5508- Internal DHCP - Two SSID

Similar Messages

• WLC 5508 Internal DHCP server issues

  Hi,
  I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
  The setup is as follows:
  - I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
  - I have an LWAP connected to the WLC in HREAP mode.
  - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
  - Only one scope for Guest Interface is setup on the WLC. 
  Problems:
  1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
  unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
  2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
  3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.  
  ************Output from the Controller********************
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.116.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... 6.0.182.0
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
  Build Type....................................... DATA + WPS + LDPE
  (Cisco Controller) >show interface summary
  Interface Name                   Port Vlan Id  IP Address         Type        Ap Mgr        Gu                                                                            
  est
  guest                                        1    301      10.255.255.30    Dynamic   No              No                                                                            
  management                          1    100      172.17.1.30        Static          Yes            No                                                          
  service-port                              N/A  N/A      192.168.0.1       Static         No               No                                                                            
  virtual                                        N/A   N/A      10.0.0.1              Static         No               No                                                                            
  (Cisco Controller) >show wlan summary
  Number of WLANs.................................. 4
  WLAN ID  WLAN Profile Name / SSID               Status    Interface Name
  1        LAN                                    Enabled   management
  2        Internet                               Enabled   management
  3        Managment Assets          Enabled   management
  4        Guest                                  Enabled   guest
  (Cisco Controller) >show dhcp detailed guest
  Scope: guest
  Enabled.......................................... Yes
  Lease Time....................................... 86400 (1 day )
  Pool Start....................................... 10.255.255.31
  Pool End......................................... 10.255.255.254
  Network.......................................... 10.255.255.0
  Netmask.......................................... 255.255.255.0
  Default Routers.................................. 10.255.255.1  0.0.0.0  0.0.0.0
  DNS Domain.......................................
  DNS.............................................. 8.8.8.8  8.8.4.4  0.0.0.0
  Netbios Name Servers............................. 0.0.0.0  0.0.0.0  0.0.0.0
  (Cisco Controller) >show interface detailed management
  Interface Name................................... management
  MAC Address...................................... e8:b7:48:9b:84:20
  IP Address....................................... 172.17.1.30
  IP Netmask....................................... 255.255.255.0
  IP Gateway....................................... 172.17.1.1
  External NAT IP State............................ Disabled
  External NAT IP Address.......................... 0.0.0.0
  VLAN............................................. 100
  Quarantine-vlan.................................. 0
  Active Physical Port............................. 1
  Primary Physical Port............................ 1
  Backup Physical Port............................. Unconfigured
  Primary DHCP Server.............................. 172.30.50.1
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... Yes
  Guest Interface.................................. No
  L2 Multicast..................................... Enabled
  (Cisco Controller) >show interface detailed guest
  Interface Name................................... guest
  MAC Address...................................... e8:b7:48:9b:84:24
  IP Address....................................... 10.255.255.30
  IP Netmask....................................... 255.255.255.0
  IP Gateway....................................... 10.255.255.1
  External NAT IP State............................ Disabled
  External NAT IP Address.......................... 0.0.0.0
  VLAN............................................. 301
  Quarantine-vlan.................................. 0
  Active Physical Port............................. 1
  Primary Physical Port............................ 1
  Backup Physical Port............................. Unconfigured
  Primary DHCP Server.............................. Unconfigured
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... No
  Guest Interface.................................. No
  L2 Multicast..................................... Enabled
  (Cisco Controller) >show dhcp leases
         MAC                IP         Lease Time Remaining
  00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.
  *********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
  (Cisco Controller) >show client detail 00:21:6a:9c:03:04
  Client MAC Address............................... 00:21:6a:9c:03:04
  Client Username ................................. N/A
  AP MAC Address................................... a0:cf:5b:00:49:c0
  AP Name.......................................... mel
  Client State..................................... Associated
  Client NAC OOB State............................. Access
  Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
  BSSID............................................ a0:cf:5b:00:49:ce
  Connected For ................................... 319 secs
  Channel.......................................... 36
  IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
  Association Id................................... 1
  Authentication Algorithm......................... Open System
  Reason Code...................................... 1
  Status Code...................................... 0
  Session Timeout.................................. 1800
  Client CCX version............................... 4
  Client E2E version............................... 1
  QoS Level........................................ Silver
  802.1P Priority Tag.............................. disabled
  WMM Support...................................... Enabled
  Power Save....................................... OFF
  Mobility State................................... Local
  Mobility Move Count.............................. 0
  Security Policy Completed........................ Yes
  Policy Manager State............................. RUN
  Policy Manager Rule Created...................... Yes
  ACL Name......................................... none
  ACL Applied Status............................... Unavailable
  Policy Type...................................... N/A
  Encryption Cipher................................ None
  Management Frame Protection...................... No
  EAP Type......................................... Unknown
  H-REAP Data Switching............................ Central       <<<<<<<<<
  H-REAP Authentication............................ Central       <<<<<<<<<<
  Interface........................................ management
  VLAN............................................. 100           <<<<<<<<<<< right Vlan
  Quarantine VLAN.................................. 0
  Access VLAN...................................... 100

  Hi All,
  I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
  DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
  *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
  Thanks,
  Raj Sandhu

• 5508 internal DHCP server

  Hi,
  A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged:
  Internal DHCP ServerThe controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
  In this case, the APs will not be in the same subnet as the Managment Internet.
  Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)? 
  Thanks.

  #DHCP proxy needs to be enabled to use internal dhcp on WLC. WLC uses virtual ip for dhcp and they're unicast. So keeping the AP on L3 doesn't work with internal dhcp. dhcp for wireless client works due to the packets are sent to WLC via capwap.
  #The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.
  Ans: it is expected behavior irrespective of dhcp being internal or external, it is a feature and not disadvantage.
  Cons:-
  #can't have dhcp reservations.
  #can't have option 43 or any other dhcp options.
  #DHCP service can't be restarted, WLC reboot is required if needed to so.
  #If Multiple WLCs used, need to create non overlapping scope on other WLCs as well.
  #Wired clients cannot get ip from internal dhcp. So need to maintain separate network & dhcp server for wired network, and this require routing.
  #From WLC GUI, Can't remove the client, need to use cli.
  #WLC reboot may clear the dhcp lease, though not sure 100%

• WLCs 5508, HA enabled and Internal DHCP

  Hi:
  Designing a new project for a customer in which a pair of WLC-5508 and a bunch of AP-3602I will be deployed.
  Controllers running 7.4 image, and I'd also like to use them as internal DHCP servers for clients in different WLANs
  As for the redundancy mechanism I'd go for activating HA (AP-SSO) but I know HA and internal DHCP server can't coexist.
  So, my question is: does anyone know if Cisco is thinking of implementing both features in any new version to come? The goal would be the Active controller handing over all leases database in case of active to standby switchover.
  Thx!
  Juan.

  As you already know that HA and DHCP both cannot coexist on WLC. Till now there is no plan of cisco to implement this.

• Can i use Internal DHCP on WLC Guest Anchor (5508) with Foreign HA 5508

  DHCP Proxy is required in order to use local WLC DHCP Pool (Guest Anchor), however reading Wireless Q&A (http://www.cisco.com/image/gif/paws/107458/wga-faq.pdf) states that both foreign and guest anchors must have :
  In a Wireless guest access setup, the DHCP proxy setting in the Guest Anchor controllers
  and the internal controller must match. Else, DHCP request from clients are dropped and you
  see this error message on the internal controller......
  However if you have N+1 you cannot use internal DHCP, does this also "grey" out the DHCP Proxy global setting? If so will the Guest Anchor still work with a internal DHCP pool even though foreign and guest controllers have a mismatch in DHCP Proxy (global) setting?
  Many Thanks
  Kam

  Well it should still work... dhcp proxy is required on the WLC that has a dhcp scope.  With the newer code versions, you can enable dhcp proxy on a per interface do this doens't have to be global.

• Two SSIDs; different VLANs; second VLAN can't talk to Internet

  I've got an ASA 5505 firewall with internal interface 192.168.65.1 on port 1 and a WAP connected to port 5 with the address 10.10.1.1. The WAP has two SSIDs configured; one is on VLAN 1 and the other on VLAN 14. The firewall has port 5 configured as a trunk for VLAN 1,14 and the interface was configured a VLAN 14.
  If I connect to the WAP using the SSID on VLAN 1 I get an address of 192.168.x.x from our internal DHCP server and have full connectivity to the internal and external networks. If I connect to the SSID on VLAN 14 I get an address of 10.10.1.x from the firewall DHCP server but am unable to connect to anything.
  When connecting to the SSID on VLAN 14 I want to be able to access the external interface but not anything internally. I have configured a firewall access rule to allow 10.10.1.0/24 to outside and deny 10.10.1.0/24 to 192.168.0.0/16 but this hasn't worked.
  Any ideas?

  You need to configure an IP helper on the appropriate VLAN interface(s). Routers, by default, will not forward broadcast packets. Since DHCP client messages use the destination IP address of 255.255.255.255 (all Nets Broadcast), DHCP clients will not be able to send requests to a DHCP server on a different subnet unless the DHCP/BootP Relay Agent is configured on the router. The DHCP/BootP Relay Agent will forward DHCP requests on behalf of a DHCP client to the DHCP server. The DHCP/BootP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server. This allows the DHCP server to respond via unicast to the DHCP/BootP Relay Agent. The DHCP/BootP Relay Agent will also populate the Gateway IP address field with the IP address of the interface on which the DHCP message is received from the client. The DHCP server uses the Gateway ip address field to determine the subnet from which the DHCPDISCOVER, DHCPREQUEST, or DHCPINFORM message originates.
  See more at the following document, with configuration steps and examples:
  http://www.cisco.com/warp/public/473/100.html#configdhcpbootpciscoios

• Cisco 1702i WAP: how to get an interface in a non-native bridge group/ VLAN to be recognized by the internal DHCP server

  Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
  Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
  In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
  interface bvi1
    ip address 192.168.1.205 255.255.255.0
    no ip route-cache
    exit
  It would be the ..1. subnet.
  Since the dhcp pool is set as:
  ip dhcp pool GeneralWiFi
    network 192.168.1.0 255.255.255.0
    lease 1
    default-router 192.168.1.1
    dns-server 8.8.8.8
    exit
  There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
  Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
  Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• WLC 7.0.230.0 - Incorrect DHCP addresses being allocated by internal DHCP server

  Background:
  Initially there were 3 SSIDs configured but all of them were assigned a single interface and this interface was configured with the controller management IP address as DHCP server so that the WLC could assign IP addresses to wireless clients, guns and printers etc.
  Issue:
  As part of PCI initiative, we decided to segment the traffic in multiple subnets based on type of wireless clients; so now there are 3 interfaces configured and each SSID is assigned a specific dynamic interface and each interface is configured to use the controller management IP address as DHCP server.
  There are 3 scopes configured for each of the dynamic interfaces/SSIDs and DHCP proxy is enabled but wirelss clients are still being allocated IP addresses from the original DHCP scope that was associated with the dynamic interface originally assigned to all 3 SSIDs.
  What am I missing here?
  I verified the following:
  1. Each SSID is assigned a different dynamic interface (Users, Voice and Handhelds)
  2. Each dynamic interface is configured to use controllers management IP address as DHCP server
  3. DHCP scopes configured with correct network information for each dynamic interface and enabled

  As mentioned in my first post, I am using the management interface IP address of the controller as the DHCP server in the configuration of all the dynamic interfaces.
  I have not configured the override DHCP option in the WLAN configuration becuase I have specified the internal DHCP address in the dynamic interface.
  But I did check the AP group configuration and there I found that the SSID is not assigned to the correct dynamic interface even if the WLAN configuration is correct.
  I will change the AP group configuration to correct this. Thanks!

• WLC 2006 INTERNAL DHCP FOR GUESTS CLIENTS

  I would like to use the internal DHCP to issue ipaddress to the guest wireless clients.
  However; when i setup the wlc internal DCHP scope and try to connect to the wireless guest vlan the WLC debug DHCP reads ...forwarding to 192.168.255.2 which i have listed as the gateway to the pix
  any examples on how to do this would be great.
  here is what i have for the dhcp scope:
  Dhcp Scope Info
  Scope: Guest.Data.DHCP
  Enabled.......................................... Yes
  Lease Time....................................... 86400 (1 day )
  Pool Start....................................... 192.168.255.17
  Pool End......................................... 192.168.255.30
  Network.......................................... 192.168.255.0
  Netmask.......................................... 255.255.255.0
  Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
  DNS Domain.......................................
  DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
  Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
  Here is what i have for the wlan
  WLAN Identifier.................................. 2
  Network Name (SSID).............................. Guest.Data
  Status........................................... Disabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Disabled
  Number of Active Clients......................... 0
  Exclusionlist Timeout............................ 60 seconds
  Session Timeout.................................. Infinity
  Interface........................................ guest.data
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Enabled
  Quality of Service............................... Silver (best effort)
  WMM.............................................. Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  --More-- or (q)uit
  Radio Policy..................................... All
  Security
  802.11 Authentication:........................ Open System
  Static WEP Keys............................... Disabled
  802.1X........................................ Disabled
  Wi-Fi Protected Access (WPA/WPA2)............. Disabled
  CKIP ......................................... Disabled
  IP Security Passthru.......................... Disabled
  Web Based Authentication...................... Disabled
  Web-Passthrough............................... Disabled
  Auto Anchor................................... Disabled
  H-REAP Local Switching........................ Disabled
  Management Frame Protection................... E

  when i try to assocate the dhcp scope to wireless.guest.data interface using 192.168.255.1 which is the ip of the that interface it will not let me. I would have thought since i was using the interal dhcp that the .1 address would be the dhcp scope address also. i can assign 192.168.255.0 or 192.168.255.2(gateway)if i use .0 or .2 the dhcp request (discovery) process starts and then will forward to .2 (gateway) and never assign an address. the only thing that happens is that the client wireless interface will get 255.255.255.255 for a few seconds then go away.
  what i am trying to accomplish is to connect the wlc port 2 directly to a pix 506 which goes to the internet so the guest traffice is not on our vlan.
  any other suggestions on guest vlans would be appricated....
  Tom
  Interface Name................................... wireless.guest.data
  IP Address....................................... 192.168.255.1
  IP Netmask....................................... 255.255.255.0
  IP Gateway....................................... 192.168.255.2
  VLAN............................................. 150
  Quarantine-vlan.................................. no
  Physical Port.................................... 2
  Primary DHCP Server.............................. Unconfigured
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... No
  Scope: wireless.guest.data.dhcp.server
  Enabled.......................................... Yes
  Lease Time....................................... 86400 (1 day )
  Pool Start....................................... 192.168.255.17
  Pool End......................................... 192.168.255.30
  Network.......................................... 192.168.255.0
  Netmask.......................................... 255.255.255.0
  Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
  DNS Domain.......................................
  DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
  Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0

• Two ssids in one Dot11Radio interface

  Hello,
  Whilst configuring CISCO867-W router I have encoutered the following problem.
  On built-in access point I have one Dot11Radio interface. Is it possible to have two ssids associated with two different vlans on one interface? If yes, how to do it? If no, is there any solution to have two separated wlans on an access-point with one Dot11Radio?

  Of course you can have two wlans associated with two different vlans on the same radio interface.
  Here is a simple example on how to it?
  on the router the most important thing you have to make sure that the interface
  Wlan-GigabitEthernet0 is configured as trunk and allowing the vlans mapped on the ssids defined under the radio interface of the embedded AP. Also you have to make sure that dhcp pools have been defined for both vlans.
  Assuming that you have two ssids:
  ssid1 & ssid2  mapped to vlans 1 and 2 consecutively. vlan 1 has been defined as the native on the trunk defined on
  Wlan-GigabitEthernet0
  AP(config)#dot11 ssid ssid1
                  #authentication open
                  #vlan 1
                 #exit
  AP(config)#dot11 ssid ssid2
                 #authentication open
                 #vlan 2
                 #exit
  AP(config)#interface dot11radio 0
                #ssid ssid1
                #ssid ssid2
                # no shut
                # exit
  AP(config)#int dot11radio 0.1
                 #encapsulation dot1q 1 native
                 #bridge-group 1
                 #exit
  AP(config)#int dot11radio 0.2
                 #encapsulation dot1q 2
                 #bridge-group 2
                 #exit
  AP(config)#int gig 0.1
                 #encapsulation dot1q 1 native
                 #bridge-group 1
                 #exit
  AP(config)#int gig  0.2
                 #encapsulation dot1q 2
                 #bridge-group 2
                 #exit
  Please Don't forget to mark the question as answered once having the right response

• Does option 43 matter ? WLC5508 ver 7.2 using internal DHCP server

  I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43. However, the access points are connected in just fine. Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ?
  Thank you.

  Sorry I didnt make my question clear.
  I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43.
  When I connect a CAPWAPP Access Point to the network, it receives IP address from the WLC 5508 DHCP service just fine. It shows up in the access points list and users can connect to it no problem.
  Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ?

• Does WLC release 7.6 support internal DHCP when AP and client SSO is configured?

  Hi,
  I currently have 5508 WLCs running on release 7.6 and they are to be configured in 1:1 HA mode. Would like to know if internal DHCP is supported if AP and client SSO is to be configured.
  Thanks in advance.

  Unfortunately, till date no AirOS release supports Internal DHCP when AP SSO is configured.
  For details, check HA Deployment Guide. It says following :
  "Internal DHCP is not supported when SSO is enabled."
  -Thanks
  Vinod

• Aironet - Two SSIDs, One with WPA, One Without

  I have an AP that I want to have two SSIDs on, let's say, "Admin" and "User."
  The User SSID should be wide open, unsecure, etc.
  The Admin SSID, should not be broadcasted, and be protected via a passwrd, preferably WPA pre-shared key.
  Is this possible? If so, how?
  So far I have both SSIDs working, in an open/unsecure mode. My VLANs are working great, and when I tried the suggestion in the help, it looks like it turned on WPA, but now I cannot see the SSID for Admin.
  If you need a copy of the config, let me know.
  Thanks,
  Anthony

  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$zH.z$lhh9AqT3HXXU2WxXSd2f20
  ip subnet-zero
  no aaa new-model
  dot11 ssid faculty
  vlan 100
  authentication open
  dot11 ssid students
  vlan 400
  authentication open
  guest-mode
  username x password x
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid faculty
  ssid students
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  antenna receive right
  antenna transmit right
  interface Dot11Radio0.100
  encapsulation dot1Q 100
  no ip route-cache
  bridge-group 100
  bridge-group 100 subscriber-loop-control
  bridge-group 100 block-unknown-source
  no bridge-group 100 source-learning
  no bridge-group 100 unicast-flooding
  bridge-group 100 spanning-disabled
  interface Dot11Radio0.400
  encapsulation dot1Q 400 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  ssid students
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  interface Dot11Radio1.400
  encapsulation dot1Q 400 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.100
  encapsulation dot1Q 100
  no ip route-cache
  bridge-group 100
  no bridge-group 100 source-learning
  bridge-group 100 spanning-disabled
  interface FastEthernet0.400
  encapsulation dot1Q 400 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address dhcp client-id FastEthernet0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  transport preferred all
  transport output all
  line vty 0 4
  login local
  transport preferred all
  transport input all
  transport output all
  line vty 5 15
  login
  transport preferred all
  transport input all
  transport output all
  end

• VirtualBox 4.0.2 internal DHCP problem in Host-only mode?

  Hi,
  dos anyone have experience problems with VirtualBox 4.0.2 internal DHCP not working when running Oracle Linux and a Host-Only adapter.
  More detailed described my problem is that Oracle Linux don't get a ip from the internal DHCP server om my system. My host is Win 7 (64 bit) and Guest Oracle Linux (64 bit). I have read that there are several ohers who experienced the same problem with the open source version, but that patching the Guest Tools to 4.0.3 helped them. Sadly this is not the case for me. Any suggestions are welcome and thanks in advance.

  Thanks for your reply - my problem is that the build in dhcp server is not working for some reason and i dont't gen any ip address assigned. I can see from the VBoxManager that it is running, but i can't get i contact with it from the linux guest.

• WLC CT2504: Interface IP can not be used as internal DHCP server IP

  Hello all,
  I've got a new CT2504 controller with software version 7.0.220.0
  Regarding to
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
  I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:
  (Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3
  vlan401 Interface IP can not be used as internal DHCP server IP
  It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
  (Cisco Controller) >show interface detailed management
  Interface Name................................... management
  MAC Address...................................... d0:c2:82:xx:xx:xx
  IP Address....................................... 10.2.x.135
  IP Netmask....................................... 255.255.255.240
  IP Gateway....................................... 10.2.x.129
  External NAT IP State............................ Disabled
  External NAT IP Address.......................... 0.0.0.0
  VLAN............................................. 400
  Quarantine-vlan.................................. 0
  Active Physical Port............................. 1
  Primary Physical Port............................ 1
  Backup Physical Port............................. Unconfigured
  Primary DHCP Server.............................. 10.2.x.135
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... Yes
  Guest Interface.................................. No
  L2 Multicast..................................... Disabled
  Scopes are defined and Proxy is enabled.
  (Cisco Controller) >show dhcp summary
    Scope Name                   Enabled          Address Range
  ap                               Yes      10.2.x.137 -> 10.2.x.140
  intern                            Yes      172.16.x.20 -> 172.16.x.30
  (Cisco Controller) >show dhcp proxy
  DHCP Proxy Behaviour: enabled
  Has somebody an explanation for this issue?
  Thanks in advance,
  Regard,
  Robert

  You can use the internal dhcp, but you need to set the primary dhcp as the management ip. So in your dynamic interface, your primary dhcp is configure with the wlc management ip address. Dhcp proxy also needs to be enabled and is enabled by default.
  Thanks,
  Scott Fella
  Sent from my iPhone