[c-nsp] Can't pick up ip address--cisco 1200 ap

Peter Rathlev peter at rathlev.dk
Mon Aug 3 03:47:14 EDT 2009 

AFAIK without BVI interfaces this will not work. You need to reconfigure
the subinterfaces of Fa0 to match what Leslie pointed out:

interface FastEthernet0.10
 encapsulation dot1Q 10
 bridge-group 10
 bridge-group 10 spanning-disabled
!
interface FastEthernet0.20
 encapsulation dot1Q 20
 bridge-group 20
 bridge-group 20 spanning-disabled
!
interface BVI10
 ip address 192.168.13.10 255.255.255.0
!
interface BVI20
 ip address 192.168.12.10 255.255.255.0
!
bridge 10 protocol ieee
bridge 20 protocol ieee
!
bridge 10 route ip
bridge 20 route ip
!

Regards,
Peter


On Sun, 2009-08-02 at 16:44 -0700, snort bsd wrote:
> Thanks for help!
> 
> Here is what I have:
> 
> 
> internet <-> AP <-> VLAN aware switch <-> firewall <-> internal
> networks
>              |
>              |
>              |
>         wireless PCs (VLAN 10 or VLAN 20)
> 
> I have DHCP service configured on the AP, which means those wireless
> PCs should get their IP addresses from the DHCP server on the AP (I
> don't have separated DHCP server on the internal network). what I am
> trying to figure out how I can tie the right pool of DHCP IP addresses
> to the right interface. Right now the authenticated PCs could not get
> IP address at all.
> 
> here is my config relating to the diagram:
> 
> ip dhcp pool vlan20
>    network 192.168.12.0 255.255.255.0
>    subnet prefix-length 24
>    default-router 192.168.12.1
>    lease infinite
> !
> ip dhcp pool vlan10
>    network 192.168.13.0 255.255.255.0
>    subnet prefix-length 24
>    default-router 192.16.13.1
>    lease infinite
> ....
> ...
> dot11 vlan-name ming vlan 20
> dot11 vlan-name rest vlan 10
> !
> dot11 ssid lab vlan 20
>    vlan 20
>    max-associations 10
>    authentication open
>    authentication key-management wpa
>    guest-mode
>    mbssid guest-mode
>    wpa-psk ascii 7 "whatever"
> !
>    information-element ssidl wps
> !
> dot11 ssid test vlan 10
>    vlan 10
>    max-associations 10
>    authentication open
>    authentication key-management wpa
>    mbssid guest-mode
>    wpa-psk ascii 7 "whatever"
> !
>    information-element ssidl wps
> ....
> ...
> interface Dot11Radio0
>  no ip address
>  no ip route-cache
>  !
>  encryption vlan 10 mode ciphers aes-ccm tkip
>  !
>  encryption vlan 20 mode ciphers aes-ccm tkip
>  !
>  ssid lab vlan 20
>  !
>  ssid test vlan 10
>  !
>  mbssid
>  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
> 36.0 48.0 54.0
>  station-role root
> !
> interface Dot11Radio0.10
>  encapsulation dot1Q 10 native
>  no ip redirects
>  no ip route-cache
>  bridge-group 10
>  bridge-group 10 subscriber-loop-control
>  bridge-group 10 block-unknown-source
>  no bridge-group 10 source-learning
>  no bridge-group 10 unicast-flooding
>  bridge-group 10 spanning-disabled
> !
> interface Dot11Radio0.20
>  encapsulation dot1Q 20
>  no ip redirects
>  no ip route-cache
>  bridge-group 20
>  bridge-group 20 subscriber-loop-control
>  bridge-group 20 port-protected
>  bridge-group 20 block-unknown-source
>  no bridge-group 20 source-learning
>  no bridge-group 20 unicast-flooding
>  bridge-group 20 spanning-disabled
> !
> interface FastEthernet0
>  no ip address
>  no ip route-cache
>  duplex auto
>  speed auto
>  bridge-group 1
>  no bridge-group 1 source-learning
>  bridge-group 1 spanning-disabled
> !
> interface FastEthernet0.10
>  encapsulation dot1Q 10
>  ip address 192.168.13.10 255.255.255.0
>  no ip redirects
>  no ip route-cache
> !
> interface FastEthernet0.20
>  encapsulation dot1Q 20
>  ip address 192.168.12.10 255.255.255.0
>  no ip redirects
>  no ip route-cache
> !

More information about the cisco-nsp mailing list