Solved: Re: Need DHCP related help with 1131AG

sudip.acharya1 · ‎10-28-2010

Hi,

I have a 1131AG-K9 AP which gets an IP address from our central DHCP server. I also have it broadcasting a SSID but what I would like to happen is whenever a wireless client connects to the AP, I want them to receive a 192.16.x.x IP. Also, that 192.168.x.x network should not be able to access our production network. Effectively creating a small workgroup with 192.168 IP's and a WEP key.

Here is the config so far.

Thanks in advance.

__________________________________________

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid NYO_Crestron
authentication open
guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
password 7 !!!!!!!!!!!!!!!!!!!!
login
line vty 0 4
password 7 !!!!!!!!!!!!!!!!!!!!
login
!
end

NyoAP500#

Surendra BG · ‎11-01-2010

Hi Sudip,

I think the BVI is on the different Vlan.. is that rite? i mean its not using vlan 192.. am i correct??

If so,then..

Please move the DHCP pool to the switch.. there are some issues if the BVI is on different subnet and if you are using some other subnet for clients for users and having internal DHCP pool for it..

Please check the below link..

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37adm.html#wp1090319

Now the config should be..

>> Move the DHCP pool onto the switch..

>> Make the link between the AP and the Switch as a trunk port allowing vlan 192.

Now try connectivity..

Regards
Surendra

Regards
Surendra BG

View solution in original post

ritchauh · ‎10-29-2010

Hi Sudip,

You want the wireless clients connecting to SSID NYO_Crestron to grab IP in the range 192.168.x.x.Configure the vlan for 192.168.x.x as access vlan on the switchport connected to AP.

sudip.acharya1 · ‎11-01-2010

Hi Ritika,

I created a vlan and a DHCP pool. Now how do i attach the DHCP pool to the vlan?

Any client that connects to the AP times out and assigns itself a 169.254.x.x ip.

Thanks.

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!!!
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp pool NyoWiFi
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
dot11 syslog
dot11 vlan-name WiFi vlan 192
!
dot11 ssid NYO_Crestron
   vlan 192
   authentication open
   guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
no bridge-group 192 source-learning
bridge-group 192 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
end

NyoAP500#

Surendra BG · ‎11-01-2010

Hi Sudip,

Under the radio interface the Encryption in not napped to vlan 192.. so the clients are not getting the ip address..

please configure as below..

instead of.

!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!

Configure..

En

conf t

int dot11 0

no encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key

no encryption moce wep mandatory

encryption vlan 192 key 1 128bit 7 !!!!!!!!!!!!!!!!!!!!! transmit-key

encryption vlan 192 mode wep mandatory
end

En

conf t

int dot11 1

no encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key

no encryption moce wep mandatory

encryption vlan 192 key 1 128bit 7 !!!!!!!!!!!!!!!!!!!!! transmit-key

encryption vlan 192 mode wep mandatory
end

wr

This will do it from CLI.. if you wanna use GUI.. then

AP>> Security >> Encryption manager >> Select the Vlan on top >> Select WEP Encryption >> Mandatory in the Drop down >> Key 1 >> Enter the Key >> Apply.

Now try connecting and let me know how this works out for you!!

Regards

Surendra

Regards
Surendra BG

sudip.acharya1 · ‎11-01-2010

Hi,

I did what you stated but stil no luck getting the client a 192.168.x.x IP.

Here is the latest config.

Thanks.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!!!!!!!!!
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp pool NyoWiFi
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
!
dot11 syslog
dot11 vlan-name WiFi vlan 192
!
dot11 ssid NYO_Crestron
   vlan 192
   authentication open
   guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 192 key 1 size 128bit 7 070E1E805F752E470D231A346A65 transmit-key
encryption vlan 192 mode wep mandatory
!
ssid NYO_Crestron
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 192 key 1 size 128bit 7 19E12C01607439A64BD02E95042D transmit-key
encryption vlan 192 mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
no bridge-group 192 source-learning
bridge-group 192 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
password 7 !!!!!!!!!!!!!!!!!!!!!!
login
line vty 0 4
password 7 !!!!!!!!!!!!!!!!!!!!!!
login
!
end

Surendra BG · ‎11-01-2010

Hi Sudip,

I think the BVI is on the different Vlan.. is that rite? i mean its not using vlan 192.. am i correct??

If so,then..

Please move the DHCP pool to the switch.. there are some issues if the BVI is on different subnet and if you are using some other subnet for clients for users and having internal DHCP pool for it..

Please check the below link..

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37adm.html#wp1090319

Now the config should be..

>> Move the DHCP pool onto the switch..

>> Make the link between the AP and the Switch as a trunk port allowing vlan 192.

Now try connectivity..

Regards
Surendra

Regards
Surendra BG

sudip.acharya1 · ‎11-04-2010

Thanks guys. That worked out well just as I hoped it would work.

Surendra BG · ‎11-04-2010

Thanks for posting on Cisco Support Community!!and its nice hear that the issue is resolved!!

have a great day

Regards
Surendra

Regards
Surendra BG