1 255.255.255.0
 ip access-group 121 in

!
interface Serial0/0/0
 description XXX
 ip address 12.1xx.xx.xx 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 service-module t1 cablelength short 440ft
 service-module t1 timeslots 1-24

!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 12.1xx.xx.xx
ip route 10.10.0.0 255.255.255.0 172.17.5.5
ip route 10.10.200.0 255.255.255.0 172.17.5.5
ip route 10.27.130.0 255.255.255.0 172.17.5.5
ip route 10.27.131.0 255.255.255.0 172.17.5.5
ip route 10.28.129.0 255.255.255.0 10.27.129.1
ip route 129.155.20.0 255.255.252.0 10.27.129.1
ip route 129.155.84.0 255.255.252.0 10.27.129.1
ip route 129.155.168.0 255.255.248.0 10.27.129.1
ip route 172.17.0.0 255.255.255.0 172.17.5.5
ip route 172.17.2.0 255.255.255.0 172.17.5.5
ip route 172.17.3.0 255.255.255.0 172.17.5.5
ip route 192.168.2.0 255.255.255.0 172.17.5.5
!
access-list 2 permit 12.2xx.xx.xx
access-list 2 permit 10.27.129.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 permit 10.27.131.0 0.0.0.255
access-list 2 permit 10.27.130.0 0.0.0.255
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 2 permit 10.10.200.0 0.0.0.255
access-list 2 permit 12.2xx.xxx.xxx 0.0.0.7
access-list 2 permit 172.17.5.0 0.0.0.255
access-list 2 permit 199.4x.xxx.xxx 0.0.0.15
access-list 2 permit 10.26.129.0 0.0.0.255
access-list 121 permit tcp any host 10.27.129.31 eq 67
access-list 121 permit udp any host 10.27.129.31 eq bootps
access-list 121 permit ip any any
access-list 121 permit ip 10.26.129.0 0.0.0.255 host 10.14.0.6
access-list 121 deny   ip 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 121 deny   ip 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 121 deny   ip 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
!
!
!
control-plane
!
!
!
line con 0
 login local
 

 

I think your ACL 121 is

I think your ACL 121 is blocking the DHCP/bootp requests:

access-list 121 permit udp any host 10.27.129.31 eq bootps

Change this to:

access-list 121 permit udp any host 10.26.129.1 eq bootps

 

and see if it starts working again.

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

I modified the access list

I modified the access list but still nothing.

Just an FYI that previous access list for 10.27.129.31 was pointing at the old DHCP server.

I have laptop setup that is hard to the network and has wireless enabled(sees SSID and can connect). I can ping the Def GW .2 from the machine but pinging from the GW to the machine .216 it times out.

The machine can also successfully ping the AP and vice-versa.

New Member

I included a snapshot from my

I included a snapshot from my Dell Wireless Utility..

 

 

 

it looks right, the only

it looks right, the only thing I would think is stopping it would be the ACL, and you modified the UDP portion for bootps.

 

maybe remove the ACL completely and test again.

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Gold

Hi,Have you verified whether

Hi,

Have you verified whether wired users on the same vlan is getting ip address from the same new DHCP pool on router. If you have not tried that i would try that first.

 Regards

Najaf

121
Views
10
Helpful
7
Replies
CreatePlease to create content