Controllerless Networks

I'm sure this has been asked many times before... I am using a 315 in a trial.  I have configured a wireless network to use the same vlan as my current Cisco APs.  The switchport that the AP is connected to is set to trunk and all uplinks to the Core are set to trunk as well.  When I try to log in, I am able to authenticate against the Cisco ACS (AAA/Radius), but the device cannot get an IP address.  I haven't seen anywhere to configure a DHCP server, which is a remote Windows DC... is this even necessary?  If so, where would I configure it?  If not, why can't I get an IP?

Thanks

The AP will require at least one untagged/native VLAN on that port. The AP cannot come up on a pure trunk port, there must be a native VLAN/untagged VLAN. 

Edit:  I misread your response.  I will revisit and follow up.  Thanks

I've set the native vlan (1) on the switchport the AP is connected to, but can't connect to the SSID at all now.  Switchport is fa0/3 and vlan to be used for the SSID is 100:

Port Vlans allowed on trunk
Fa0/3 1-4094
Fa0/5 1-4094
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Fa0/3 1,100,110,130,254
Fa0/5 1,100,110,130,254
Gi0/2 1,100,110,130,254

Is this an IAP-315 (instant) or an AP-315 (controller based)? Is the AP pulling an IP address from VLAN1 (you can check the console of the AP or the DHCP server for VLAN 1 looking for the ap mac in the least table)?

It's an IAP-315.  We assigned a static IP address for management in VLAN 1 and it's communicating with no issues.  I can ping and WI into the IAP using this IP.  Should we try to pull a DHCP address for mgmt?

No, if you statically set the IP and you can reach the GUI and SSH into the IAP-315, then that part should be fine. So how are you configuring the SSIDs? Can you post a screenshot of the SSID settings under VLAN, where it has Client IP Assignment, Client VLAN Assignment, and VLAN ID? I assume you have DHCP running on those VLANs you want the SSIDs on?

Yes Sir.  Please see attached.

So the client associates but cannot get an IP address? The SSID is not broadcasting at all? if you put a static IP on a client for that SSID can it ping it's gateway? Are there any RADIUS rules/derivation rules that would be trying to assign the client to a different VLAN (assuming this is a dot1x SSID)?

You may need to start with a TAC case.

I ended up tracing all switches between IAP and Core switch and vlan 100 was not created on a couple of switches.  Thanks for helping me walk through this... This is completely different than what Cisco does with vlans.

Well, for IAP, since there's no centralized encryption, all ingress/egress for packets are out of the AP (would be similar to fat APs or bridged APs from any other vendor). If you had a controller-based solution, this wouldn't be necessary. But as it is, if the intent is to carry separate WLANs in different VLANs, L2 continuity is a must. 

That makes sense... I am an "aspiring" Network Engineer and I've only seen things done one way, so I'm still learning as I go (and I'm sure I always will).  Your explanation helps me understand how this and other situations like this work.

Don't sweat it, it's all part of the fun. :)

Just remember that with IAPs, packets are locally tagged (or untagged if the SSID is in the native VLAN or if the AP is not on a tagged port). Controllers work so that all client traffic resides in the AP tunnel back to the controllers, so the VLANs only need to exist at the controllers, and the APs just need a single VLAN to terminate on (controllers make the deployment easier for a multiple VLAN WLAN network since it's an 'overlay', and just plugs in to the network, discovers the controllers, and brings up the tunnel).