07-01-2009 09:17 AM - edited 07-03-2021 05:47 PM
Dear sir,
We have a running cisco secure acs version 4.1 and configured a dhcp server pool in windows server 2003 for the wireless users. The dhcp address pool are from 172.30.39.66 to 172.30.39.126 .As shown in "switch configuration.txt, we have configured a vlan for wireless as well. for acs configuration, We have configured at the acs --> network configuration by adding 2 ap as aaa clients . On the wireless access point, all the interface are up on the "sh ip int brief" . Please advise why we can't ping to ap and aaa authentication failed.
Your effort shall be highly rated and appreciated.
Thanks you very much.
07-02-2009 05:33 AM
the switch ports connecting to the APs should have the additional command:
switchport trunk native vlan 2
as vlan 2 is configured as the native vlan on the AP - see the following url:
cheers
andy
07-07-2009 02:24 AM
Hi andy,
Thank you very much for your correction. Based on the attachment "ap configuration.txt" , You can see the below the ip address for the ap is 172.30.39.5 255.255.255.224 .
interface BVI1
ip address 172.30.39.5 255.255.255.224
no ip route-cache
!
ip default-gateway 172.30.39.1
_________________
Questions : I've try to configure another ap with different ip address and default-gateway as shown belows:-
interface BVI1
ip address 172.30.39.4 255.255.255.224
no ip route-cache
!
ip default-gateway 172.30.39.65 <-- (Different default-gateway )
The ap can works perfectly as well. Please advise why it can work ?
Thanks and appreciation.
07-07-2009 03:33 AM
hi there
the ap mgmt ip address and its DG are in differnet subnets. the AP ip address is in the range 172.30.39.1 to 172.30.39.30 whereas its DG is in the range 172.30.39.65 to 172.30.39.94.
hth
andy
07-07-2009 04:29 AM
had a look at router config - ap should be on vlan 4? if so ap should have an ip in range:
172.30.39.65 to 172.30.39.126 (with a SM of 255.255.255.192)
also the switchport config for the new ap should have the "switchport trunk native vlan 4" command
cheers
andy
07-07-2009 06:47 AM
Hi Andy,
Thank your for your response. Below is the design. Yes, ap is on vlan 4 but management vlan is in vlan 2 . I've 2 ap in the network ap1 connected to port fa0/22 and ap2 connected to port f0/23.
Questions: why i assign AP1 int bvi1 ip address as 172.30.39.4 255.255.255.224, ip default-gateway 172.30.39.65
and AP2 ip address as 172.30.39.5 255.255.255.224 , ip default-gateway 172.30.39.1 .
As you can see AP1 ip default-gateway is 172.30.39.65 but AP2 ip default-gateway is 172.30.39.1 . Both are not pointing to the same gateway but both AP1 and AP2 still can works without any issue ?
Any idea?
Thanks and appreciation.
______________________
"Network/Servers 172.30.39.0/27
255.255.255.224 - Vlan2"
172.30.39.1 Gateway Router
172.30.39.2 Switch1
172.30.39.3 Switch2
172.30.39.4 AP1
172.30.39.5 AP2
172.30.39.6 Printer
172.30.39.7 - 30 <----- Free ip address , can assign for anythings.
172.30.39.31 Broadcast
__________________________-
"LAN User 172.30.38.32/27 255.255.255.224 Vlan 3"
172.30.39.32 Network
172.30.39.33 Gateway
172.30.39.34- 62 <----- Free ip address, can assign for anythings.
172.30.39.63 Broadcast
___________________________
"Wireless DHCP Pool 172.30.38.64/26 255.255.255.192
Vlan 4"
172.30.39.64 Network
172.30.39.65 Gateway
172.30.39.66-126 <----- Free ip address, can assign for anythings.
172.30.39.127 Broadcast
07-07-2009 07:38 AM
hi fungchai
if the management IPs of your APs are in the range 172.30.39.0/26 (vlan 2) then their default gateways should be 172.30.39.1. if you want to use a DG for your APs that is in a different subnet you will have to have a look at proxy arp - see url:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml
why are you using the DG of 172.30.39.65 on AP1?
hth
cheers
andy
07-07-2009 08:00 AM
Hi Andy,
Thank you for your fast reply. Due to the design i post to you earlier, i just test it out whether it can work or not . Surprisingly , it works as well if i set the DG=Default Gateway of 172.30.39.65 on AP1. Can you explaint why it can works? Strange ya.. :)
Thanks andy.
07-07-2009 08:11 AM
hi fungchai
your router config doesn't have the "no ip proxy-arp" command on the ethernet interfaces which will explain why it worked. proxy arp is enabled by default but can be disabled (its disabled on the serial interface) usually for the reasons given in the url of my previous post.
cheers
andy
07-07-2009 08:56 AM
Hi Andy,
You are brilliant 1 !! :)
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide