Aironet 1130 - DHCP Request does not have a VLAN Tagged

mattgartman · ‎12-15-2011

We have a Cisco Aironet 1130AG Wireless AP (firmware 12.4) and have a guest wireless network (internet only) and corporate wireless network configured on it. They are kept separate by having different VLANs assigned to them. When a laptop connects to the guest network I see the DHCP request go out and it is tagged with the correct VLAN. The problem is when a laptop connects to the corporate network I see the DHCP request go out but there is no VLAN tagged on the packets. This causes a problem because both of our DHCP servers (on VLAN 1 and 3, remote DHCP servers no DHCP running on the Aironet [Doesn't seem like this version has a DHCP server]) are sending responses and sometimes the corporate user will get an IP address on the Guest subnet.

Our corporate network is setup on VLAN 1 which is configured as the Native VLAN on the Aironet. Will this cause the Aironet not to tag these packets with any VLAN information? Any other thoughts as to why it isn’t tagging these packets to a VLAN?

Stephen Rodriguez · ‎12-15-2011

Matthew,

that is correct. With the dot1q encapsulation vlan 1 native on the subinterface, this tells the AP not to tag the packets. By default VLAN 1 is native on a trunk, unless you have specifically set the switchport trunk native vlan command.

With the IOS AP, the packet is bridged to the LAN, and the packet should be in VLAN 1, and as long as there is IP space available, it should pull an address from the VLAN 1 scope on your server.

Is VLAN 1 where the AP gets it's address? The address under BVI 1 should be in VLAN 1, as the radio and ethernet subinterfaces will be in bridge-group 1, due to the native command.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

mattgartman · ‎12-15-2011

Stephen,

Thanks for the reply. The AP has a static IP so the AP doesn't need to reach the DHCP server at all for its IP. What we see happening is when a user connects to the corporate Wifi the DHCP request goes out untagged and when that gets to our switches both DHCP Servers (we have two separate DHCP servers) reply with an address. So depending on who wins the race the user will either get the correct VLAN 1 IP or get an invalid VLAN 3 IP address.

If I remove the Native from VLAN 1 on the Aironet would that mean it would start tagging the packets as VLAN 1? Is it possible not to have a Native VLAN defined?

Stephen Rodriguez · ‎12-15-2011

that shouldn't happen. With the packet untagged, it should be put in the native VLAN on the switch, and broadcast only in that subnet. So unless there were an ip helper-address under teh VLAN 1 SVI pointing at the server in VLAN 3 it should either get an address in VLAN 1, or no address.

As the VLAN 1 server is responding, it is seeing the broadcast for the DCHP in VLAN 1 as it should. I would make sure there isn't a bad ip helper.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered