10-28-2010 11:43 AM - edited 07-03-2021 07:21 PM
Hi,
I have a 1131AG-K9 AP which gets an IP address from our central DHCP server. I also have it broadcasting a SSID but what I would like to happen is whenever a wireless client connects to the AP, I want them to receive a 192.16.x.x IP. Also, that 192.168.x.x network should not be able to access our production network. Effectively creating a small workgroup with 192.168 IP's and a WEP key.
Here is the config so far.
Thanks in advance.
__________________________________________
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid NYO_Crestron
authentication open
guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
password 7 !!!!!!!!!!!!!!!!!!!!
login
line vty 0 4
password 7 !!!!!!!!!!!!!!!!!!!!
login
!
end
NyoAP500#
Solved! Go to Solution.
11-01-2010 09:55 AM
Hi Sudip,
I think the BVI is on the different Vlan.. is that rite? i mean its not using vlan 192.. am i correct??
If so,then..
Please move the DHCP pool to the switch.. there are some issues if the BVI is on different subnet and if you are using some other subnet for clients for users and having internal DHCP pool for it..
Please check the below link..
Now the config should be..
>> Move the DHCP pool onto the switch..
>> Make the link between the AP and the Switch as a trunk port allowing vlan 192.
Now try connectivity..
Regards
Surendra
10-29-2010 05:40 AM
Hi Sudip,
You want the wireless clients connecting to SSID NYO_Crestron to grab IP in the range 192.168.x.x.Configure the vlan for 192.168.x.x as access vlan on the switchport connected to AP.
11-01-2010 05:39 AM
Hi Ritika,
I created a vlan and a DHCP pool. Now how do i attach the DHCP pool to the vlan?
Any client that connects to the AP times out and assigns itself a 169.254.x.x ip.
Thanks.
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!!!
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp pool NyoWiFi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
dot11 syslog
dot11 vlan-name WiFi vlan 192
!
dot11 ssid NYO_Crestron
vlan 192
authentication open
guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
no bridge-group 192 source-learning
bridge-group 192 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
end
NyoAP500#
11-01-2010 07:47 AM
Hi Sudip,
Under the radio interface the Encryption in not napped to vlan 192.. so the clients are not getting the ip address..
please configure as below..
instead of.
!
encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
encryption mode wep mandatory
!
Configure..
En
conf t
int dot11 0
no encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
no encryption moce wep mandatory
encryption vlan 192 key 1 128bit 7 !!!!!!!!!!!!!!!!!!!!! transmit-key
encryption vlan 192 mode wep mandatory
end
En
conf t
int dot11 1
no encryption key 1 size 128bit 7 !!!!!!!!!!!!!!!!!!!! transmit-key
no encryption moce wep mandatory
encryption vlan 192 key 1 128bit 7 !!!!!!!!!!!!!!!!!!!!! transmit-key
encryption vlan 192 mode wep mandatory
end
wr
This will do it from CLI.. if you wanna use GUI.. then
AP>> Security >> Encryption manager >> Select the Vlan on top >> Select WEP Encryption >> Mandatory in the Drop down >> Key 1 >> Enter the Key >> Apply.
Now try connecting and let me know how this works out for you!!
Regards
Surendra
11-01-2010 08:50 AM
Hi,
I did what you stated but stil no luck getting the client a 192.168.x.x IP.
Here is the latest config.
Thanks.
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NyoAP500
!
enable secret 5 !!!!!!!!!!!!!!!!!!!!!!
!
no aaa new-model
no ip dhcp use vrf connected
!
ip dhcp pool NyoWiFi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
dot11 syslog
dot11 vlan-name WiFi vlan 192
!
dot11 ssid NYO_Crestron
vlan 192
authentication open
guest-mode
!
!
!
username Cisco password 7 !!!!!!!!!!!!!!!!!!!!!!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 192 key 1 size 128bit 7 070E1E805F752E470D231A346A65 transmit-key
encryption vlan 192 mode wep mandatory
!
ssid NYO_Crestron
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 192 key 1 size 128bit 7 19E12C01607439A64BD02E95042D transmit-key
encryption vlan 192 mode wep mandatory
!
ssid NYO_Crestron
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
bridge-group 192 subscriber-loop-control
bridge-group 192 block-unknown-source
no bridge-group 192 source-learning
no bridge-group 192 unicast-flooding
bridge-group 192 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.192
encapsulation dot1Q 192
no ip route-cache
bridge-group 192
no bridge-group 192 source-learning
bridge-group 192 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
password 7 !!!!!!!!!!!!!!!!!!!!!!
login
line vty 0 4
password 7 !!!!!!!!!!!!!!!!!!!!!!
login
!
end
11-01-2010 09:55 AM
Hi Sudip,
I think the BVI is on the different Vlan.. is that rite? i mean its not using vlan 192.. am i correct??
If so,then..
Please move the DHCP pool to the switch.. there are some issues if the BVI is on different subnet and if you are using some other subnet for clients for users and having internal DHCP pool for it..
Please check the below link..
Now the config should be..
>> Move the DHCP pool onto the switch..
>> Make the link between the AP and the Switch as a trunk port allowing vlan 192.
Now try connectivity..
Regards
Surendra
11-04-2010 06:21 AM
Thanks guys. That worked out well just as I hoped it would work.
11-04-2010 07:30 AM
Thanks for posting on Cisco Support Community!!and its nice hear that the issue is resolved!!
have a great day
Regards
Surendra
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: