Access point discovery via DHCP can be done using a scope on nearly any piece of Cisco hardware. The trick is to use HEX in your option 43 defined on the DHCP pool. There is an option for ascii and is tempting to use for ease of use, however this option only works on old EOL/EOS equipment.
So to start, lets learn how to hex with the address of 192.168.100.200. This is the management interface of the controller, which must be used with the 5508 WLC. First lets define our Hex values. Our IP address is 32 bits long (in binary), divided up into eight bit octets. However, Hex values are four bits - what does this mean? This means there will be eight values to define an IP address in Hex as opposed to an IP address as a string which is four.
0=0
1=1
2=2
3=3
4=4
5=5
6=6
7=7
8=8
9=9
A=10
B=11
C=12
D=13
E=14
F=15
So taking our first octet (192) lets break it into binary, then hex.
128 64 32 16 8 4 2 1
x x - - - - - -
Expressed in binary: 11000000
Hex is 4 bits long, break the binary value in half and convert the binary value to hex (use the table above):
8 4 2 1 8 4 2 1
1100 = 12 0000 = 0
12 according to our table is C and 0 is 0, now we rinse and repeat for the other 3 octets.
192
168 100 200
1100
0000 1010 1000 0110
0100 1100 1000
C
0 A 8 6 4 C 8
Now we have our Hex value of: C0A864C8
There is one more step to ensure proper functionality. We have to include the "Type" and "Length" field in front of the Hex value we just defined, this value is F10(4*X) where X is the number of controllers we are defining. For this example it would be F104. If you had two controllers, it would be F108, for three F112...etc
Now define the DHCP pool on your switch, router, asa...etc
ip dhcp pool VLAN100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.5
domain-name BughWireless.com
dns-server 192.168.100.25
option 43 hex f104C0A864C8
If you have your access point is in the correct VLAN, it will grab an IP address, option 43 and join the controller.
_____________________________________________________________________________________________
Option 60
The questions gets asked though, what about option 60? is it necessary? what does it do?
- Option 60 can be used
- it is NOT necessary
- It locks the scope into offering option 43 only if the device VCI string matches our option 60. So devices will still receive an IP address but only option 43 IF the device sends the correct VCI string defined in option 60.
Option 60 allows us to define what model of access points are allowed to receive option 43. So lets assume we are using a 3502i access point in this example and that is the only access point we want to use this VLAN100 scope.
ip dhcp pool VLAN100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.5
domain-name BughWireless.com
dns-server 192.168.100.25
option 43 hex f104C0A864C8
option 60 ascii Cisco AP c3500
Note if you are familiar with the Microsoft setup of DHCP and controller discovery, it is the same string you use there as well because this is the VCI value, and is device specific.
No comments:
Post a Comment