Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Wireless device can't get IP address for Guest network

I have a wireless network setup at my main location.  The access points allow Internal and Guest access.  The Internal access uses DHCP from a Windows Server.  The Guest access looks like it uses DHCP from my ASA, I did not set this up originally.  My question is... I am installing a new WAP in a branch location.  I can get the Internal access to work because it uses the Windows Server DHCP.  I cannot figure out how to get the Guest access configured to use the DHCP from the ASA.  The ASA is on a DMZ.  Any help would be appreciated. 

     

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname WAPMadisonOffice

!

logging rate-limit console 9

enable secret 5 $1$f1/9$SWBosxmjEGfSW4U.t4FnW.

!

no aaa new-model

!

!

dot11 syslog

dot11 vlan-name Internal vlan 141

dot11 vlan-name Guest vlan 99

!

dot11 ssid Bard

vlan 141

authentication open

authentication key-management wpa

mbssid guest-mode

wpa-psk ascii 7 141500120D0A7B72757C31343017

!

dot11 ssid Guest

vlan 99

authentication open

authentication key-management wpa

guest-mode

mbssid guest-mode

wpa-psk ascii 7 070D33554F07485C4646090D162E

!

power inline negotiation prestandard source

!

!

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm

!

encryption vlan 141 mode ciphers aes-ccm

!

encryption vlan 99 mode ciphers aes-ccm

!

ssid Internal

!

ssid Guest

!

antenna gain 0

mbssid

channel least-congested 2412 2437 2462

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.99

encapsulation dot1Q 99

no ip route-cache

bridge-group 99

bridge-group 99 subscriber-loop-control

bridge-group 99 block-unknown-source

no bridge-group 99 source-learning

no bridge-group 99 unicast-flooding

bridge-group 99 spanning-disabled

!

interface Dot11Radio0.141

encapsulation dot1Q 141

no ip route-cache

bridge-group 141

bridge-group 141 subscriber-loop-control

bridge-group 141 block-unknown-source

no bridge-group 141 source-learning

no bridge-group 141 unicast-flooding

bridge-group 141 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.99

encapsulation dot1Q 99

no ip route-cache

bridge-group 99

no bridge-group 99 source-learning

bridge-group 99 spanning-disabled

!

interface GigabitEthernet0.141

encapsulation dot1Q 141

no ip route-cache

bridge-group 141

no bridge-group 141 source-learning

bridge-group 141 spanning-disabled

!

interface BVI1

ip address 10.10.20.20 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.20.11

ip http server

ip http authentication local

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

snmp-server community internal RO

bridge 1 route ip

bridge 141 protocol ieee

bridge 99 protocol ieee

!

!

!

line con 0

logging synchronous level all

login local

line vty 0 4

logging synchronous level all

login local

!

end

12 REPLIES
New Member

Wireless device can't get IP address for Guest network

Hi Jennifer,

I don't see any problem in your configuration.

Question: Do you have two vlan, right? vlan 141 (internal) and vlan 99 (guest)

The interface of access points are connected on switch interface with 'mode trunk'?

I think so, maybe some mistake on your switch/core configuration.

Regards.

New Member

Re: Wireless device can't get IP address for Guest network

Hi Rafael,

I think the issue is getting to the ASA for an IP address and getting it across the routers to the access point.  I am attaching a network drawing, router configs, and the switch config.

New Member

Re: Wireless device can't get IP address for Guest network

Jennifer,

The ASA is connected on this interface:

interface GigabitEthernet1/0/2

switchport trunk allowed vlan 1,10

switchport mode trunk

switchport priority extend trust

mls qos trust dscp

spanning-tree portfast

and the Access Point, what interface?

10.10.10.251 - IP of ASA?

If you set vlan 99 in one interface and connect one computer do you get ip?

I only see the interfaces 1/0/27 and 1/0/48 with access for guest vlan 99.

Regards.

New Member

Re: Wireless device can't get IP address for Guest network

Rafael,

The ASA is not directly connected to the switch the access point is on.  The switch port 48 connects to my router that directs traffic across the WAN.  The main switch at my main office has a direct connection to the inteface on the ASA for vlan 99.  My guest network works well in the main office.  I just cannot get it to work in the branch office across the WAN.

The access point is connected to port 27.  Those are the only two ports on that switch that should allow vlan 99 to pass through. 

New Member

Re: Wireless device can't get IP address for Guest network

Now, I understand.

That's no one wireless issues, please, forward to "WAN, Routing and Switching".

I'm analyzing your settings.

Regards.

New Member

Re: Wireless device can't get IP address for Guest network

Hi Rafael,

I attached the router configs and the branch office switch in an earlier post.  Were you able to see them?  I will attach the switch config from the main office and the ASA config.

New Member

Re: Wireless device can't get IP address for Guest network

Hi Jennifer,

I'm checking the configuration of your devices, I didn't found anything wrong yet.

Please check the files are sent to me with passwords (remove the password from configuration).

Your question is in the wrong section, need move to switching and routing.

Try set one interface of branch site for vlan 99, if you don't get ip address fixed ip 192.168.99.80/24 and try get ping reply from your ASA GuestWLAN (192.168.99.1)

Regards.,

Rafael

Re: Wireless device can't get IP address for Guest network

ok, so you are trying to extend a L2 VLAN across a routed link?

That's not going to work with out doing IRB for vlan 99 across the WAN link.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Wireless device can't get IP address for Guest network

Hi Steve,

Yes, that is what I'm trying to do.  I will do some research on IRB. 

Thank you.

New Member

Re: Wireless device can't get IP address for Guest network

Hi Rafael,

Thanks for reminding me about the passwords.  I removed them from my first post, but forgot to on the attachments.  I removed the attachments.

I will check in to irb and maybe repost this to the switching and routing section.

Thanks.

New Member

Re: Wireless device can't get IP address for Guest network

Hi Jennifer,

No problem.

Stephen is correct.

Maybe this will help, http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

Regards.

New Member

Re: Wireless device can't get IP address for Guest network

Great.  Thank you again. 

1029
Views
0
Helpful
12
Replies
CreatePlease to create content