Link to home
Start Free TrialLog in
Avatar of jporter80
jporter80Flag for United States of America

asked on

Cisco Wireless Access Point giving 169. IP Address to devices?

I have a Cisco 1041 self managed WAP hooked up to my network running Windows Server 2003.

When i setup the device and have it open for connecting (no password yet) my ipad and other devices cannot connect to the internet, im noticing on the devices they are getting an IP address starting with 169.  The network is running ip addresses that start with 172.

I know there are free ip addresses from teh DHCP server so i know they havent run out.

Is the WAP have its own DHCP that is trying to intefere?  There is no settings in the admin for the WAP that i can turn off dhcp.

I think that is my problem, Or is there something else?

If that is my problem, how do i turn off DHCP on the WAP?

Thanks for your help
Avatar of pdxwarrior
pdxwarrior

My thought here is that the IP address is probably 169.254.x.x.  This is commonly seen on Microsoft Systems, although I believe it was originally started by Apple. This is a "self-assigned" IP address and is not coming from any DHCP server.  Instead, if the device fails to contact a DHCP server, it will assign it's own IP address.

Sounds like you might be having a problem with the device contacting your DHCP server.  Are other devices working correctly and receiving an IP address in the correct/expected range?
Avatar of jporter80

ASKER

If i connect a laptop that is already a part of the domain (through the computer settings) it doesnt work either, still a 169 IP address via the wireless network connection.

whats odd.. there is another old linksys wireless router doing the samething... if i  manually enter in a correct IP address it works.  But obviously i want to obtain the IP address and connect, automatically.
If you attach the laptop via cat5 to the network, do you get an IP address?  If so, then we know the DHCP server is working successfully.  Is the Access Point using static IP addressing or is it receiving a DHCP address?  If DHCP, is it getting the right addressing information?

When working wirelessly with the laptop, I assume you are able to successfully see the network SSID and are able to "connect" to it.  

Are there any logs available on the AP to see if you can confirm the MAC address for the laptop is connecting?  You might also check the logs on the DHCP server to see if it is seeing the request from the laptop.

You could try running Wireshark on your laptop and do a ipconfig /release and ipconfig /renew and then review the capture to see if there's anything significant there.  Wireshark could also be run on the server to see if the request is coming through.
Avatar of Darr247
A router would issue its own IP addresses, unless its DHCP server was disabled and the router was connected to the network by one of its LAN ports instead of the WAN port. The LAN<->WAN bridge would filter BOOTP traffic if it was connected to the network via its WAN/Internet port.

You probably need to enable/specify a DHCP helper in the Cisco AP to get it to pass traffic to the RADIUS server handling authentication. If it doesn't authenticate the connection, it won't give them an IP address and - as previous answers have noted - they will self assign an address from the APIPA range according to RFC3927, when they don't get a response from the DHCP request.
These are good comments by Darr247.  I tried to leave out the linksys router for the simple idea that the configuration of that along can cause a mess of problems. Ie, which interface is getting DHCP, is DHCP enabled, etc.

Usually Helper Addresses are needed when traversing networks or broadcast domains.  My thinking was that the AP should be able to pass the DHCP information without an issue but it is worth checking to see if there is a DHCP Helper setting in the AP configuration.  If so, you would enter the IP address for your DHCP server.

I don't think radius server should be an issue here if everything is "open" as stated earlier.
If i connect via cat5 i do get a right IP address.

I do see the SSID from the access point on all devices.  I can attempt to connect from all devices but then cannot access the internet.

The access point was first set up to connect to the network via DHCP and shows up in the DHCP on the windows server and active.  I did however "reserve" the IP address for that AP by the MAC address of the AP.  And the AP did recieve the correct assigned reserved IP Address.  I did switch the AP to a static using the reserved IP address and no change from connected wireless devices. Still no internet access and wrong IP Address

I can ping the AP just fine.  The devices attempting to connect to the AP do not show up in the DHCP on the windows server.

is there a built in DHCP on the AP that is conflicting you think?
the AP is connect via a PoE cat5 cable to the switch.

So it looks like the DHCP needs to be disabled on this AP?  Anybody have specific directions on how to do this with this Cisco 1041?  I do not see it as an option in the admin login.

Im not sure what the RADIUS Server is in the settings? is this something that needs to be installed on Windows Server 2003? built in?

Sorry for all the questions.
Nothing you have said, leads me to believe that a DHCP server is running on the AP.  As stated earlier, an IP address of 169.254.x.x comes from the device itself, not from a DHCP server.

Are you able to access a "web interface" or "gui" for the AP?  If so, can you locate anything regarding a DHCP Helper Address or IP Helper address?  Setting this allows the AP to forward the DHCP broadcast to the DHCP server.

If you have command-line access to the AP you might be able to do a "show run".  I know this is normally an IOS command for switches/routers but I believe that AP may be running a version of  IOS.  If so, you can look for any DHCP information in there to make sure that there isn't a server running.  You could also post the running-config if you are able to output it.

From the sound of it, your DHCP Discover/Request messages aren't reaching the server on the 2K3 box.
Are you using the command line interface or Cisco's web browser GUI?

I think you should return to letting it get its assigned IP address from the server... if I'm not mistaken, when you set it to use a static IP, it automatically enables its internal DHCP server (though that would not assign 169.254.x.x /16 addresses).

Have you referred to this Config Guide PDF?

I have to go vote. Be back later. :-)
I am accessing the WAP via a web browser.  I will configure the the AP back to get its own ip address from the DHCP server and not static not sure if that will work, since it didnt work that way from when i first started it up.

It looks like from the manual, by default a AP DHCP is disabled.  You can see the manual here.. the web interface in the manual looks exactly like mine

http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/12.4.25d.JA.cg.pdf

I didnt see anything regarding a IP Helper but i will look again.
Not sure if this matters or not.. but in the DNS on the server the AP shows up in the reverse look up... but NOT in the Forward look up
Well it seems as if i have narrowed it down a little (Maybe)  I was trying to setup two SSID with this WAP.  one for guests and one for network people.  When doing that it was telling me to setup VLAN's.  But now if i remove the two SSID and VLAN options and just setup a WAP encrypted Wireless access or even just a guest open access it works fine.

So i guess maybe im not understanding VLAN's

Basically, here is what would like to do.

i have 3 Cisco WAP 1410 access points i will be placing through out my school.

I would like private SSID that teachers can hook up to to allow network access to the server using there windows login and not global password? (if possible)

I would also like Guests WIFI access where people can access the internet but not have access to the network any way.

The other hitch would be we have a network filter called iPrism.  Which filters internet traffic when people are logged into the school network or secured WIFI access... but i have no issues with giving people free reign of the internet (unfiltered) if they are on a guest access via wifi.

Anybody have some suggestions on how i can accomplish this? or explain VLANs? are VLAN's network wide or just tied to the particular WAP that it is setup on.
Okay More info while some testing has been done.  I have 2 VLAN's setup with 2 SSID's

VLAN 1 has a Security Encryption Mode of Cipher: AES CCMP + TKIP.
VLAN 2 has a Security Encryption of "none"

Using VLAN 1 i have "SWHCS" ssid name attached.  Using a WAP passkey. No SSID name broadcasting

Using VLAN 2 I have "SW-HCS-Guest" ssid name attached.  Using no Client Authentication Settings, No key Management.. open.  SSID Name Broadcasting.

If i manully connect to "SWHCS" using the WAP Key.  I connect great.. i get a valid ip address and i can browse the internet. GREAT!

If i try to connect to "SW-HCS-Guest" no passkey required, no connection is made and i get a 169. ip address.

Any Ideas?

meanwhile i have another WAP (same model) just with no security settings or password, no VLANs, just one SSID, i can connect just fine with no password! i get a valid ip address and i can get to the internet.
Wow, okay so you have a lot going on here and I'm not sure how well you are going to be able to set this up with your current hardware.

VLANs are virtual Local Area Networks and provide a way to separate data into different networks.  Since each VLAN is a different network, you need to have routing in place to communicate between them.  This is commonly done with a Layer 3 switch.

I doubt that you'll be able to do this using a Cable/DSL router that was provided by your ISP.

You'll also need a DHCP server that is capable of assigning DHCP addresses for clients in each of the individual VLANs.  Again, probably not going to happen with a Cable/DSL router.

The next step is that you'll need to identify which VLANs have access to which resources (as you've done) and then use routes to direct this traffic to the appropriate resources.  

Besides the three APs and the Linksys router you mentioned earlier, what are you using for your networking hardware?  Also, what is the model of the Linksys router you have?
Here is something odd.. in the cisco AP settings..

VLAN1 is checked "Native VLAN" and on the ssid that is attached is when i connect its just fine.

On VLAN2 i cannot connect to the ssid.  But if i check "Native VLAN" on VLAN2 (which then VLAN1 Native VLAN turns off because only one VLAN can have Native) i can connect just fine to the SSID attached to VLAN2.

So basically which ever VLAN has the "Native VLAN" checked i can connect just fine too.

As far as Hardware is concerned i have:

3 - 48 Port HP Procurve Switches (non Poe)

1 - 8 port Cisco unmanaged switch (which is only for the new WAP because i needed PoE for the 3 cisco AP's)

1 - iPrism 20h filter http://www.edgewave.com/products/web_security/default.asp?n=h1

1 - Comcast Business IP Gateway

The linksys wireless router.. you can disregard.. we are getting rid of it once i have the 3 AP's working.. the linksys is old and does not really manage anything with the network

Then as far as router goes.. we have this proprietary router built by the original IT company.. that im not sure how to even access it... i cant get to a web interface at all by going to the router IP address.
ASKER CERTIFIED SOLUTION
Avatar of pdxwarrior
pdxwarrior

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the great info and time you spent. Quick questions

Lets say the unmanaged POE switch the AP's hook up to which in turn hooks up to a HP switch allows the vlan2 traffic and I setup the switch for the second vlan. Do I still need to mess and change anything on the proprietary router?
I suppose it depends on the connections you are dealing with.  If you are bypassing the proprietary router all together, then no biggie.  Assuming that the HP switch has direct access out to the internet and all of the network resources you will require, then you can manage it from there.  The only thing remaining is that the HP switch would have to support inter-vlan routing so that you can take traffic from one network (VLAN) and put it on another.

Also, I'm not familiar with the HP switches, but you might check - it's possible that you might be able to set up a DHCP server on there that allows you to assign addresses to the remaining VLANs.

Do you have the ability to power any of the APs using an AC adapter?  If so you might be able to remove the unmanaged switch from the equation to do some troubleshooting.