Hello,
I have a network consisting of an ASA5510 (V7.08)with security plus license connected to a ESW-540-24P with an AP541N firmware 1.9(1).
3 VLANs are configured :
- Data Untagged Vlan 1
- DHCP handled by Windows Server
- 192.168.2.x / 255.255.255.0
- Voice Tagged Vlan 100
- DHCP handled by Phone system
- 192.168.10.x / 255.255.255.0
- Guest Tagged Vlan 50
- DHCP handled by ASA
- 192.168.20.x / 255.255.255.0
The port on which the AP541N is connected is configured as a Wireless AP port through Smartports Wizard and allows traffic for all 3 VLANs. From a laptop, if I connect to the BSID for the Data network, I get an IP from the DHCP server (Windows) and I'm able to browse the Internet and access the servers. If I try to connect to the BSID of the Guest network, I kept on getting the error Reason Code 3 when I had authentication configured. To keep things simple, I disabled authentication on the Guest network. I'm able to connect now but I can't seem to get an IP from the ASA.
Here's the pertinent info for the Guest VLAN from the ASA
interface Ethernet0/1.3
description Guest Data VLAN
vlan 50
nameif Guest_Vlan
security-level 50
ip address 192.168.20.1 255.255.255.0
mtu Guest_Vlan 1500
global (outside) 1 interface
nat (Guest_Vlan) 1 0.0.0.0 0.0.0.0
dhcpd address 192.168.20.10-192.168.20.50 Guest_Vlan
dhcpd dns 8.8.8.8
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config Guest_Vlan
dhcpd enable Guest_Vlan
Through online forums, I found the following Reason Codes :
Here are the reasons codes our team found in the log file.
1 /* Unspecified reason */
3 /* Deauthenticated because sending station is leaving (or has left) IBSS or ESS
4 /* Disassociated due to inactivity */
8 /* Disassociated because sending station is leaving (or has left) BSS
My AP541N Info :
Product Identifier : AP541N-A-K9
Hardware Version : V01
Software Version : AP541N-K9-1.9(1)
What could be the reason why I can't get an IP from the ASA? BTW, only one port on the ASA is used and I know the trunking works properly on this port because both my PBX and Lan can access the Internet.
Thanks,
fs483
I have a network consisting of an ASA5510 (V7.08)with security plus license connected to a ESW-540-24P with an AP541N firmware 1.9(1).
3 VLANs are configured :
- Data Untagged Vlan 1
- DHCP handled by Windows Server
- 192.168.2.x / 255.255.255.0
- Voice Tagged Vlan 100
- DHCP handled by Phone system
- 192.168.10.x / 255.255.255.0
- Guest Tagged Vlan 50
- DHCP handled by ASA
- 192.168.20.x / 255.255.255.0
The port on which the AP541N is connected is configured as a Wireless AP port through Smartports Wizard and allows traffic for all 3 VLANs. From a laptop, if I connect to the BSID for the Data network, I get an IP from the DHCP server (Windows) and I'm able to browse the Internet and access the servers. If I try to connect to the BSID of the Guest network, I kept on getting the error Reason Code 3 when I had authentication configured. To keep things simple, I disabled authentication on the Guest network. I'm able to connect now but I can't seem to get an IP from the ASA.
Here's the pertinent info for the Guest VLAN from the ASA
interface Ethernet0/1.3
description Guest Data VLAN
vlan 50
nameif Guest_Vlan
security-level 50
ip address 192.168.20.1 255.255.255.0
mtu Guest_Vlan 1500
global (outside) 1 interface
nat (Guest_Vlan) 1 0.0.0.0 0.0.0.0
dhcpd address 192.168.20.10-192.168.20.50 Guest_Vlan
dhcpd dns 8.8.8.8
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config Guest_Vlan
dhcpd enable Guest_Vlan
Through online forums, I found the following Reason Codes :
Here are the reasons codes our team found in the log file.
1 /* Unspecified reason */
3 /* Deauthenticated because sending station is leaving (or has left) IBSS or ESS
4 /* Disassociated due to inactivity */
8 /* Disassociated because sending station is leaving (or has left) BSS
My AP541N Info :
Product Identifier : AP541N-A-K9
Hardware Version : V01
Software Version : AP541N-K9-1.9(1)
What could be the reason why I can't get an IP from the ASA? BTW, only one port on the ASA is used and I know the trunking works properly on this port because both my PBX and Lan can access the Internet.
Thanks,
fs483
Just to be sure I was configuring the port properly, I tried setting the same port to VLAN 100 (my voice vlan) and I was able to get an IP from my Phone system so I know my port config is ok. For some reason, my ASA doesn't want to hand out IPs to my Guest_Vlan. BTW, the DHCP server is handing out IPs to my management port without difficulty. Is it possible the DHCP server on the ASA can't handle 2 ranges?