Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

non-native vlans

Hello experts!!!

I have a 1200 which has option to support multiple vlans. I have configured vlans on the access point and on the switch. i used vlan 3 and vlan 4. then there is vlan 1 on the AP as the native vlan. if i connect the access point on vlan 1 and the dhcp server on vlan. it is okay, i get an IP address. but if i plug the ap and the dhcp server on either vlan 3 or 4. i don't get a dhcp ip address. but if assign either vlans (3 or 4) to be the native vlan, i'd an ip address. how do i make the non-native vlans work and acquire a dhcp ip address?

thanks for your help!

neil

8 REPLIES
Green

Re: non-native vlans

You need to have a router or Layer3 switch to move the DHCP requests from VLAN to VLAN.

You also need to configure IP Helper on the router, because DHCP uses broadcasts (which a router/l3 device) will block by default).

Good Luck

Scott

New Member

Re: non-native vlans

ScottMac, thanks for the reply. but both the dhcp, that is a microsoft dhcp server, and the AP are on the same non-native vlan. say, vlan 3.would i still be needing a router or l3 switch on that? eventho, they are on the same vlan?

Green

Re: non-native vlans

If the dhcp server is on the same VLAN/same broadcast doamin, then an L3 device is not necessary.

If your server NIC and active network devices support 802.1q VLANS, you could feed your server with a trunk (both VLANs, one cable, two logical NICs) that wold allow the server to be directly connected to both VLANs and feed them both / all with no L3.

You'd need to define a dhcp scope for each VLAN, and most likely would wnat to create a scope for each VLAN in your DNS.

To the original point (again); you need to have the DHCP server in the same broadcast domain, or an L3 device with some sor of "helper" to forwad the DHCP broadcasts from the server segment/VLAN to the client's segment/VLAN.

Good Luck

Scott

New Member

Re: non-native vlans

very thank you, ScottMac!!!

Actually I want to use this on a different scenario. say, i have vlans 1, 2, and 3, with dhcp on vlan 1. for users in vlan 2 and 3 to get dhcp ip address, i have to have routes to vlan1 to accomplish this. is this correct? does this means i have to put ip addresses on each of the dot11 radio subinterfaces and the fast ethernet subinterfaces on the AP and configure a route on the router? am i getting it right? how will the routes be? which interface should be using, the radio or the ethernet?

Green

Re: non-native vlans

You do not need any IP address on the AP, on any interface - the AP is strictly a pass-through device, like a hub or switch.

Putting an address on the AP is for administrative convenience.

You do need to define the VLANs, and usually, a specific SSID to bind to that VLAN, so users that associate to a specifc SSID are channeled & tagged for a specific VLAN.

If the DHCP server is on VLAN1, then, yes, you need to have a route from the other VLANs to VLAN1 (and back).

This is usually done an a router or other Layer 3 device, and usually done with an 'IP HELPER" command applied to the interface closest to the client.

IP HELPER accepts the broadcast request for a DHCP request, and forwards it as a (routable) unicast to the address you designate in the IP HELPER command.

The server responds with a unicast message that includes the client's assigned address. There's some other traffic involved, but what I mentioned is the jist of it.

L3 devices, by default & designed function, will block broadcasts, including DHCP. The IP HELPER command was created to permit the use of utility broadcasts without turning the router into a bridge.

Also be advised that IP HELPER will forward more than just DHCP broadcasts; if I recall correctly, it passes ~eight utility broadcasts (that I don't remember off the top of my head) . You can configure IP HELPER to pass more or less, or only DHCP .... but the default is to pass several flavors of utility broadcast.

Short version:

* You only need one address on the AP, for management only.

* You need IP HELPER on the client-side interface of the L3 device (only - once the IP helper has converted the broadcast to a unicast, it will make it all the way to the DHCP server & back)

* An alternative is to connect your DHCP server with a trunk so that the server is "native" to all VLANs. With this method, you do not need an L3 device because the server has an appearance on each VLAN. Your server must have an 802.1q compatible interface, and all switches along the route must also support 802.1q trunking.

* If you want to permit the VLANs to talk to each other (client on VLAN 1 can talk to client or resource on VLAN 2) you need to establish a route through an L3 device. They can be static routes, or you can use a routing protocol (i.e., RIP, EIGRP ...).

Good Luck (and thanks for the ratings!)

Scott

New Member

Re: non-native vlans

Thank you very much, ScottMac. Oh yeah, I forget an AP is not an L3 device. So, it doesn't care about IP except for mgt.

WOW thanks for that very comprehensible explanation. Now, my imagination is soaring over this. I have got to get to my mini lab, quick to the bat cave!

God bless you, ScottMac! (Well, your conversations are very helpful and the ratings... just one way to really say thank you very much)

FORUM RULES!!!

New Member

Re: non-native vlans

I have been following this thread and have a question of my own that perhaps somebody could answer.

So, if I use BVI1 only on the AP, and configure a dhcp server on the AP to dole out addresses, then my client receives an IP upon request. I now have connected to the Wireless LAN.

However, this AP has to attach to a 3745 router via a 2950 and 3512G switch to get out to the internet.

So, I create a VLANxyz on the 2950, 3512G and 3745 devices. I now have connectivty all the way between these three devices. However, since the AP attaches to 2950 on VLANxyz, I'm not able to access the AP anymore, not ping, nothing. Also, dhcp doesn't work for some reason.

So I tried creating a new BVIxyz on the AP and changing the default bridge-group on Dot11Radio0 and Fa0 to BVIxyz. Nada. I gave this new BVIxyz an IP address but it still does not ping the 2950. I tried deleting BVI1 but the system rejects the command, saying it cannot be deleted.

I thought "bridge 1 route ip" may be tied to BVI1, so tried deleting and replacing it with BVIxyz, but same rejection prompt.

Any ideas?

Thanks!

New Member

Re: non-native vlans

I guess my previous post can be disregarded. After I put every interface on the AP back to BVI1 and set the switchport access vlan on the 2950 to BVIxyz, I have full connectivity to everything.

I guess the AP is really nothing more than a hub at this point.

307
Views
13
Helpful
8
Replies
CreatePlease to create content