SF/SG 300 DHCP server

Hi,
is it possible for SF/SG300 switches to be used as DHCP server for non-management VLAN-s.
The switch has VLAN1 as management VLAN - has IP address assigned.
The switch has additional VLAN - VLAN200 and I'd like SG300 to act as DHCP server for clients on this VLAN.
Is this possible at all?

Hi Jernej, the switch must operate in layer 3 mode. You can enable dhcp server per vlan.
To qualify to make a DHCP pool for a layer 3 vlan, none of the vlan interface can have an IP address issued via DHCP, so you vlan 1 and 200 must have a static ip address assigned. The vlan 1 does not require dhcp server configured for vlan 200 to have one.
Here is a sample configuration
config t
vlan database
vlan 200
exit
interface vlan 1
ip address 192.168.100.137 255.255.255.0
no ip address dhcp
exit
interface vlan 200
ip address 192.168.99.1 255.255.255.0
exit
ip dhcp server
ip dhcp pool network test
address low 192.168.99.1 high 192.168.99.254 255.255.255.0
default-router 192.168.99.1
dns-server 8.8.8.8
-Tom
Please mark answered for helpful posts

Similar Messages

SG 300-28: how to configure it as DHCP server.

I am relatively new the configuring network switches. Could someone point me in right direction to configure SG300-28 as a DHCP server?
From the people I talked based on device specs it should be able to act as dhcp server. However, if we cannot, can it be configured so that clients get DHCP infomation from Firewall to which L3 switch is connected.
Thank you,
S.

Hi Sreenath,
I guess when you try the GUI or CLI interface, you would have noticed there is no mention of DHCP server.
They both mention, as does the datahseet, DHCP relay;
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2
Relay of DHCP traffic to DHCP server in different VLAN. Works with DHCP Option 82
The new SG300-28 switch or ordering p/n SRW2024-K9, does not incorporate a DHCP server, but relies on DHCP relay to get IP addresses allocated to PC's on seperate VLANs.
If you needed a DHCP server within a Layer 3 switch you would have to look at the traditional Catalyst 3XXX series switch for that functionality.
I guess this is not the answer you wanted to hear.
regards Dave

Phones not getting IP address via DHCP server on same VLAN

Hello....we have a new series of Cisco SF-200s and one new Cisco SF-300. All switches are operating in layer 2 mode currently. Let's say for all intents and purposes, all ports are in VLAN1....pretty much default setup. There is a fiber backbone between uplink ports...and it is working correctly it appears.
There is a DHCP server allocating addresses 192.168.0.60 thru 192.168.0.79. Subnet mask is 255.255.255.0.
PCs and laptops successfully receive an IP address and can access things.....such as surfing the internet. Tested that from multiple switches....all seems to work just fine.
However, it seems that some newly purchased phones (Digium models) simply will not acquire an IP address like the PCs and laptops do.
Pretty broad question....but just wondering.
Thanks!

Hi Greg,
Might be interesting to goto the following sections of the GUI disable the discovery protocols;
1. Administration>Discovery -LLDP >properties
2. Administration>Discovery -CDP >Management interface
3 Smartports >Properties > Admministrative Auto Smartports is disabled.
the switches are real smart and may pre-empt what you are trying to achieve.
regards dave

DHCP Server not giving out IP Address to APPLE iPhone

Hi, First off, I hope this is the correct forum....
A little background, I have a very nice 16GB 3G iPhone (from Apple of course). It has no problem connecting to my wireless access point (cisco 1240). I have an old windows server that I can turn on as a dhcp server and it gets an address back right away, however my mac server (10.5) will no give it an address and I do not understand why. Here is the log.....
Mar 16 19:06:37 macserver bootpd[37021]: server starting
Mar 16 19:06:37 macserver bootpd[37021]: server name macserver.schmittg.com
Mar 16 19:06:37 macserver bootpd[37021]: interface en0: ip 192.168.1.75 mask 255.255.255.0
Mar 16 19:06:37 macserver bootpd[37021]: interface en2: ip 10.211.55.2 mask 255.255.255.0
Mar 16 19:06:37 macserver bootpd[37021]: interface en3: ip 10.37.129.2 mask 255.255.255.0
Mar 16 19:06:49 macserver bootpd[37021]: DHCP DISCOVER [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:06:49 macserver bootpd[37021]: service time 0.008083 seconds
Mar 16 19:08:11 macserver bootpd[37021]: DHCP DISCOVER [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:08:11 macserver bootpd[37021]: service time 0.003807 seconds
Mar 16 19:08:12 macserver bootpd[37021]: DHCP DISCOVER [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:08:12 macserver bootpd[37021]: service time 0.000683 seconds
Mar 16 19:08:13 macserver bootpd[37021]: DHCP REQUEST [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:08:13 macserver bootpd[37021]: service time 0.001844 seconds
Mar 16 19:08:24 macserver bootpd[37021]: DHCP DISCOVER [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:08:24 macserver bootpd[37021]: service time 0.000587 seconds
Mar 16 19:08:25 macserver bootpd[37021]: DHCP REQUEST [en0]: 1,0:21:e9:5:d3:de <iPhone-5>
Mar 16 19:08:25 macserver bootpd[37021]: service time 0.000409 seconds
Mar 16 19:08:27 macserver bootpd[37021]: DHCP DECLINE [en0]: 1,0:21:e9:5:d3:de
Mar 16 19:08:27 macserver bootpd[37021]: dhcpd: host 1,0:21:e9:5:d3:de declines IP 192.168.1.227 from server 192.168.1.1
Mar 16 19:08:27 macserver bootpd[37021]: service time 0.001994 seconds
What is wrong?
Thanks!

I am having a similar problem:
---------------- Client Request --------------------
op = BOOTREQUEST
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 20714
secs = 27
ciaddr = 0.0.0.0
yiaddr = 0.0.0.0
siaddr = 0.0.0.0
giaddr = 0.0.0.0
chaddr = 0:4:13:2a:2f:ed
sname =
file =
options:
Options count is 9
dhcpmessagetype (uint8): REQUEST 0x3
maxdhcp_messagesize (uint16): 0x224
requestedipaddress (ip): 192.168.1.66
server_identifier (ip): 192.168.1.200
host_name (string): m3-0004132A2FED
parameterrequestlist (uint8_mult): {0x1, 0x3, 0x6, 0xf, 0x21, 0x42, 0xa0}
vendorclassidentifier (string): snom-m3-SIP/01.25//10-Mar-09 16:36
client_identifier (uint8_mult): {0x1, 0x0, 0x4, 0x13, 0x2a, 0x2f, 0xed}
end (none):
bootpd[3138]: DHCP REQUEST [en1]: 1,0:4:13:2a:2f:ed <m3-0004132A2FED>
SELECT
state=SELECT
Sending: DHCP ACK (size 300)
bootpd[3138]: replying to 192.168.1.66
=================== Server Reply =====================
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 20714
secs = 0
ciaddr = 0.0.0.0
yiaddr = 192.168.1.66
siaddr = 192.168.1.200
giaddr = 0.0.0.0
chaddr = 0:4:13:2a:2f:ed
sname = ryan-perrys-computer.local
file =
options:
Options count is 8
dhcpmessagetype (uint8): ACK 0x5
server_identifier (ip): 192.168.1.200
lease_time (uint32): 0xdec
subnet_mask (ip): 255.255.255.0
router (ip_mult): {192.168.1.1}
domainnameserver (ip_mult): {208.67.222.222, 208.67.220.220}
domain_name (string): wha
end (none):
bootpd[3138]: ACK sent <no hostname> 192.168.1.66 pktsize 300
bootpd[3138]: service time 0.001879 seconds
destination address 255.255.255.255
---------------- Client Request --------------------
op = BOOTREQUEST
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 11587
secs = 27
ciaddr = 0.0.0.0
yiaddr = 0.0.0.0
siaddr = 0.0.0.0
giaddr = 0.0.0.0
chaddr = 0:4:13:2a:2f:ed
sname =
file =
options:
Options count is 4
dhcpmessagetype (uint8): DECLINE 0x4
server_identifier (ip): 192.168.1.200
requestedipaddress (ip): 192.168.1.66
end (none):
bootpd[3138]: DHCP DECLINE [en1]: 1,0:4:13:2a:2f:ed
bootpd[3138]: dhcpd: IP 192.168.1.66 declined by 1,0:4:13:2a:2f:ed
marking host 192.168.1.66 as declined
state=<none>
bootpd[3138]: service time 0.001143 seconds
destination address 255.255.255.255

E4200 1.0.03 DHCP server buggy

The e4200 1.0.03 DHCP server appears to be quite buggy. After configuring a static IP / reservation for a client which already had a dynamic IP from the pool, the e4200 continued to offer this client its pool IP. However, the DHCP client listing in the e4200 showed the client having the static IP even though it was still being offered that pool address.
This may sound like user error, but I can assure you, it is not. I have had a very frustrating experience with this product, and rather than fool with tech support again, I ran `tcpdump -e -s1600 -n -vvvv -i eth0 port bootpc or port bootps` to absolutely rule out a mistake on my part, bug in the DHCP client, etc. I found that the client was always offered that old IP, even thought the e4200 status display showed the "new" static one, after doing a DHCPDISCOVER without requesting a specific IP. This condition persists across e4200 reboots even after having the client release its lease!
I finally was able to resolve this by forcing the client to request the static IP from the e4200.
This is unquestionably a bug in the DHCP server, and additionally, the user interface does not show the real state of the underlying DHCP leases held by clients which have static addresses / reservations. Troubleshooting this condition is well beyond the abilities of the average user.
I hope Cisco will include a fix for this in the next firmware revision.
EDIT: firmware 1.0.03 build 14 checksum 4e7c9a89ae4667b225b425ee4e55b95e

gv, no, you are incorrect. I will provide another packet dump. Below you can see my machine releasing its lease (for .138, it got this IP AGAIN after having the correct one until a reboot) and then doing a new DISCOVER. The directed IP packet does not result from a presumably active lease.
colossus jsw # tcpdump -e -s1600 -n -vvvv -i eth0 port bootpc or port bootps
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1600 bytes
01:42:32.364073 8c:89:a5:61:4a:bd > 58:6d:8f:a0:1f:4b, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 328)
    172.19.87.138.68 > 172.19.87.1.67: [udp sum ok] BOOTP/DHCP, Request from 8c:89:a5:61:4a:bd, length 300, xid 0x22796c25, Flags [none] (0x0000)
      Client-IP 172.19.87.20
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Release
        Server-ID Option 54, length 4: 172.19.87.1
        Hostname Option 12, length 8: "colossus"
        END Option 255, length 0
        PAD Option 0, length 0, occurs 40
01:43:21.988216 8c:89:a5:61:4a:bd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 8c:89:a5:61:4a:bd, length 300, xid 0x86572644, Flags [none] (0x0000)
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Hostname Option 12, length 8: "colossus"
        Parameter-Request Option 55, length 17:
          Subnet-Mask, BR, Time-Zone, Default-Gateway
          Domain-Name, Domain-Name-Server, Option 119, Hostname
          Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route
          NTP, Classless-Static-Route, Classless-Static-Route-Microsoft, Option 252
          NTP
        END Option 255, length 0
        PAD Option 0, length 0, occurs 27
01:43:22.029027 8c:89:a5:19:38:33 > 8c:89:a5:61:4a:bd, ethertype IPv4 (0x0800), length 344: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 330)
    172.19.87.100.67 > 172.19.87.138.68: [udp sum ok] BOOTP/DHCP, Reply, length 302, xid 0x86572644, Flags [none] (0x0000)
      Your-IP 172.19.87.138
      Server-IP 172.19.87.100
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 172.19.87.100
        Lease-Time Option 51, length 4: 7200
        Subnet-Mask Option 1, length 4: 255.255.255.0
        BR Option 28, length 4: 172.19.87.255
        Default-Gateway Option 3, length 4: 172.19.87.2
        Domain-Name Option 15, length 10: "zoemai.com"
        Domain-Name-Server Option 6, length 8: 74.128.17.114,74.128.19.102
        NTP Option 42, length 4: 72.8.156.155
        END Option 255, length 0
01:43:22.029196 8c:89:a5:61:4a:bd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 8c:89:a5:61:4a:bd, length 300, xid 0x86572644, Flags [none] (0x0000)
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Server-ID Option 54, length 4: 172.19.87.100
        Requested-IP Option 50, length 4: 172.19.87.138
        Hostname Option 12, length 8: "colossus"
        Parameter-Request Option 55, length 17:
          Subnet-Mask, BR, Time-Zone, Default-Gateway
          Domain-Name, Domain-Name-Server, Option 119, Hostname
          Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route
          NTP, Classless-Static-Route, Classless-Static-Route-Microsoft, Option 252
          NTP
        END Option 255, length 0
        PAD Option 0, length 0, occurs 15
01:43:22.032137 58:6d:8f:a0:1f:4b > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 328)
    172.19.87.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x86572644, Flags [Broadcast] (0x8000)
      Server-IP 172.19.87.1
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 172.19.87.1
        MSG Option 56, length 31: "requested address not available"
        END Option 255, length 0
        PAD Option 0, length 0, occurs 17
01:43:22.109602 8c:89:a5:19:38:33 > 8c:89:a5:61:4a:bd, ethertype IPv4 (0x0800), length 344: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 330)
    172.19.87.100.67 > 172.19.87.138.68: [udp sum ok] BOOTP/DHCP, Reply, length 302, xid 0x86572644, Flags [none] (0x0000)
      Your-IP 172.19.87.138
      Server-IP 172.19.87.100
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: 172.19.87.100
        Lease-Time Option 51, length 4: 7200
        Subnet-Mask Option 1, length 4: 255.255.255.0
        BR Option 28, length 4: 172.19.87.255
        Default-Gateway Option 3, length 4: 172.19.87.2
        Domain-Name Option 15, length 10: "zoemai.com"
        Domain-Name-Server Option 6, length 8: 74.128.17.114,74.128.19.102
        NTP Option 42, length 4: 72.8.156.155
        END Option 255, length 0
01:43:23.031008 58:6d:8f:a0:1f:4b > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 328)
    172.19.87.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x86572644, Flags [none] (0x0000)
      Your-IP 172.19.87.20
      Client-Ethernet-Address 8c:89:a5:61:4a:bd
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: 172.19.87.1
        Lease-Time Option 51, length 4: 86400
        Subnet-Mask Option 1, length 4: 255.255.255.0
        Default-Gateway Option 3, length 4: 172.19.87.1
        Domain-Name Option 15, length 10: "zoemai.com"
        Domain-Name-Server Option 6, length 12: 74.128.17.114,74.128.19.102,172.19.87.1
        END Option 255, length 0
        PAD Option 0, length 0, occurs 6

NAC implementation wi thout DHCP Server

Dear Experts,
Is it possible to deploy NAC without having DHCP server in the network? We have some 300-400 users in the campus and want to enable NAC for them.
As per my understanding Cisco NAC cannot be deployed without DHCP server in the network, however it is not documented anywhere on the site. Currently all users' machines are configured with static IP.
We want to do user authentication, AV remediation and Patch deployment through NAC. Is it possible to deploy NAC without DHCP server??
Thanks in advance.
nayan

Hi,
Here is the basic flow of clean access for both inband and out of band: (http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_white_paper0900aecd802bdc42.html)
Figure 1. Laptop Attempts to Access the Internal Network
1. When the laptop first accesses the network, the Cisco Clean Access Server determines that the computer's MAC address is not in the list of certified devices, and that laptop is placed into an unauthenticated role. While in this role, only User Datagram Protocol (UDP) Port 53 (Domain Name System [DNS]) and Dynamic Host Control Protocol (DHCP) traffic (via DHCP and VLAN passthrough) is allowed.
2. The laptop gets an IP address from the DHCP server, but cannot get past the Clean Access Server acting as an IP filter.
3. The laptop user opens a browser and is redirected to an SSL-based Web login page where she enters her credentials, which in turn map her into the "employee" role.
4. As an "employee," she is asked to download the Clean Access Agent.
5. The Clean Access Agent performs the posture assessment and forwards the results to the Clean Access Server to make the network admissions decision.
Tarik Admani
*Please rate helpful posts*

Want stream Netflix to blueray via Airport Express wifi. The blueray finds my wifi but the wireless connection failed - said, Ensure DHCP server is enabled on router and restart router. Don't think I have DHCP server. Suggestions anyone?

Want to stream Netflix to blueray player via my existing Airport Express wifi. The player finds my wifi but the wireless connection fails - says, " Ensure DHCP server is enabled on router and restart router." I don't think I have a DHCP server. Suggestions anyone?

I can't speak specifically regarding LG, but the Whole Home feature on Direct TV (record a movie on one DVR and watch it on another TV in another location) just won't work with wireless, and I have a strong fast connection at 300 Mbps. Ethernet works perfectly.
Few audio/video products will accept "n" wireless at 5 GHz. I suspect that your LG accepts a 2.4 GHz signal, which would top out at 130 Mpbs.
If you are trying to stream High Definition video, especially at 1080P, my opinion would be that it is unlikely that you will be able to do so reliably using wireless.
Perhaps another user who has figured out how to do this will post with some input.

Can I use DHCP snooping and IOS DHCP server on the same switch stack

Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
Thanks

Nope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

Can I use ASA to be a DHCP Server use in WLC wireless Client

I want to use ASA to be a DHCP Server for Wireless Client not it can't.
I check the debug log in WLC, I confirm the WLC have send the request to ASA.
In the ASA, it don't have any hits in the rule when the WLC send the DHCP relay request.
I have try don't use dhcp relay in WLC but don't success. Anybody have the same case with me? And Is the ASA can't support DHCP relay agent to request to get the IP Addr.
P.S. In the Network Design limitation so I can't use WLC to be DHCP Server.
Equipment:
ASA5510
WLC4402
How can I fix it.
Thank you very much

The issue is that the ASA doesn't accept DHCP requests from a relay agent, only broadcast DHCP requests. In the 4.2 version for the controllers there is now an option so you can change the way the controller forwards DHCP requests so that it is sent as a broadcast and not from a relay agent.

Remote access VPN with ASA 5510 using DHCP server

Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode:        True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
Lay

For RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Can you use the Airport Express A1264 as an AP and a DHCP server at the same time?

Can you use the Airport Express A1264 as an Access Point and a DHCP server at the same time?
I would like to use it as a DHCP server and AP at the same time in my LAN (no internet, just local machines through a few switches). I was lead to belive this could be the case from a few networking friends that haven't been friendly enough to help me out setting it up.

I need it to act as a dLink/Cisco/Linksys/etc basic wifi router, in the fact that you can access it via wifi, and it will spit out DHCP addresses (192.168.1.xxx) to everything wired downstream of it.
I want to simultaniously provide a Wifi connection and a LAN connection at the same time
Thanks,
BRad

Can I use my WRT54G as a DHCP server only? I've got 5 dynamic IP's from Time Warner..

Hi everyone, I'm wondering if I can use my WRT54G as a DHCP server only only my network, without having to have any of my PC's plugged into it's router ports? I looked at the settings but I couldn't get it to work.
Here's why: I just got Time Warner Business Class cable internet which comes with 5 dynamic IP's. I want each computer, well 4 of them at least and 1 for the WRT54G, to have a unique IP when accessing the internet, and the other computers (5 more computers) to use the DHCP server in the WRT54G to get a NAT IP for use on the internet.
We play Diablo II on the internet and only 4 computers can be connected through 1 IP, so that limits us in my current configuration.
Current Equipment: One WRT54G, one Netgear GS116 16 port gigabit non-managed switch. One Time Warner Cable modem. Also attached to the network is one HP network printer, a Buffalo LinkStation NAS and a Zensonic Network DVD player.
Current config: Cable modem --> WRT54G --> Netgear switch.
Ideal config: Cable modem --> Netgear switch --> WRT54G.
With my current config, I am not taking advantage of the 5 dynamic IP's, but all the computers connected to the Netgear switch or the WRT54G can connect to the internet and the NAS.
So my ideal config (where I don't have to buy anything and where all the computers can print and access the NAS) is to connect all the computers and devices to the Netgear Switch and somehow force 4 of the computers and the WRT54G to get a dynamic IP from the cable modem, while the other computers and devices use the DHCP server on the WRT54G to get to the internet.
Is this possible?
I called Time Warner Cable and they weren't any help. I called the Linksys sales department and they weren't of much help either.
I suppose that I could purchase a new 8 port switch and attach 4 computers, the cable modem and the WRT54G to it. Then attach the Netgear to the WRT54G to accomodate the printer, NAS, and the other 5 computers. But in that senario, the 4 computers connected to the new switch can't print and can't reach the NAS. And geez, some computers would have to go through 3 devices to reach the internet, which has got to slow them down.
I did read about the Linksys EFG120 which has a DHCP server, but at $400 and only 120 gigs, it doesn't work for me.
I called Time Warner and the cost of more dynamic IP's is prohibitive, I'm already paying $79 a month for this internet and they want another $50 a month for 7 more dynamic IP's and that wouldn't help my NAS or my printer.
The cost of a 16 port gigabit switch with DHCP is an amazing $800 or so, which is out of the question.
Sorry for being so long winded and thanks for reading this far. I'm looking forward to any replies.

That is a hell of a setup. I don't know if it would be easier and cheaper to either buy a real router like a Cisco, get fixed IP addresses and a RV042, or buy 4 network cards for the four of the five computers which need the internet access for gaming.
O.K. First your setup:
1. You wire the modem to the 6-port switch.
2. You connect the remaining 5 ports with the WAN ports of 5 WRTs with DHCP on the WAN interface.
3. You configure each WRT with unique LAN IP addresses in the same subnet, e.g. 192.168.1.1/255.255.255.0, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5.
4. You turn off all DHCP servers except on one, e.g. 192.168.1.1. That router will be the default router and internet connection for any client which gets dynamic LAN addresses (as fallback or guests, I would not configure the NAS or printer with DHCP addresses if you have everything else on static IP addresses). You can certainly disable all DHCP servers if you want, too.
5. Now you connect all WRTs with each other.
5a. You connect port 1 of the 1st WRT with port 1 of the 2nd.
You connect port 2 of the 2nd with port 1 of the 3rd.
Port 2 of the 3rd with port 1 of the 4th.
Port 2 of the 4th with port 1 of the 5th.
(Do not create a loop connecting port 2 of the 5th with port 2 of the 1st!!)
5b. You buy another switch and connect each port 1 of each router with this switch. This has the advantage that you don't have a long cascade between the 1st and the 5th router like in 5a.
6. You connect all devices to the LAN.
6a. If you did 5a, you will probably put each computer to the router which internet connection it uses. The NAS and printer could go anywhere.
6b. If you did 5b, you hopefully bought a 16 or 24 port switch. Then you plug simply everything into that switch. Otherwise you can certainly use the free ports of the WRTs like in 6a.
7. You configure all your devices with static IP addresses. For instance,
IP 192.168.1.11
netmask 255.255.255.0
gateway 192.168.1.1
For the DNS servers I would highly recommend to use the DNS servers of your ISP directly and not use the relay on 192.168.1.1.
The gateway address defines through which router the computer connects to the internet.
8. You may still have to configure port forwardings on the router to the game computer if required for the game.
An interesting alternative to this setup might be to buy 4/5 network cards for the 4/5 computers with direct internet access. Then you use the one network card to connect to your single LAN behind your single WRT. The other network card goes into the switch behind the modem and has direct internet access. You then have to tell Windows which of the network cards has the default gateway for the internet connection (to prevent routing all traffic through the LAN and the WRT to the internet). One game computer would have to be behind the WRT.

Can some one translate these instructions D-Link DI-524: installation as wireless HUB/Bridge General ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED OTHERWISE YOU CAN SEVERELY HINDER OTHER USE

D-Link DI-524: installation as wireless HUB/Bridge
General
ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED
ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
Practical example: D-Link DI-524
The DI-524 is a wireless router.Although the manufacturer doesn't mention this, you can also install this device as a wireless hub.Of course this is not supported by the manufacturer. Therefor you have nowhere to go in case of any problems Plug in the power cord of the DI-524. Do not yet connect the network cable!Search for existing wireless networks with your computer. Connect with the router.This can for example be done like this:
Click the start-button (at the bottom in the left corner of your screen).
Go to control panel
Go to internet connections (you may have to choose classic representation first)
You can now see your wireless network card, among other things. Right-click and 'View available Wireless networks'.
Connect to the router. In most cases the router will be called 'default'.Check your IP-address: you get an IP address from the DI-524
Go to the start-button
Go to 'Run'
Type 'cmd' and press enter
type 'ipconfig' and press enter
your IP address starts with 192.
Surf to your router with your regular browser. For this you need the address and a password, which you can find in the documentation.
In this case the address is 192.168.0.1
Now you must secure the router. For this it is best to use WPA-PSK
Your key is a randomly chosen sentence. Don't make this sentence too short.
Warning: Case sensitive!
You cannot reach the router anymore now.
Go back to your network card via "make connection". Search for your wireless network again and make a new connection
You are asked for a key. Supply this key the way you configured it in your router.
Surf back to the router.
Disable the DHCP server.
!! YOU HAVE TO DISABLE UPnP ON ALL TYPES OF ROUTERS
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
for this, go to Tools, Misc and switch off UPnP
Save these settings.
If you do not have a D-link router, look up in the manual or somewhere else where you can disable UPnP
Now you cannot reach the router anymore again.
It is only from this moment that you can connect the router to the modem.
Important: Use one of the 4 LAN ports. Never use the WAN port!
Go to your network card via the control panel. Right-click and "Repair"
Now you should get an IP-address in the range of 10.nnn.nnn.nnn
If you still don't have 192... you've made an error. The DI-524 still functions as a router and this is not allowed!

There are no Mac based instructions. The router is accessed and adjusted the same way whether you are using a Mac OS X, Windows or Linux. As noted in the other post it is done through your web browser which works the same from any computer. Even a Chrome Book.
akertrav wrote:
Thank you for that what I have been trying to do is extend the range of my wifi witha second dilink router. I was hoping for some mac based directions to achive this rather than the PC based as presented. Thank you for your ireply Paul

Two questions about SG300 DHCP server

Hi,
I have two questions about the DHCP server on the SG300:
On the Address Binding page, what does the "Declined" state mean? I have a NAS device that won't pull an address, and I think that the entry with a state of "Declined" corresponds to this device. It was previously pulling an address from a RV180, so the only difference is that it is now connected to the SG300. I worked around this by manually setting the address on the NAS device, but this won't scale if I run into a lot of other devices that can't pull an address.
I configured a static address binding for a WAP321 and found that instead of pulling the configured address that it pulled a dynamic address. I checked the Address Binding page and see that the dynamic entry that corresponds with the WAP321 has a Client Identifier rather than a MAC address. I changed the static entry for the WAP321 to use the client identifier displayed in the dynamic entry, and now the WAP321 pulls the configured static address. Is this expected behavior?
Thanks,
Bob

With the SX300/500 it is required the client identifier, it doesn't automatically insert it. If static DHCP is made on the switch and you didn't need client identifier, that is more or less fortunate behavior for you
So to answer this question, the expected behavior is to configure client identifier for static DHCP entry.
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/

How do I find where my DHCP server is on my network?

I have a home network, a BT server, with an iMac, a MACBook Pro, two back-ups (Airports) and a Squeezebox (for internet radio). The problem is that the Squeezebox keeps dropping out and informing me that it cannot find the DHCP server. This did not used to be a problem, has happened failry recently, for no obvious reason. Any help is much appreciated.

start
system information
click network
click Wi-FI or ethernet depending how you get your network on the mac
scroll to the DHCP Server responses:
look under it's Server Identifier

SF/SG 300 DHCP server

Similar Messages

Maybe you are looking for