Need help with multiple DHCP pools on a Cisco Aironet AP

5 pts.
Tags:
Aironet 1252 Access Point
Aironet 1252 AP
Cisco Aironet
DHCP
VLAN
WLAN
Hi all, I'm trying to run an Aironet 1252 AP with mutliple DHCP pools. What I did: -Searched for similar questions (found nothing that helped me) -I set up multiple SSIDs that are mapped to different VLANs. -I set up multiple pools (Each pool should serve one VLAN). -I tested setting an IP from the "pool1" on the sub-interface e.g. Dot11Radio1.10, or GigabitEthernet0.10. But the WLAN clients run into an timeout and dont get a IP address from the pools. :( The only DHCP pool that works, it the one for the default VLAN (1), where the BVI 0 has an IP in (pool internel). Hope you can help me. AND: No, I dont want to use a external DHCP Server.... Greetings, gabe
    Here is my running-conf:

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco1252
!
enable secret 5 $XXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
aaa session-id common
ip domain name XXXXXXXXXXXXXXXX
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.254
!
ip dhcp pool pool1
   network 192.168.254.0 255.255.255.0
   default-router 192.168.254.254 
   dns-server 145.253.2.75 
   lease 10
ip dhcp pool pool2
   network 192.168.253.0 255.255.255.0
   default-router 192.168.253.254 
   dns-server 145.253.2.75 
   lease 10
ip dhcp pool internal
   network 10.1.1.0 255.255.255.0
   default-router 10.1.1.254 
   dns-server 145.253.2.75 
   lease 10
!
!
dot11 vlan-name WAP2-VLAN13 vlan 13
dot11 vlan-name WEP-VLAN11 vlan 11
dot11 vlan-name WPA1-VLAN12 vlan 12
dot11 vlan-name open-VLAN10 vlan 10
!
dot11 ssid VLAN10-Open
   vlan 10
   authentication open 
   mbssid guest-mode
!
dot11 ssid VLAN11-WEP
   vlan 11
   authentication open 
   mbssid guest-mode
!
dot11 ssid VLAN12-WPA1
   vlan 12
   authentication open 
   authentication key-management wpa version 1
   mbssid guest-mode
   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
dot11 ssid VLAN13-WPA2
   vlan 13
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
power inline negotiation prestandard source
!
!
username Cisco password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
username admin privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 11 key 1 size 128bit 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX transmit-key
 encryption vlan 11 mode ciphers wep128 
 !
 encryption vlan 12 mode ciphers tkip 
 !
 encryption vlan 13 mode ciphers aes-ccm 
 !
 ssid VLAN10-Open
 !
 ssid VLAN11-WEP
 !
 ssid VLAN12-WPA1
 !
 ssid VLAN13-WPA2
 !
 antenna gain 2
 mbssid
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 bridge-group 10 subscriber-loop-control
 bridge-group 10 block-unknown-source
 no bridge-group 10 source-learning
 no bridge-group 10 unicast-flooding
 bridge-group 10 spanning-disabled
 ip address 192.168.254.1 255.255.255.0
!
interface Dot11Radio0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface Dot11Radio0.13
 encapsulation dot1Q 13
 no ip route-cache
 bridge-group 13
 bridge-group 13 subscriber-loop-control
 bridge-group 13 block-unknown-source
 no bridge-group 13 source-learning
 no bridge-group 13 unicast-flooding
 bridge-group 13 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 11 key 1 size 128bit 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX transmit-key
 encryption vlan 11 mode ciphers wep128 
 !
 encryption vlan 12 mode ciphers tkip 
 !
 encryption vlan 13 mode ciphers aes-ccm 
 !
 ssid VLAN10-Open
 !
 ssid VLAN11-WEP
 !
 ssid VLAN12-WPA1
 !
 ssid VLAN13-WPA2
 !
 antenna gain 3
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 bridge-group 10 subscriber-loop-control
 bridge-group 10 block-unknown-source
 no bridge-group 10 source-learning
 no bridge-group 10 unicast-flooding
 bridge-group 10 spanning-disabled
!
interface Dot11Radio1.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!
interface Dot11Radio1.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface Dot11Radio1.13
 encapsulation dot1Q 13
 no ip route-cache
 bridge-group 13
 bridge-group 13 subscriber-loop-control
 bridge-group 13 block-unknown-source
 no bridge-group 13 source-learning
 no bridge-group 13 unicast-flooding
 bridge-group 13 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 no bridge-group 10 source-learning
 bridge-group 10 spanning-disabled
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
 no bridge-group 11 source-learning
 bridge-group 11 spanning-disabled
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 no bridge-group 12 source-learning
 bridge-group 12 spanning-disabled
!
interface GigabitEthernet0.13
 encapsulation dot1Q 13
 no ip route-cache
 bridge-group 13
 no bridge-group 13 source-learning
 bridge-group 13 spanning-disabled
!
interface BVI1
 ip address 10.1.1.1 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.14.1.77
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server view dot11view ieee802dot11 included
snmp-server community public view dot11view RO
snmp-server community besnmp2006 RW
snmp-server chassis-id Cisco1252
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
ASKED: April 27, 2009  10:07 AM
UPDATED: April 30, 2009  5:48 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

The DHCP is working on VLAN 1, because there is an IP address associated with it, on BVI1. For DHCP to work you need IP, and unless there is IP configured in the bridge group, it will not work.

I have a nasty feeling that the AP will not support multiple BVI with different IP as the AP is essentially layer 2, not 3 (i.e. not a router), but I don’t have one here to check.

Try removing the config from BVI1 and put an IP on a BVI for a different VLAN/SSID and see if it then works for that one. Or see if it supports both at the same time, but as I said, I don’t think it does.

If you have a router, then you may be able to re-direct the DHCP from the originating VLAN to the VLAN1 address of this AP, using the ‘ip helper-address 10.1.1.1′ command to forward the DHCP broadcast as a unicast to the IP address of the BVI1 interface.

Try the fix, and see if it works, but I would’nt really recommend this as a final solution, as the AP is not really designed as a DHCP server for multiple hosts, just really for only a few. I suspect the AP will run out of memory after a short while.

I know you don’t want to do it, but a separate DHCP server is a much better bet going forward.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following