[c-nsp] Can't pick up ip address--cisco 1200 ap

snort bsd snortbsd at yahoo.com.au
Tue Aug 4 00:06:49 EDT 2009 

Thanks.

But I did almost exactly you suggested and still not working. BTW, the command "bridge 10 route ip" doesn't work since only command "bridge 1 route ip" works.



--- On Mon, 3/8/09, Peter Rathlev <peter at rathlev.dk> wrote:

> From: Peter Rathlev <peter at rathlev.dk>
> Subject: Re: [c-nsp] Can't pick up ip address--cisco 1200 ap
> To: "snort bsd" <snortbsd at yahoo.com.au>
> Cc: "cisco-nsp" <cisco-nsp at puck.nether.net>
> Received: Monday, 3 August, 2009, 5:47 PM
> AFAIK without BVI interfaces this
> will not work. You need to reconfigure
> the subinterfaces of Fa0 to match what Leslie pointed out:
> 
> interface FastEthernet0.10
>  encapsulation dot1Q 10
>  bridge-group 10
>  bridge-group 10 spanning-disabled
> !
> interface FastEthernet0.20
>  encapsulation dot1Q 20
>  bridge-group 20
>  bridge-group 20 spanning-disabled
> !
> interface BVI10
>  ip address 192.168.13.10 255.255.255.0
> !
> interface BVI20
>  ip address 192.168.12.10 255.255.255.0
> !
> bridge 10 protocol ieee
> bridge 20 protocol ieee
> !
> bridge 10 route ip
> bridge 20 route ip
> !
> 
> Regards,
> Peter
> 
> 
> On Sun, 2009-08-02 at 16:44 -0700, snort bsd wrote:
> > Thanks for help!
> > 
> > Here is what I have:
> > 
> > 
> > internet <-> AP <-> VLAN aware switch
> <-> firewall <-> internal
> > networks
> >              |
> >              |
> >              |
> >         wireless PCs
> (VLAN 10 or VLAN 20)
> > 
> > I have DHCP service configured on the AP, which means
> those wireless
> > PCs should get their IP addresses from the DHCP server
> on the AP (I
> > don't have separated DHCP server on the internal
> network). what I am
> > trying to figure out how I can tie the right pool of
> DHCP IP addresses
> > to the right interface. Right now the authenticated
> PCs could not get
> > IP address at all.
> > 
> > here is my config relating to the diagram:
> > 
> > ip dhcp pool vlan20
> >    network 192.168.12.0 255.255.255.0
> >    subnet prefix-length 24
> >    default-router 192.168.12.1
> >    lease infinite
> > !
> > ip dhcp pool vlan10
> >    network 192.168.13.0 255.255.255.0
> >    subnet prefix-length 24
> >    default-router 192.16.13.1
> >    lease infinite
> > ....
> > ...
> > dot11 vlan-name ming vlan 20
> > dot11 vlan-name rest vlan 10
> > !
> > dot11 ssid lab vlan 20
> >    vlan 20
> >    max-associations 10
> >    authentication open
> >    authentication key-management wpa
> >    guest-mode
> >    mbssid guest-mode
> >    wpa-psk ascii 7 "whatever"
> > !
> >    information-element ssidl wps
> > !
> > dot11 ssid test vlan 10
> >    vlan 10
> >    max-associations 10
> >    authentication open
> >    authentication key-management wpa
> >    mbssid guest-mode
> >    wpa-psk ascii 7 "whatever"
> > !
> >    information-element ssidl wps
> > ....
> > ...
> > interface Dot11Radio0
> >  no ip address
> >  no ip route-cache
> >  !
> >  encryption vlan 10 mode ciphers aes-ccm tkip
> >  !
> >  encryption vlan 20 mode ciphers aes-ccm tkip
> >  !
> >  ssid lab vlan 20
> >  !
> >  ssid test vlan 10
> >  !
> >  mbssid
> >  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0
> basic-11.0 12.0 18.0 24.0
> > 36.0 48.0 54.0
> >  station-role root
> > !
> > interface Dot11Radio0.10
> >  encapsulation dot1Q 10 native
> >  no ip redirects
> >  no ip route-cache
> >  bridge-group 10
> >  bridge-group 10 subscriber-loop-control
> >  bridge-group 10 block-unknown-source
> >  no bridge-group 10 source-learning
> >  no bridge-group 10 unicast-flooding
> >  bridge-group 10 spanning-disabled
> > !
> > interface Dot11Radio0.20
> >  encapsulation dot1Q 20
> >  no ip redirects
> >  no ip route-cache
> >  bridge-group 20
> >  bridge-group 20 subscriber-loop-control
> >  bridge-group 20 port-protected
> >  bridge-group 20 block-unknown-source
> >  no bridge-group 20 source-learning
> >  no bridge-group 20 unicast-flooding
> >  bridge-group 20 spanning-disabled
> > !
> > interface FastEthernet0
> >  no ip address
> >  no ip route-cache
> >  duplex auto
> >  speed auto
> >  bridge-group 1
> >  no bridge-group 1 source-learning
> >  bridge-group 1 spanning-disabled
> > !
> > interface FastEthernet0.10
> >  encapsulation dot1Q 10
> >  ip address 192.168.13.10 255.255.255.0
> >  no ip redirects
> >  no ip route-cache
> > !
> > interface FastEthernet0.20
> >  encapsulation dot1Q 20
> >  ip address 192.168.12.10 255.255.255.0
> >  no ip redirects
> >  no ip route-cache
> > !
> 
> 
> 


      ____________________________________________________________________________________
Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how: http://au.mobile.yahoo.com/mail

More information about the cisco-nsp mailing list