Cisco aironet 1310G non_native vlan and dhcp

Similar Messages

• Wirless Vlans and DHCP

  I am trying to configure my Aironet 1121G acess points with several vlans, got the vlans all working fine with wired devices, but the wirless devices don't get DHCP.
  Basically, I have the BVI on my managment vlan and two other vlans that pass through, trying to have the public WiFi on 1 vlan and two corporate vlans with seperate wifi. can't get IPs on any of them though.
  Vlnas are routed by a catlayst 3550 with helper addresses configured on all the vlan interfaces.
  DHCP comes from 2 windows server 2003 boxes on a further vlan
  any Ideas?

  Vinod,
       Here is the AP config, I'm confused, so any help would be useful, got to get a wireless course under my belt.
  Cheers,
  Peter
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname IT_AP1121G_01
  no logging console
  enable secret
  ip subnet-zero
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 vlan-name Corporate vlan 3
  dot11 vlan-name Default vlan 1
  dot11 vlan-name Managment vlan 2
  dot11 ssid stosWIFI
  vlan 1
  authentication open
  guest-mode
  mbssid guest-mode
  infrastructure-ssid optional
  mobility network-id 1
  dot11 ssid stoswaldsWIFI
  vlan 3
  authentication open eap eap_methods
  mobility network-id 3
  username admin privilege 15 secret 5 $1$.dBF$jstGCUjGPaD6OQ/JVmZEY1
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  shutdown
  encryption key 1 size 128bit 7 0D1A262E215F252C7E5A2D6A6498 transmit-key
  encryption mode wep mandatory
  encryption vlan 1 key 1 size 128bit 7 DA303E012047F6068707FC131B4A transmit-key
  encryption vlan 1 mode wep mandatory
  encryption vlan 3 mode wep mandatory
  ssid stosWIFI
  ssid stoswaldsWIFI
  mbssid
  speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  channel 2412
  station-role root
  world-mode dot11d country GB both
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 254
  bridge-group 254 subscriber-loop-control
  bridge-group 254 block-unknown-source
  no bridge-group 254 source-learning
  no bridge-group 254 unicast-flooding
  bridge-group 254 spanning-disabled
  interface Dot11Radio0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  bridge-group 3 subscriber-loop-control
  bridge-group 3 block-unknown-source
  no bridge-group 3 source-learning
  no bridge-group 3 unicast-flooding
  bridge-group 3 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  bridge-group 254
  no bridge-group 254 source-learning
  bridge-group 254 spanning-disabled
  interface FastEthernet0.3
  encapsulation dot1Q 3
  no ip route-cache
  bridge-group 3
  no bridge-group 3 source-learning
  bridge-group 3
  interface FastEthernet0.2
  encapsulation dot1Q 2 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.2.33 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.2.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  logging trap notifications
  logging
  radius-server attribute 32 include-in-access-req format %h
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  password
  line vty 0 4
  password
  line vty 5 15
  end

• Multiple Cisco Aironet 1131AG access points and same SSID?

  We have multiple Cisco Aironet 1131AG devices, all wired on one Cisco L2 switch(2560)  who is connected to L3 switch (3550). We assigned one VLAN for access point in L3 switch who acts as vtp server (L2 switch is vtp client). All ap's will have static ip address and all will have same SSID and no security and they will be using multiple channels (ex. 1,6,11).  They will operate in 3 floor building for roaming wireless client. We won't using any wireless controller.
  So my question is this: How to configure APs-all the same with different ip's, can we use L3 switch to create dhcp server for access points VLAN (pool for clients, and the rest for static ip for ap's)? Can one of the ap's be WDS and in the same time local radius server with users without Cisco Secure ACS or similar controller or I didn't understand this quite well :-). I followed guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32roamg.html for WDS where the part abou Cisco ACS is a problem, so I can use same ap as Local Authenticator as in guide  http://www.cisco.com/en/US/docs/wireless/access_point/12.3_4_JA/configuration/guide/s34local.html#wp1035723.
  Many thanks...

  Well, just so you know, WDS and local RADIUS authentication is only needed if you're using authentication on your wireless connection.  You say you're not planning to use security, so this isn't necessary.  However, I'd highly recommend at least using a simple WPA2-PSK to lock down your connection, otherwise you might end up giving free Internet access at best, and at worst you might be giving access to company PCs and servers.  If you want to further use an 802.1x or WPA authentication method, then yes, you can use an AP as a RADIUS server and WDS to improve authenticated roaming, but this is far more limited than using a Cisco ACS.
  As for your other questions, yes, your APs can all be configured the same except for at least three parameters: IP address, channel, and hostname.  Configure your static IP addresses on the AP's BVI1 interface.  Don't place it on the Radio or Ethernet interfaces, because if either of these interfaces goes down you'll lose the ability to configure the AP, so it's best to use the BVI1 interface.
  And yes, configuring a DHCP scope for your clients on your L3 switch is a good design, or you could also use your DHCP server on a different subnet by using the ip helper-address command on the L3 interface.  I hope this helps!  Let me know if you need help configuring any of this.
  Merry Christmas!
  Jeff

• Configuring Cisco Aironet 1140 for Radius and setting up a Radius server

  guys i need some help setting up my Radius to work with cisco aironet 1140, i am new at this however i was tasked with setting up a Radius server and setting our AP with WPA2- enterprise so users can log into our AP using AD credentials.
  When i try to setup on the AP a new SSID i do not see the option for WPA2- enterprise?

  Here are other links with examples:
  https://supportforums.cisco.com/thread/331581
  http://targetcisco.blogspot.com/2011/03/cisco-autonomous-access-point.html
  http://downloads.avaya.com/css/P8/documents/100041614
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Cisco switch 300 configure vlan and ports

  Hi i need help
  i cant see the vlan on port vlan membership
  i did create the vlan and i did configure the port the access
  but when i try to port vlan membership to tell which port to wich vlan i cant see the vlan i have created in the list
  thanks to help

  Hi,
  This forum is focusing on the issues related Windows Server.
  To get better help, please post your question on the forum of cisco.
  Here is the address,
  https://supportforums.cisco.com/
  Best Regards.
  Steven Lee
  TechNet Community Support

• Aironet 1140 AP's and DHCP

  We have 6 aironet 1140's throughout the office I have them all configed as one ssid but I would like the DHCP to come from our Windows server.  Right now I have set them up with ip dhcp pools.  So what is the secret to get them to send dhcp requests to the Windows server?
  Thanks                  

  Nope...
  All you have to do is configure ip helpder address on L3 device and remove the dhcp pool configuration from AP's. This will ensure that devices pick ip from your wondws dhcp scope.
  Hope that helps.
  Regards
  Najaf
  Please rate when applicable or helpful !!!

• SonicWALL = Guest Wireless, VLANs, and DHCP

  All,I'm going to attempt to set up corporate and guest WIFI using Ubiquiti UniFi APs. I'm new to VLANs in general but understand that this is the likely approach. The equipment that I will be using is below- SonicWALL TZ-400 configured for PTP VPN to a SonicWALL E6500.- Ubiquiti toughswitch just for the APs- 4 Ubiquiti APsThe SonicWALL E6500 (central location) does DHCP over VPN to all of the remote offices such as where this TZ-400 will be. I'm struggling with how to handle DHCP. If I set up VLANs say VLAN 10 for corporate to pull DHCP as normal and VLAN 20 for guest WIFI. How can I tell VLAN 20 to get a different range of IPs so that I can restrict from the corporate network range? The toughswitch would be using its own interface on the TZ400. Does what I'm trying to accomplish make sense and is it possible?
  This topic first appeared in the Spiceworks Community

  Setup:Sonicwall TZ205Created a sub-interface – X0:V100 with an IP address of10.45.1.1.Created a DHCP scope for said IP ranged associated withX0:V100 within Sonicwall.Three Netgear switches:A.24 Port + 4 SFPB.24 Port + 4 SFPC.48 Port + 4 SFP1.Sonic wall connected to switch C on port 12.Switch C connected to switch B using port 473.Switch B connected to switch C using port 234.Switch B connected to switch A using port 25 –(GB SFP over fiber)5.Switch A connected to switch B using port 25 –(GB SFP over fiber)6.Ubiquiti AP connected to switch A on port 2VLAN 1 – default·All ports on all switches are untagged fordefault VLAN 1VLAN 100 – meant for wireless guests·Ports 2 and 25 are Tagged for V100 on switch A –all other ports are blank for V100·Ports 23 and 25 are Tagged for V100 on switch B– all other ports are blank for V100·Ports 1 and 47...
  This topic first appeared in the Spiceworks Community

• VLAN and DHCP

  While this isn't always the case, using vlans also implies using subnetting and routing. In this case each vlan needs to have its own subnet, or the L3 router won't know where to send the data.
  

  Hi,
  Ok so i'm racking my brain here and not getting anywhere. I'm trying to set up up VLAN so it gets DHCP. Here is some back story:
  Core Switch:
  IP 172.16.250.250
  VLAN 400
  IP Address 172.161.250.250
  IP Helper Address 172.16.1.3
  End Switch:
  IP 172.16.250.6
  VLAN 400
  IP Address 172.161.250.250
  IP Helper Address 172.16.1.3
  DHCP Server
  IP 172.16.1.3
  DHCP Scope 
  Router IP 172.161.250.250
  Am I missing something here?
  This topic first appeared in the Spiceworks Community

• Cisco SG 300-10 VLAN and IP Interface Question

  Hello,
      Please forgive me if you find my question too basic. But, I would really appreciate an answer as I am having a heck of a time getting the VLANs to work. I have several VLANs configured as follows, but, my question is related only two VLANS: VLAN 104 and VLAN 2000. Followings are the screenshots.  I have connected cable from Port 6 of the switch to the NIC2 of Windows 8.1 PC. When I use GE6 as access port for VLAN 104, I am able to ping to the NIC2 configured with static IP 10.10.30.30. However, when use GE as Trunk Port for VLAN 104 and 2000, I am not able to ping the NIC2 configured with static IP 10.10.30.30 or static IP 10.10.110.30. I am using the ping utility from the GUI. 
     If there is a better way to test the trunk port, please let me know.
      At this point, I am assuming that something is wrong with my configuration as the NIC2 is unable to receive IP address.
       The other assumption is that NICs with Windows 8.1 OS does not accept Traffic from Tagged VLANS. 
  VLAN TableShowing 1-11 of 1110203050per page
  VLAN ID
  VLAN Name
  Originators
  VLAN Interface State
  Link Status 
  SNMP Traps
  1
  Default
  Enabled
  Enabled
  100
  Management A
  Static
  Disabled
  Enabled
  101
  Management B
  Static
  Disabled
  Enabled
  102
  VXLAN A
  Static
  Disabled
  Enabled
  103
  VXLAN B
  Static
  Disabled
  Enabled
  104
  vMotion
  Static
  Enabled
  Enabled
  105
  IP Storage
  Static
  Disabled
  Enabled
  106
  HQ Uplink
  Static
  Disabled
  Enabled
  107
  HQ Access
  Static
  Disabled
  Enabled
  1000
  Test VLAN
  Static
  Disabled
  Enabled
  2000
  Test2 VLAN
  Static
  Enabled
  Enabled
  Port VLAN Membership Table
  Filter:
  Interface Type
  equals to
  PortLAG
  Go
  Interface
  Mode
  Administrative VLANs
  Operational VLANs
  LAG
  GE1
  Trunk
  1UP
  1UP
  GE2
  Trunk
  1UP
  1UP
  GE3
  Trunk
  1UP
  1UP
  GE4
  Trunk
  1UP
  1UP
  GE5
  Trunk
  1UP
  1UP
  GE6
  Trunk
  1UP, 104T, 2000T
  1UP, 104T, 2000T
  GE7
  Trunk
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  GE8
  Trunk
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  GE9
  Trunk
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  GE10
  Trunk
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
  IPv4 Interface TableShowing 1-11 of 1110203050per page
  Interface
  IP Address Type
  IP Address
  Mask
  Status
  VLAN 105
  Static
  10.10.20.1
  255.255.255.0
  Valid
  VLAN 104
  Static
  10.10.30.1
  255.255.255.0
  Valid
  VLAN 2000
  Static
  10.10.110.1
  255.255.255.0
  Valid
  VLAN 1
  Static
  192.168.0.39
  255.255.255.0
  Valid
  VLAN 1000
  Static
  192.168.1.1
  255.255.255.0
  Valid
  VLAN 106
  Static
  192.168.100.1
  255.255.255.0
  Valid
  VLAN 100
  Static
  192.168.110.1
  255.255.255.0
  Valid
  VLAN 107
  Static
  192.168.130.1
  255.255.255.0
  Valid
  VLAN 102
  Static
  192.168.150.1
  255.255.255.0
  Valid
  VLAN 101
  Static
  192.168.210.1
  255.255.255.0
  Valid
  VLAN 103
  Static
  192.168.250.1
  255.255.255.0
  Valid
  Ping
  Host Definition:
  By IP address
  By name
  IP Version:
  Version 6
  Version 4
  <tr id="trSourceIP" display:none"="">
  Source IP:
  Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)Autofe80::5267:aeff:fe3d:83b3(VLAN1)Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)fe80::5267:aeff:fe3d:83b3(VLAN1)
  Destination IPv6 Address Type:
  Link Local
  Global
  Link Local Interface:
  VLAN 1
  Destination IP Address/Name:
  Ping Interval:
  Use Default
  User Defined
  ms (Range: 0 - 65535, Default: 2000)
  Number of Pings:
  Use Default
  User Defined
  (Range: 1 - 65535, Default: 4)
  Status:

  Tom and Michal, your response is much appreciated. You are 100% right. The issue was with the Windows recognizing the VLAN tags. I have tested trunking by using the vmxnet3 driver from VMware and it works. 
  I had another question where I can use your help too. I am not sure how to connect two Cisco SG300 switches - one with L3 mode and the second one with L2 mode. I have configured GVRP for Port 5 of both switches and run a cable connecting to Port 5 of each switch. I have made port 5 of both switches trunk mode ( 1U, 1000T). I have created VLAN 1000 on both switches. With L3 switch, I have added IP Interface (192.168.100.1) to VLAN 1000. My issues is that, I am not able to access the management port (192.168.1.238) of the L2 switch. Note that the L2 switch has only on uplink, which is to the L3 switch. Since the Port 5 also receives untagged traffic from VLAN1 (192.168.1.1), I am assuming that it would receive the management network from VLAN1. 

• Wrvs4400n vlans/ssid/dhcp issue

  Hi all,
  it will be great if someone will help me with my problem.
  the problem is : our wrvs4400n  wifi router configuration.
  network description: we need 2 separated wifi networks one for guests and one for internal access, and i configured them on router, and also configured each one of them to different vlan, guests to vlan 200 and internal use default vlan 1.
  vlan 1 configured as dhcp relay and its working pritty well.
  vlan 200 configured as dhcp and the problem begins here.
  somehow  on vlan 200 i get dhcp from our externam dhcp server,
  wrvs4400n conected  as follow> lan port1/vlan 200 connected to firewall port(configured as vlan 200) and lan port 4/vlan1 conected to our main switch wich connected to firewall also.
  i guess that my knowlege in networking its not so good......
  how can i prevent from our internal dhcp to comunicate with vlan 200 ,
  any help will be very appreciated.

  Hi Rich,
  You cannot have different L3 VLANs sharing the same subnet.
  Each VLAN must have it's own subnet and then you have a routing device routing between both VLANs.
  You should have a DHCP pool also for VLAN 111 configured on the DHCP server.
  Even if you have ip helper address configured and this should be done on the VLAN111 interface of the switch, you still need a DHCP pool for VLAN 111 because the DHCP discovery is coming on VLAN 111.
  Please take a look into this document:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.
  Here it explains how to configure 2 ssids on 2 vlans and dhcp pool (on the switch itself) for each vlan.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Wireless VLANs and WLC

  Hello,
  Designing a configuration for a Wireless solution. Have a 2951 with SRE-WLC and 4 port switch module. The documentation at
  http://www.cisco.com/en/US/docs/wireless/controller/controller_modules/sre/installation/guide/wlcsreinst.html#wp1072942 arised couple of questions. Exact part of diagram from documentation is attached.
  The question is that VLANs configured on SRE-WLC and ones configured on local switched belong to different subnets. Why? For example on SRE-WLC VLAN 20 - 55.20.0.0/24, but on switch - VLAN 20 - 20.1.1.0/24. Why?
  Thanks!

  Hi George,
  Today i tried implementing APs on different VLAN than MGMT. Here is what I got:
  1. New out-of-box APs didnt join to WLC once placed directly to APs VLAN. However they were able to join the WLC once I put them back to MGMT Vlan. They upgraded their IOS from WLC, joined compeletely. After that I moved them back to APs VLAN and they started to join. So, here is the procedure - Open new AP from box, connect it to MGMT VLAN, wait for joining to WLC and then move them to APs VLAN. This is a little bit strange. Also I noticed that they were unable to join teh WLC even on MGMT vlan if MGMT vlan is tagged on WLC and that tagged vlan is allowed on trunk. I have WLC on SRE, MGF trunk, VLANS and DHCP pools with option 43 configured. Will continue to investigate tomorrow.
  2. What was the most difficult and problematic issue is that the LED was disabled on all APs after joining the WLC. I have been thinking that there is an error but only then found that APs by default turned off LED after joining the WLC. Issuing config ap led-status enable all on wlc solved the problem.
  3. Also I regularly have been receiving
  %PARSER-4-BADCFG: Unexpected end of configuration file.
  during the AP joining to WLC. Dont know why. My APs are LAP1041n.
  ANyways, will continue digging tomorrow, hopefully will find a stable solution. My ideal solution will be:
  1. WLC Management is on MGMT VLAN - tagged vlan 20, static IP assignments.
  2. APs on separate AP VLAN - tagged vlan 15 - dynamic IP assignments from DHCP pool on ISR with option 43.
  3. Clients are on separate USERS VLAN - tagged vlan 10
  The native VLAN will be other VLAN - VLAN 25.

• Cisco Aironet 3501i

  Hello guys
  Its my first post and I hope you will be able to assist me with my problem.
  I am setting up a wireless lan in a samll firm. We have already bought Cisco Aironet 3501i Access point and ASA 5510. Now
  First I want to configure the Access point but according to the info on the Cisco web site I will need the Cisco Wireless Controller
  for that. Not able to find any info. So my questioin is "Is it possible to configure Aironet 3501i like any other wireless router" or we
  need a Cisco Wireless Controller in any case? Secondly we are not using any switch or router at this moments atleast. Simply want
  to connect modem to to ASA and then Access point.
  Any kind of help will be highly appreciated.
  Regards,
  Imran

  You will need a controller  
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/data_sheet_c78-594630.html
  and
  http://www.cisco.com/en/US/docs/wireless/access_point/3500/quick/guide/ap3500getstart.html
  Look at the 2500 series controller with built-in switch ports
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

• Configuration of cisco aironet 1260 series access point..??

  i hv a cisco aironet 1262n access point and a normal router(without wlan)  with a broadband connection
  now i want to use my access point as a wifi hotspot 
  but i am not able to access it, through web browser
  i dont know how i connect wires so that i am able to access "  AP access page" and also i forgot its IP address too so can u pls tell me how do i reset it to default 

  Your AP is most likely loaded with a controller-based IOS.  You can easily convert this to autonomous IOS.
  Read this:  Using a TFTP Server to Return to a Previous Release

• Dual SSID (with dual VLAN) on Cisco AiroNet 1130

  Cisco Community,
  I need some major help in figuring out how to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
  I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
  I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
  I have no idea how to create a VLAN and implement it but I can generally figure things out with a little help. The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
  I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
  Hope everyone is enjoying their holidays.
  Thanks,
  Cody

  Cody,
  Here is a good doc to follow... it explains multiple ssid's and vlans
  https://supportforums.cisco.com/docs/DOC-14496
  Sent from Cisco Technical Support iPad App

• Dynamic VLAN assignment and DHCP

  Hello
  I have just upgraded our WLC from 4.0 to 7.0 (via 4.2).
  Before the upgrade we had our ACS returning a VLAN based on user group.  This seemed to be working without an issue.  Now that the WLC is on version 7 this is no longer working correctly.  The ACS is returning a VLAN and passing the user but the client can not get an IP from the DHCP server configured.
  Example configuration:
  SSID-----VLAN
  PN-CSC-----CSCVlan: Works
  PN-Others------OthersVlan: Works
  PN-Others-----CSCVlan: No DHCP
  When users are trying to be allocated to a vlan that is different from the native one the DHCP fails however both WLANs are configured to point to the management interface so dont have any real connection to the vlan other than by name.
  Have there been any changes I haven't seen in the way the dynamic vlan allocation works in version 7?

  Yes, DHCP proxy could be the culprit here.  In 4.0 it was only a CLI command to enable/disable the proxy feature.  In 5.2, I think, and later it is in the GUI
  as well.
     There is a defect filed against the behavior of the WLC DHCP funtion out there currently.  If all of your DHCP is coming from external resources than you can disable proxy.  If, however, you are using the WLC as DHCP server for guest access, then proxy must be enabled.  If the later is true, you should contact TAC, as there is an engineering special available that has the defect resolution.
  Sorry I can't provide the defect ID, my CCO account is acting up.
  Cheers,
  Steve
  If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.