LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Airespace + CCA
From:	"Rajesh Nair (rajnair)" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Tue, 23 May 2006 12:04:20 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (62 lines)

Ryan,

You are correct.  It is not possible to make the Airespace controller
just forward the DHCP packets as it should (i.e. L2 broadcast).
Instead, it relays the request (this is actually a violation of the DHCP
RFC).  Hence, the CAS rejects the request (actually just drops it).  

However, there is a workaround for this - create a IP reservation for
the Airespace controllers MAC address in the appropriate IP range (i.e.
your wireless VLAN(s)) on the CAS.  This will cause it to be treated as
a trusted source and the requests will be handled. 

-Rajesh.

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Ryan Dorman
Sent: Tuesday, May 23, 2006 11:57 AM
To: [log in to unmask]
Subject: Airespace + CCA

Hi everyone...

OK.. I'm new to Airespace so the way I'm thinking about doing this might
be silly.. But here's the setup I can't get working:

Currently our wireless access is stand-alone IOS AP's with a broadcast
SSID that goes to a VLAN that terminates in CCA.  CCA is providing DHCP
and authentication for all wireless. It hands out /30 RFC1928 space to
clients.

We have purchased a 4404 AP controller and some of the little LWAPP 1000
series AP's and will eventually convert our 1130's and 1200's to LWAPP
once I get this all working.

I want the wireless to function 99% of the way that it does now but just
throw the controller in the middle for managemt of the Aps.  I'd prefer
the DHCP and authentication continue to be handled by CCA.  I've trunked
the wireless VLAn (601 in this case) and the Management VLAN to a port
on the 4404.  I have LWAPP AP's successfully talking to it Via layer 2
and 3 and I'm in the web GUI and all that fun stuff.

I created a dynamic interface on the 4404 that is in VLAN 601 and
assigned it to physical port 1.  It wont let me create that interface
without specifying an IP on it.  It seems that if I specify an IP on
that it then uses that as a relay address and sends the DHCp request
from a client onto CCA which then says "well I don't know about that
network o I'm not giving you an IP."  I really wanted the 4404 to just
pass the request along at a Layer 2 level and have CCA give back the IP
and it would from there be just like any other CCA user.

Perhaps my above explanation makes sense.. Perhaps not.. But if there
are any suggestion someone has I'd appreciate it. I read the
"integrating Wireless Controllers and CCA" doc on the Cisco site but it
doesn't seem to take into account using CCA for DHCP.

--
Ryan Dorman, CCNP
Network Engineering Specialist
Millersville University
717.871.5883

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU