Cisco 3500 VLAN question

[jerrysafety]

I'll try to keep this brief. I've got a Cisco Catalyst 3500 switch. I have an Access Point in port 13 which in on VLAN 20. That AP pulls its IP from our Gateway, and that part is working fine. The AP itself also has a VLAN setup on it because I want the users to pull from a differnt scope of IPs. I cannot get the users to get an IP address from the AP. Port 13 is setup for VLAN Access, how can I set it up for trunking the VLAN info from the AP. I was able to get this working with ZyXEL switches, just not with Cisco. Any help would be great. Thank you

 

[burtsbees]

Are the users in VLAN 20?

Burt

 

[burtsbees]

Also, do the users pull a DHCP from the gateway server, or just not at all? I am assuming the AP is set up with a dhcp pool...

Burt

 

[jerrysafety]

thanks for the reply. No, the users are not in VLAN 20, only the access point. I've setup an egress VLAN on the AP, VLAN 50, which the users will get. Yes, the users will pull from DHCP from the gateway, just a differnt scope than the AP's.

 

[burtsbees]

If the users are in a different vlan than the AP, you either need to put the users in the same VLAN (Recommended) or include the ip helper-address command to forward dhcp broadcasts to the other VLAN. It would be better to just make the users in the same vlan as the AP.

Burt

 

[jerrysafety]

You are right, it would be eaiser to put them in the same VLAN, but I do not want to the users to be able to see or get to the AP - security reasons. could you explain the IP-Helper command a little more.. I really appreciate your help, thanks

 

[burtsbees]

ip helper-address (IP of dhcp server)
This will forward broadcasts beyond the broadcast domain separated by the vlans, so that users on one vlan can get dhcp from a server on a different vlan. I would disable the one server temporarily to see if the users on that vlan are simply preferring the server over the AP...
You can also make access lists that allow only dhcp and denies everything else, if you wanted to put the users on the AP vlan.

Burt

 

[marks66]

If you want multiple VLANs on an Access-Point. You will have to configure a trunk on the switch and create sub interfaces on the AP.(On both the ethernet interface and the radio interface.(Like below)
!
interface FastEthernet0.1 (Interface for AP Management)
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.200 (Interface for Users)
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled

 

[Deepseadata]

Hey guys,

The next thing I've decided to tackle is my 15, AIR-AP1242AG-E-K9, acces points.

Some stuff I've read in thread has confirmed some things I've read on Cisco. There are still a couple things that aren't quite clear to me still though.

Where does the BVI1 come into the picture? I read that it relates to my Native Vlan but not clear how?

On the AP's I've created my sub-ints and dot1q tags for each vlan. Do I need to do anything to the BVI1?

I see bridge group stuff in your config, Mark. What is that doing? Cisco didn't mention it in the article I read.

Thanks guys.

 

[vipergg]

BVI1 must have an ip assigned to it if you want to manage the AP's via telnet or SSH ,along with a default gateway. The bridge information is what makes it work, you are basically bridging information between the radio side of the AP and the ethernet side.

 

[Deepseadata]

Thanks! BVI's are more clear now.

How about the bridge-group 200? I'm going to have a read on that.

How about the trunk scenario? I know how to setup switch as a trunk. Which interface do I setup as trunk on the AP, the FastE?

The real reason I'm asking is because I need to configure 15 AP's that are built into the roof of a ship and CANNOT BE ACCESSED EVER so I only have one crack at it.

I think I should open a new thread instead of hijacking this one.

Stay tuned.