Solved

Unable to get DHCP addresses on second SSID from a Cisco 1131 WAP

Posted on 2009-05-07
3
972 Views
Last Modified: 2013-12-27
We've recently changed some equipment and we now require our WAPs to broadcast both WPA and WEP.

Due to WEP being so insecure (but unfortunately required for us) I was hoping to set the Cisco 1131's to broadcast two SSID's. One with WPA and one with WEP - the WEP one to then be hidden.

At the moment I've got the config so I can see and connect to both SSID's although I only seem to get DHCP addresses when connecting to the first SSID on VLAN1. When connecting to the second SSID on VLAN2 I can't get an IP address. Any help or suggestions appreciated as I can't seem to find any sample configs or cisco examples as of yet.
!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname WAP1

!

enable secret 5 *****

!

no aaa new-model

clock timezone gmt 0

ip domain name test.local

ip name-server 4.2.2.4

!

!

dot11 vlan-name Company vlan 1

dot11 vlan-name test vlan 2

!

dot11 ssid internal

   vlan 1

   authentication open 

   authentication key-management wpa version 1

   mbssid guest-mode

   wpa-psk ascii 7 ******

!

dot11 ssid testwep

   vlan 2

   authentication open

   mbssid guest-mode

!

power inline negotiation prestandard source

!

!

username admin privilege 15 secret 5 *****

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip 

 !

 encryption vlan 1 mode ciphers tkip 

 !

 encryption vlan 2 key 1 size 40bit 7 07A8C7DB11C6 transmit-key

 encryption vlan 2 key 2 size 40bit 7 3F31ABD2AFFA

 encryption vlan 2 key 3 size 40bit 7 7AE8AF53EFC7

 encryption vlan 2 key 4 size 40bit 7 93BCE5A8ADCA

 encryption vlan 2 mode ciphers wep40 

 !

 ssid internal

 !

 ssid testwep

 !

 mbssid

 station-role root

!

interface Dot11Radio0.1

 encapsulation dot1Q 1 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

 encapsulation dot1Q 2

 no ip route-cache

 bridge-group 2

 bridge-group 2 subscriber-loop-control

 bridge-group 2 block-unknown-source

 no bridge-group 2 source-learning

 no bridge-group 2 unicast-flooding

 bridge-group 2 spanning-disabled

!

interface Dot11Radio1

 no ip address

 no ip route-cache

 shutdown

 !

 encryption mode ciphers tkip 

 no dfs band block

 channel dfs

 station-role root

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

!

interface FastEthernet0.1

 encapsulation dot1Q 1 native

 no ip route-cache

 bridge-group 1

 no bridge-group 1 source-learning

 bridge-group 1 spanning-disabled

!

interface FastEthernet0.2

 encapsulation dot1Q 2

 no ip route-cache

 bridge-group 2

 no bridge-group 2 source-learning

 bridge-group 2 spanning-disabled

!

interface BVI1

 ip address 192.168.11.250 255.255.255.0

 no ip route-cache

!

ip default-gateway 192.168.11.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 login local

!

end

Open in new window

0
Comment
Question by:v0r73x
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Sniper98G earned 500 total points
ID: 24332208
If you statically code your IP can you get connection? Your problem may not be with DHCP but with general connectivity.
ot1q
If you cannot get connectivity with a static IP I would look at the port connecting to the AP to ensure it has been properly configured as a Dot1q trunk and that both VLANs 1 and 2 are passing on that trunk. From there I would make sure the switch has VLANs 1 and 2 in it database.

Then I would check the SVI for vlan 2 to ensure that it is operating corectly and if you have an other switches between the switch the AP and the switch with the SVI I would check thier trunks and VLAN databases as well.
0
 

Author Comment

by:v0r73x
ID: 24334061
I've tried a client with a static IP and it's not able to ping / talk to anything. At the moment the setups are for small remote offices whereby they have the WAP, sometimes an unmanaged switch and a Cisco 877w in place.

Unfortunately my knowledge of configuring the VLANs etc for this sort of scenario is very limited, I'm assuming from what you've mentioned I'll need to configure the same VLANs on the 877 to allow them both to obtain addresses?

The rough overview and ideal scenario:

Small office with the equipment mentioned above + vpn to main office (site-site from the 877)
Two wireless SSID's, one for company use with WPA, one for guest access using WEP that can only access the internet and not the office vpn.

I'm eventually aiming to have the above set up and I believe this is easily done with the VLANs etc although I'm a bit out of my depth I'm afraid so any guidance / sample configs would be greatly appreciated.
0
 

Author Closing Comment

by:v0r73x
ID: 31579191
Forgot to set the 877 router ports over to trunks! Many thanks :)
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now