5508- Internal DHCP - Two SSID
Hi,
We have something strange...
We created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
Is this a limitation or do you have a clue to solve this problem ?
Thanks,
Regards,
Hello,
Thanks for your reply,
In fact different clients can't connect to this SSID. But they can connect on another SSID from same WLC, so it doesnt seem to be a driver problem.
It's mapped on the correct interface, and the MFP is optionnal.
You wil find below the two WLANS configs, the first is OK, clients (laptops, iphone) can connect, on the second one the clients can't connect:
SSID OK:
WLAN Identifier.................................. 3
Profile Name..................................... DATA
Network Name (SSID).............................. XXX_UTILISATEURS
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 5
Exclusionlist Timeout............................ 30 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
SSID NOT OK:
Note that we tried to force dhcp server ip address as we thought that the problem came from the dhcp server...
WLAN Identifier.................................. 7
Profile Name..................................... Iphone
Network Name (SSID).............................. XXX_Smartphone
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... 128.10.1.20
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
I begin to believe that there is a mismatch with the WPA2-PSK key > the client has setup the WLC and SSID and gave me the WPA2-PSK...
Thanks a lot,
Best Regards,
Gerald
Similar Messages
-
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu -
Hi,
A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged:
Internal DHCP ServerThe controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
In this case, the APs will not be in the same subnet as the Managment Internet.
Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)?
Thanks.#DHCP proxy needs to be enabled to use internal dhcp on WLC. WLC uses virtual ip for dhcp and they're unicast. So keeping the AP on L3 doesn't work with internal dhcp. dhcp for wireless client works due to the packets are sent to WLC via capwap.
#The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.
Ans: it is expected behavior irrespective of dhcp being internal or external, it is a feature and not disadvantage.
Cons:-
#can't have dhcp reservations.
#can't have option 43 or any other dhcp options.
#DHCP service can't be restarted, WLC reboot is required if needed to so.
#If Multiple WLCs used, need to create non overlapping scope on other WLCs as well.
#Wired clients cannot get ip from internal dhcp. So need to maintain separate network & dhcp server for wired network, and this require routing.
#From WLC GUI, Can't remove the client, need to use cli.
#WLC reboot may clear the dhcp lease, though not sure 100% -
WLCs 5508, HA enabled and Internal DHCP
Hi:
Designing a new project for a customer in which a pair of WLC-5508 and a bunch of AP-3602I will be deployed.
Controllers running 7.4 image, and I'd also like to use them as internal DHCP servers for clients in different WLANs
As for the redundancy mechanism I'd go for activating HA (AP-SSO) but I know HA and internal DHCP server can't coexist.
So, my question is: does anyone know if Cisco is thinking of implementing both features in any new version to come? The goal would be the Active controller handing over all leases database in case of active to standby switchover.
Thx!
Juan.As you already know that HA and DHCP both cannot coexist on WLC. Till now there is no plan of cisco to implement this.
-
Can i use Internal DHCP on WLC Guest Anchor (5508) with Foreign HA 5508
DHCP Proxy is required in order to use local WLC DHCP Pool (Guest Anchor), however reading Wireless Q&A (http://www.cisco.com/image/gif/paws/107458/wga-faq.pdf) states that both foreign and guest anchors must have :
In a Wireless guest access setup, the DHCP proxy setting in the Guest Anchor controllers
and the internal controller must match. Else, DHCP request from clients are dropped and you
see this error message on the internal controller......
However if you have N+1 you cannot use internal DHCP, does this also "grey" out the DHCP Proxy global setting? If so will the Guest Anchor still work with a internal DHCP pool even though foreign and guest controllers have a mismatch in DHCP Proxy (global) setting?
Many Thanks
KamWell it should still work... dhcp proxy is required on the WLC that has a dhcp scope. With the newer code versions, you can enable dhcp proxy on a per interface do this doens't have to be global.
-
Two SSIDs; different VLANs; second VLAN can't talk to Internet
I've got an ASA 5505 firewall with internal interface 192.168.65.1 on port 1 and a WAP connected to port 5 with the address 10.10.1.1. The WAP has two SSIDs configured; one is on VLAN 1 and the other on VLAN 14. The firewall has port 5 configured as a trunk for VLAN 1,14 and the interface was configured a VLAN 14.
If I connect to the WAP using the SSID on VLAN 1 I get an address of 192.168.x.x from our internal DHCP server and have full connectivity to the internal and external networks. If I connect to the SSID on VLAN 14 I get an address of 10.10.1.x from the firewall DHCP server but am unable to connect to anything.
When connecting to the SSID on VLAN 14 I want to be able to access the external interface but not anything internally. I have configured a firewall access rule to allow 10.10.1.0/24 to outside and deny 10.10.1.0/24 to 192.168.0.0/16 but this hasn't worked.
Any ideas?You need to configure an IP helper on the appropriate VLAN interface(s). Routers, by default, will not forward broadcast packets. Since DHCP client messages use the destination IP address of 255.255.255.255 (all Nets Broadcast), DHCP clients will not be able to send requests to a DHCP server on a different subnet unless the DHCP/BootP Relay Agent is configured on the router. The DHCP/BootP Relay Agent will forward DHCP requests on behalf of a DHCP client to the DHCP server. The DHCP/BootP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server. This allows the DHCP server to respond via unicast to the DHCP/BootP Relay Agent. The DHCP/BootP Relay Agent will also populate the Gateway IP address field with the IP address of the interface on which the DHCP message is received from the client. The DHCP server uses the Gateway ip address field to determine the subnet from which the DHCPDISCOVER, DHCPREQUEST, or DHCPINFORM message originates.
See more at the following document, with configuration steps and examples:
http://www.cisco.com/warp/public/473/100.html#configdhcpbootpciscoios -
Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
interface bvi1
ip address 192.168.1.205 255.255.255.0
no ip route-cache
exit
It would be the ..1. subnet.
Since the dhcp pool is set as:
ip dhcp pool GeneralWiFi
network 192.168.1.0 255.255.255.0
lease 1
default-router 192.168.1.1
dns-server 8.8.8.8
exit
There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve -
Background:
Initially there were 3 SSIDs configured but all of them were assigned a single interface and this interface was configured with the controller management IP address as DHCP server so that the WLC could assign IP addresses to wireless clients, guns and printers etc.
Issue:
As part of PCI initiative, we decided to segment the traffic in multiple subnets based on type of wireless clients; so now there are 3 interfaces configured and each SSID is assigned a specific dynamic interface and each interface is configured to use the controller management IP address as DHCP server.
There are 3 scopes configured for each of the dynamic interfaces/SSIDs and DHCP proxy is enabled but wirelss clients are still being allocated IP addresses from the original DHCP scope that was associated with the dynamic interface originally assigned to all 3 SSIDs.
What am I missing here?
I verified the following:
1. Each SSID is assigned a different dynamic interface (Users, Voice and Handhelds)
2. Each dynamic interface is configured to use controllers management IP address as DHCP server
3. DHCP scopes configured with correct network information for each dynamic interface and enabledAs mentioned in my first post, I am using the management interface IP address of the controller as the DHCP server in the configuration of all the dynamic interfaces.
I have not configured the override DHCP option in the WLAN configuration becuase I have specified the internal DHCP address in the dynamic interface.
But I did check the AP group configuration and there I found that the SSID is not assigned to the correct dynamic interface even if the WLAN configuration is correct.
I will change the AP group configuration to correct this. Thanks! -
WLC 2006 INTERNAL DHCP FOR GUESTS CLIENTS
I would like to use the internal DHCP to issue ipaddress to the guest wireless clients.
However; when i setup the wlc internal DCHP scope and try to connect to the wireless guest vlan the WLC debug DHCP reads ...forwarding to 192.168.255.2 which i have listed as the gateway to the pix
any examples on how to do this would be great.
here is what i have for the dhcp scope:
Dhcp Scope Info
Scope: Guest.Data.DHCP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Here is what i have for the wlan
WLAN Identifier.................................. 2
Network Name (SSID).............................. Guest.Data
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Interface........................................ guest.data
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
--More-- or (q)uit
Radio Policy..................................... All
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
Management Frame Protection................... Ewhen i try to assocate the dhcp scope to wireless.guest.data interface using 192.168.255.1 which is the ip of the that interface it will not let me. I would have thought since i was using the interal dhcp that the .1 address would be the dhcp scope address also. i can assign 192.168.255.0 or 192.168.255.2(gateway)if i use .0 or .2 the dhcp request (discovery) process starts and then will forward to .2 (gateway) and never assign an address. the only thing that happens is that the client wireless interface will get 255.255.255.255 for a few seconds then go away.
what i am trying to accomplish is to connect the wlc port 2 directly to a pix 506 which goes to the internet so the guest traffice is not on our vlan.
any other suggestions on guest vlans would be appricated....
Tom
Interface Name................................... wireless.guest.data
IP Address....................................... 192.168.255.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.255.2
VLAN............................................. 150
Quarantine-vlan.................................. no
Physical Port.................................... 2
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Scope: wireless.guest.data.dhcp.server
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0 -
Two ssids in one Dot11Radio interface
Hello,
Whilst configuring CISCO867-W router I have encoutered the following problem.
On built-in access point I have one Dot11Radio interface. Is it possible to have two ssids associated with two different vlans on one interface? If yes, how to do it? If no, is there any solution to have two separated wlans on an access-point with one Dot11Radio?Of course you can have two wlans associated with two different vlans on the same radio interface.
Here is a simple example on how to it?
on the router the most important thing you have to make sure that the interface
Wlan-GigabitEthernet0 is configured as trunk and allowing the vlans mapped on the ssids defined under the radio interface of the embedded AP. Also you have to make sure that dhcp pools have been defined for both vlans.
Assuming that you have two ssids:
ssid1 & ssid2 mapped to vlans 1 and 2 consecutively. vlan 1 has been defined as the native on the trunk defined on
Wlan-GigabitEthernet0
AP(config)#dot11 ssid ssid1
#authentication open
#vlan 1
#exit
AP(config)#dot11 ssid ssid2
#authentication open
#vlan 2
#exit
AP(config)#interface dot11radio 0
#ssid ssid1
#ssid ssid2
# no shut
# exit
AP(config)#int dot11radio 0.1
#encapsulation dot1q 1 native
#bridge-group 1
#exit
AP(config)#int dot11radio 0.2
#encapsulation dot1q 2
#bridge-group 2
#exit
AP(config)#int gig 0.1
#encapsulation dot1q 1 native
#bridge-group 1
#exit
AP(config)#int gig 0.2
#encapsulation dot1q 2
#bridge-group 2
#exit
Please Don't forget to mark the question as answered once having the right response -
Does option 43 matter ? WLC5508 ver 7.2 using internal DHCP server
I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43. However, the access points are connected in just fine. Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ?
Thank you.Sorry I didnt make my question clear.
I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43.
When I connect a CAPWAPP Access Point to the network, it receives IP address from the WLC 5508 DHCP service just fine. It shows up in the access points list and users can connect to it no problem.
Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ? -
Does WLC release 7.6 support internal DHCP when AP and client SSO is configured?
Hi,
I currently have 5508 WLCs running on release 7.6 and they are to be configured in 1:1 HA mode. Would like to know if internal DHCP is supported if AP and client SSO is to be configured.
Thanks in advance.Unfortunately, till date no AirOS release supports Internal DHCP when AP SSO is configured.
For details, check HA Deployment Guide. It says following :
"Internal DHCP is not supported when SSO is enabled."
-Thanks
Vinod -
Aironet - Two SSIDs, One with WPA, One Without
I have an AP that I want to have two SSIDs on, let's say, "Admin" and "User."
The User SSID should be wide open, unsecure, etc.
The Admin SSID, should not be broadcasted, and be protected via a passwrd, preferably WPA pre-shared key.
Is this possible? If so, how?
So far I have both SSIDs working, in an open/unsecure mode. My VLANs are working great, and when I tried the suggestion in the help, it looks like it turned on WPA, but now I cannot see the SSID for Admin.
If you need a copy of the config, let me know.
Thanks,
Anthonyversion 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$zH.z$lhh9AqT3HXXU2WxXSd2f20
ip subnet-zero
no aaa new-model
dot11 ssid faculty
vlan 100
authentication open
dot11 ssid students
vlan 400
authentication open
guest-mode
username x password x
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid faculty
ssid students
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit right
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
interface Dot11Radio0.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
ssid students
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio1.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
interface FastEthernet0.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
end -
VirtualBox 4.0.2 internal DHCP problem in Host-only mode?
Hi,
dos anyone have experience problems with VirtualBox 4.0.2 internal DHCP not working when running Oracle Linux and a Host-Only adapter.
More detailed described my problem is that Oracle Linux don't get a ip from the internal DHCP server om my system. My host is Win 7 (64 bit) and Guest Oracle Linux (64 bit). I have read that there are several ohers who experienced the same problem with the open source version, but that patching the Guest Tools to 4.0.3 helped them. Sadly this is not the case for me. Any suggestions are welcome and thanks in advance.Thanks for your reply - my problem is that the build in dhcp server is not working for some reason and i dont't gen any ip address assigned. I can see from the VBoxManager that it is running, but i can't get i contact with it from the linux guest.
-
WLC CT2504: Interface IP can not be used as internal DHCP server IP
Hello all,
I've got a new CT2504 controller with software version 7.0.220.0
Regarding to
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:
(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3
vlan401 Interface IP can not be used as internal DHCP server IP
It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 400
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.2.x.135
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
Scopes are defined and Proxy is enabled.
(Cisco Controller) >show dhcp summary
Scope Name Enabled Address Range
ap Yes 10.2.x.137 -> 10.2.x.140
intern Yes 172.16.x.20 -> 172.16.x.30
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behaviour: enabled
Has somebody an explanation for this issue?
Thanks in advance,
Regard,
RobertYou can use the internal dhcp, but you need to set the primary dhcp as the management ip. So in your dynamic interface, your primary dhcp is configure with the wlc management ip address. Dhcp proxy also needs to be enabled and is enabled by default.
Thanks,
Scott Fella
Sent from my iPhone
Maybe you are looking for
-
[solved] Can't mount Samsung YP-U3 mp3 player
Hi all, I have a Samsung YP-U3 mp3 player, which currently I can't use as it won't mount. I've spend a while trying to figure this out, so any help is appreciated! EDIT: I don't wish to use Amarok etc. Also I've tried mtpfs, but it doesn't show any o
-
PFCG push button, not appearing on the SAP Easy menu screen in CRM 7.0
Hi Experts, PFCG push button is not visible on the SAP GUI, Easy Access menu screen in CRM 7.0. But I see it appearing on the CRM 2007 SAP Easy Access screen. So how to make it appear on the SESSION_MANAGER screen, that is Easy Access Menu screen. I
-
NullPointerException while setting response object encoding.
I am getting Null Pointer Exception at line "esponse.setCharacterEncoding(encoding);", here the encoding value i am getting is "UTF-8". The same code works fine in other webservers like websphere/tomcat. Please let me know is there any specific setti
-
when i make a reservation on an airline website a separate page opens up for the boarding passes. there is no options at the top of the page for anything and there is no print option anywhere including on the page itself
-
Why does it take so long to Download wave file on iPad
Why does it take so long, or moreover, never seem to download a wave or other video file from email to the iPad? It just stays in the downloading state with the small wheel spinning...