Is it possible to have multiple dhcp pools on a Cisco wireless AP?

I have a Cisco 861w that broadcasts two SSIDs. I would like to run a DHCP server on the AP that will provide IP addresses for either subnet/Vlan. I have configured both pools and their respective exclusions on the AP, but only one of the subnets assigns an IP when I connect to the SSID.

Further, the subnet that will not assign an address still doesn't work when I remove the other

Is what I am trying to accomplish possible?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can do this.

You need to assign an  unique VLAN to each SSID.
Create a VLAN interface for each VLAN and give the WAN an IP address in each VLAN.
Then setup your DHCP scopes for each VLAN.

You can look at this question and see if it will help you more.
FyathyrioAuthor Commented:
Unless I am misreading that post, I am having a different issue. It appears that the edited config has vlans associated with completely different interfaces.

With my configuration, both of my SSIDs have their own vlan, and each vlan is unnumbered and associated to it's own BVI that has an IP address in a separate subnet. However, the DHCP requests for both subnets are coming in via the same interface - the dot11radio.

If my vlans were on separate interfaces, then the router would just respond to the subnet on which the request was received. In this case however, It 'appears' that the dot11radio doesn't recognize the second vlan.

There is one more factor that may or may not be relevant. The AP (separate IOS on the ISR) has a built-in BVI on the AP side with an ip address that happens to fall in the same subnet as vlan1. I thought that - - perhaps - assigning a secondary IP address in vlan2 to the BVI would cause the router to reognize the second vlan, but it doesn't appear to have "taken." The secondary IP command was accepted, but it doesn't show up anywhere, and I cannot ping it. Of course, this may have nothing to do with it.
I was not clear so I'm not sure which config you looked at, you want to look at lrmoore's config.

Unless I am missing something he has created subinterfaces on the dot11radio (0.1 and 0.3). each subinterface has its own SSID and is on its own VLAN.

Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

FyathyrioAuthor Commented:
I should have attached my config the first time. My bad...

For the record, routing works perfectly when I use a static IP address on wireless clients. The only thing that I cannot get to work is for the dhcp server on the AP to assign IPs to clients based on the SSID to which they connect. It works for vlan1, but not vlan2. I understand that I can accomplish this by having multiple scopes on a dhcp server on the LAN, but being able to do it from the AP would greatly facilitate our particular implementation. Unfortunately, I have yet to find documentation that shows that what I am attempting to do is even possible.

The only other mitigating factor (that I can discern at this point) is the BVI that is auto-created on the AP side. I have removed and/or changed the IP address, and it does not seem to make a difference.

Any ideas on what I am missing?

The biggest difference I see between your config and lrmoore's is that lrmoore has IP addresses on his vlan interfaces and no IP addresses on his BVI.

I am assuming that lrmoore's setup is working as I doubt that he would post a non-working config.

What I would suggest you try first is to assign IP addresses to your vlan interfaces in the appropriate IP subnets.

FyathyrioAuthor Commented:
I ran accross the following on the Cisco site, which makes me question whether or not what I am attempting is actually possible:

Q. Can APs have multiple DHCP pools across different subnets?

A. When you configure the AP as a DHCP server, IP addresses are assigned to devices that are on the same subnet as the DHCP server. The devices communicate with other devices on the subnet, but do not communicate beyond the subnet. If you need to pass data beyond the subnet, you must assign a default router. The IP address of the default router should be on the same subnet as the AP that you configured as the DHCP server.

Given that I cannot assign a secondary IP to the BVI where the DHCP server resides, I don't see how I can 'service' a separate subnet. The IP-Helper command was apparently not the answer.

Is there really no one else who has run into this? Any other work-arounds out there?
All that means is you need to assign a default router in the DHCP parameters.

Have you tried removing the IP address from the BVI and assigning IP addresses to the VLAN interfaces?

lrmoore's configuration is a working configuration.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FyathyrioAuthor Commented:
Okay...the problem has been solved.

The issue was not the fact that my VLANs were unnumbered, nor did it have anything to do with default router settings. The problem was the location of my DHCP server.

Running the server on the AP limited me to the subnet of the only numbered interface, the BVI. Since the BVI would not take a secondary IP (IOS would actually accept the command, but it wouldn't actually apply the address), there was no association with alternate DHCP pools.

After moving the DHCP server to the router side, the broadcasts are now bridged through the numbered BVIs. This allows the DHCP server to respond with an address based on the subnet on which the request was received.

giltjr, while you didn't exactly identify the specific problem, you convinced me to take a second (and third) look at lrmoore's config. That is where I noticed the location of the server, and it suddenly all made sense. Thx.
FyathyrioAuthor Commented:
Didn't really identify the specific problem, but provided the means to find it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.