Trouble getting DHCP through Wireless on 1811

[LingaringBell]

This is the first time I've tried to use wireless on a Cisco Router and everything seems to be working fine except DHCP. The DHCP server is on a different subnet, so I put in a helper-address, but that has no effect. I also tried making the 1811 the DHCP server, but that didn't work either. The wireless SSID is bonded with vlan 25. If I plug a computer into one of the FastEthernet interfaces that is on vlan 25, it gets DHCP fine. Any ideas? I'm sure I'm just missing something silly. Here is my config:

!
interface FastEthernet2
switchport access vlan 20
duplex full
speed 100
!
interface FastEthernet3
switchport access vlan 20
!
interface FastEthernet4
switchport access vlan 20
!
interface FastEthernet5
switchport access vlan 20
!
interface FastEthernet6
switchport access vlan 25
!
interface FastEthernet7
switchport access vlan 25
!
interface FastEthernet8
switchport access vlan 25
!
interface FastEthernet9
switchport access vlan 25
!
interface Dot11Radio0
no ip address
ip helper-address 192.168.22.251
shutdown
!
encryption mode ciphers tkip
!
encryption vlan 25 mode ciphers tkip
!
ssid CDIA_289_FirstFloor2
vlan 25
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 password
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.25
encapsulation dot1Q 25 native
ip helper-address 192.168.22.251
no snmp trap link-status
no cdp enable
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
!
interface Vlan25
ip address 192.168.25.3 255.255.255.0
ip helper-address 192.168.22.251
!
interface Vlan20
ip address 10.10.12.9 255.255.255.0
ip helper-address 192.168.22.251
ip nat inside
ip virtual-reassembly
!

 

[vipergg]

I assume you know you have the dot11 radio 0 in a shutdown state ....

 

[LingaringBell]

Yea, I disabled it so people wouldn't try to connect to it and get no DHCP. Everything else about the wireless connection seems to work fine. If I connect to it with a wireless client and give that computer a static IP address, gateway, and DNS, everything works.

 

[vipergg]

In a normal AP install you associate a BVI to the vlan to bridge the radio to the vlan . I have never worked on a 1811 maybe thats different when its built in to the router.

 

[vipergg]

Maybe something like this might work.

interface Dot11Radio0.25
encapsulation dot1Q 25 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1
subscriber-loop-control
bridge-group 1
block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled



interf vlan 25
encapsulation dot1Q 25 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled

 

[vipergg]

Ignore " encapsulation dot1Q 25 native " under the SVI for vlan 25 probably won't accept it anyway .

 

[LingaringBell]

That was a good idea with the bridge, but still no dice. Let me be very specific about what I am seeing. I want the wireless computers to be on the 192.168.25.0/24 subnet. Lets say I give Int Vlan25 the IP address 192.168.25.3 with a Class C subnet mask. Any devices plugged into a port on the router that is part of Vlan25 can see everything else on the 25 subnet. If I connect a computer to the wireless SSID CDIA_289_FirstFloor2 (which should be bonded to Vlan25), I get no DHCP. Also, if I give the wireless client a static IP address that is on Vlan25, it still can not see any other devices on the 25 subnet, not even the router. If I then give Int Dot11Radio0.25 the IP address 192.168.25.5, first, it tells me I can't do this because it is overlapping Int Vlan25. If I remove the IP address from Int Vlan25, allowing Dot11Radio0.25 to have the IP 192.168.25.5, the wireless client still does not get DHCP. If I give the client a static IP, it can ping the router, but nothing else on Vlan25.

That sure was a mouthful, but hopefully it will help. Any ideas anyone?



Here is what my current config looks like:

interface Dot11Radio0
no ip address
ip helper-address 192.168.22.251
no ip route-cache cef
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 25 mode ciphers tkip
!
ssid CDIA_289_FirstFloor2
vlan 25
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 password
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.25
encapsulation dot1Q 25 native
ip helper-address 192.168.22.251
no ip route-cache
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
!
interface Vlan25
no ip address
ip helper-address 192.168.22.251
no ip route-cache cef
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!

 

[brianinms]

Cisco says it better than I could.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a23.shtml

 

[LingaringBell]

Thanks Brianinms, I had found the config examples for a bunch of other wireless setups on the 1800 series but not this one. Everything works fine now, thanks again!

 

[vapon]

how did you fix this? I am running into a similar issue of having a dhcp server separate from the router and I can connect to the 1811 just fine with a static IP but can't get an address from the DHCP server even though the config looks like it's bridged I am sure I am just missing one command somewhere.

 

[LingaringBell]

I created a BVI interface and put the ip helper-address on that. Look at the link from brianinms to see an example. If that isn't the problem, please post your config here.

 

[vapon]

dot11 ssid cisco1811
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 ****************************************
!
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain name ****************
ip name-server 192.168.0.7
ip inspect name voip sip

interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect voip in
ip inspect voip out
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy output SDM-QoS-Policy-1
!
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
ip directed-broadcast
ip route-cache flow
!
encryption vlan 1 mode ciphers tkip
!
ssid arcbus
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip directed-broadcast
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0
no ip unreachables
ip nat inside
ip virtual-reassembly
ip route-cache flow
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip inspect voip in
ip inspect voip out
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
shutdown
!
interface BVI1
description $ES_LAN$
ip address 192.168.0.1 255.255.255.0
ip directed-broadcast

ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
ip local pool SDM_POOL_1 192.168.0.80 192.168.0.99
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!





!
bridge 1 protocol ieee
bridge 1 route ip

 

[LingaringBell]

yea, looks like you just need an ip helper-address on Interface BVI1