AP 1231G Not Passing DHCP to clients

Hello My company AP 1231G is not passing the DHCP address to the client from the DHCP server can you please advise on my config listed below
basicly the AP is on its own VLAN 10.1.123.1 and the DHCP server is 10.1.10.2 -- trying to use iphelper to pass DHCP to clients and the AP is on static IP 10.1.123.2--
! Last configuration change at 13:15:56 +0800 Fri May 25 2012 by root
! NVRAM config last updated at 13:15:56 +0800 Fri May 25 2012 by root
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXXXXXXX
clock timezone +0800 8
ip subnet-zero
no ip domain lookup
ip domain name XXXXXXXXXXXXX
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
dot11 ssid XXXXXXXXXX
   authentication open
   authentication key-management wpa
   guest-mode
   infrastructure-ssid optional
   wpa-psk ascii XXXXXXXXXXXXXXXXXXXXXXX
dot11 arp-cache optional
username root privilege 15 password XXXXXXXXXXXXXXXXXXXXX
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid XXXXXXXXXXX
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
channel 2432
station-role root access-point
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.123.2 255.255.255.0
ip helper-address 10.1.10.2
ip default-gateway 10.1.123.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
snmp-server view dot11view ieee802dot11 included
snmp-server view ieee802dot11 ieee802dot11 included
snmp-server community public RO
snmp-server community private view undefined RW
bridge 1 route ip
line con 0
terminal-type teletype
line vty 0 4
terminal-type teletype
sntp server 114.80.81.13
sntp broadcast client
end

Roan:
Where is your DHCP server configured (swtich, firewall, 3rd party server..etc)?
Does it work correctly if the AP IP on same subnet and ip-helper is not being utilized?

Similar Messages

Access Points Not Passing DHCP to Clients

I have a 50+ access point deployment, all in a single VLAN (DMZ), across a dozen buildings. We recently experienced wierdness of the following sort. Clients would request DHCP request, DHCP servers would forward requests, which would not get passed from the AP to the clients. We could verify that DHCP and all other parts of network were fine. I had to cold boot each AP to clear the condition. I could find nothing in this mix of 350s and 1200s or the spectrum that would indicate an obvious attack... Couldn't find where to start looking for any tables that were full, or any real place to look for some other reason for this. Yet after cold boot- all is well.
Any thoughts, in case it happens again?

Hi Guys,
I am having a similar problem to you, however i can get authentciated via LEAP, but dont seem to get an IP adderss from the radius server.
My setup is very simple as i am at the design stage. We have a Cisco AP 1200 (2.4 and 5.0 GHZ) and we are using FUNK steel belted RADIUS server. LEAP authentication works fine and i can see the association on the AP. The wirless client (HP W400 integrated Wireless cards) shows that it has been authenticated successfully too. However no IP is being received. We have a IP Pool configured on the SBR server and the SBR server shows that it has issued an IP address.
Next step was to place a sniffer and capture the packets. The capture shows the radius requests and challenges and in the very last ACCEPT packet we can see that the SBR has issued an IP address.
I am confused as i cant see anything on AP that would block the IP address. There are also a few attributes showing as "unknown" in the sniffer trace, so im not too sure wgats going on.
Can anyone help. The IOS is 12.2 (13) JA

1 port on 2960 wont pass DHCP onto client

I am stumped on this one. I have a PoE 2960 that connects a few phone/workstation pairs to the network. All of them work correctly except for one...
For example, the good / working configs look like this on the interfaces:
interface GigabitEthernet1/0/45
description _X211
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
And.....
interface GigabitEthernet1/0/38
description _X208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
The port that is not passing DHCP info onto the client is this one:
interface GigabitEthernet1/0/12
description _X209
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
What am I missing? This worked fine until last week when this site was connected via a trunk to another site (they used to connect via IPSec tunnel, but now have a dedicate link). As far as I can tell, that should not have effected this...and if it did effect this why didn't it effect any of the other ports?
The complete show run:
Building configuration...
Current configuration : 10102 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ...
boot-start-marker
boot-end-marker
no logging console
enable secret 5 ...
enable password 7 ...
no aaa new-model
clock timezone EST -5
switch 1 provision ws-c2960s-48lpd-l
ip name-server 10.1.0.10
ip name-server 10.0.0.10
vtp domain ...
vtp mode transparent
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 8,16,21,48,52,100-101,104,112,120,128,500,900,999
interface Port-channel1
description ...
switchport access vlan 500
interface FastEthernet0
no ip address
interface GigabitEthernet1/0/1
description PHONE_x204
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/2
description PHONE_x212
switchport access vlan 16
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/3
description voice vlan 52
switchport access vlan 16
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/4
description RUCKUS_WAP
switchport trunk native vlan 104
switchport mode trunk
interface GigabitEthernet1/0/5
switchport mode trunk
interface GigabitEthernet1/0/6
description PHONE_x205
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/7
switchport access vlan 16
interface GigabitEthernet1/0/8
switchport access vlan 21
switchport mode access
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
spanning-tree portfast
interface GigabitEthernet1/0/9
description PHONE_x206
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/10
switchport access vlan 16
interface GigabitEthernet1/0/11
switchport access vlan 16
interface GigabitEthernet1/0/12
description ..._X209
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/13
description PHONE_x208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/14
description HP_OFFICEJET_PRO_8600
switchport access vlan 21
switchport mode access
interface GigabitEthernet1/0/15
switchport access vlan 16
interface GigabitEthernet1/0/16
description PHONE_x203
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/17
switchport access vlan 16
interface GigabitEthernet1/0/18
description PHONE_x202
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/19
switchport access vlan 16
interface GigabitEthernet1/0/20
switchport access vlan 16
interface GigabitEthernet1/0/21
switchport access vlan 16
interface GigabitEthernet1/0/22
description ..._X212
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/23
switchport access vlan 16
interface GigabitEthernet1/0/24
switchport access vlan 16
interface GigabitEthernet1/0/25
switchport access vlan 16
interface GigabitEthernet1/0/26
switchport access vlan 16
interface GigabitEthernet1/0/27
switchport access vlan 500
channel-group 1 mode on
interface GigabitEthernet1/0/28
switchport access vlan 16
interface GigabitEthernet1/0/29
switchport access vlan 500
channel-group 1 mode on
interface GigabitEthernet1/0/30
switchport access vlan 16
interface GigabitEthernet1/0/31
description SNAPBACK
switchport access vlan 500
interface GigabitEthernet1/0/32
switchport access vlan 16
interface GigabitEthernet1/0/33
switchport access vlan 16
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/34
switchport access vlan 16
interface GigabitEthernet1/0/35
description PHONE_x201
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/36
description PRINTER__OFFICES
switchport access vlan 21
interface GigabitEthernet1/0/37
switchport access vlan 16
interface GigabitEthernet1/0/38
description ..._X208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/39
switchport access vlan 16
interface GigabitEthernet1/0/40
switchport access vlan 16
interface GigabitEthernet1/0/41
switchport access vlan 16
interface GigabitEthernet1/0/42
description CARD_ACCESS_SYSTEM
switchport access vlan 48
interface GigabitEthernet1/0/43
description SIP_PHONE
switchport access vlan 52
interface GigabitEthernet1/0/44
description PANASONIC_PHONE
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/45
description TECH_TBD_PHONE_X211
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/46
switchport access vlan 16
switchport mode access
interface GigabitEthernet1/0/47
description RUCKUS_WAP
switchport trunk native vlan 104
switchport mode trunk
interface GigabitEthernet1/0/48
description site-to-site-link
switchport mode trunk
interface GigabitEthernet1/0/49
interface GigabitEthernet1/0/50
interface TenGigabitEthernet1/0/1
interface TenGigabitEthernet1/0/2
interface Vlan1
ip address 10.0.1.254 255.255.255.0
interface Vlan48
ip address 10.0.48.254 255.255.255.0
interface Vlan52
ip address 10.0.52.254 255.255.255.0
interface Vlan101
ip address 10.0.101.254 255.255.255.0
interface Vlan128
no ip address
interface Vlan500
ip address 10.1.0.7 255.255.255.128 secondary
ip address 10.0.0.126 255.255.255.128
ip default-gateway 10.0.101.1
no ip http server
no ip http secure-server
logging 10.1.0.10
banner login ^CC
UNAUTHORIZED LOGIN PROHIBITED
^C
line con 0
exec-timeout 15 0
password 7 ...
logging synchronous
login
line vty 0 4
exec-timeout 15 0
password 7 ...
logging synchronous
login
length 0
line vty 5 15
exec-timeout 15 0
password 7 ...
logging synchronous
login
ntp clock-period 22519016
ntp server 198.60.73.8
end

I removed the line:
switchport trunk native vlan 16
From that port, but I am still not receiving DHCP info on the client.
As a workaround I have set a static IP on the phone. I am still unable to get the workstation (in this case a laptop) to get on the network even setting a static address. I put it onto the wireless for now to get them up and running.
This is quite odd. Any idea what I could try to adjust on that port?

Cisco Airespace WLC2006 doesn't pass DHCP to client

I'm installing a new WLC2006 and the AP1020's are connected via the switched backbone and not to the controller. I upgraded the WLC to V3 code. Wireless clients do not receive DHCP addresses for their respective VLANs. If I connect wired to the switch, I get DHCP from whatever VLAN I'm configured for.
I then backed down to 2.2.143.22 and still no success. I then backed down to 2.2.127.9 and things work correctly!
Has anyone else seen this problem? This is the first time I've tried the newer code. Also, the checkbox to require DHCP for the clients would uncheck itself after I checked it and applied the change.

Hi Adam
Have you applied a DHCP server to either the vlan interface on the WLC?
The AireSpace kit seems to intercept DHCP requests (i.e. not just bridge them onto the LAN).
I've seen it fail sometimes until you turn on 'DHCP Override' and specify the IP address of the DHCP server under the SSID configuration... not sure why this happens...
Regards
Aaron
Please rate helpful posts..

1142 Autonomous AP not passing DHCP address to clients

Hi there,
I do hope someone can help me out here because I am having a nightmare with a single AP.
Setup is as follows:
5 existing APs already on site, all working correctly plugged into a 48 port 2960, (non poe).
customer wants to add another AP to extend capacity.
Installed AP, (config attached) mirrored switchport settings, (below) and fired it up.
Outcome: if you are on a static IP or have received DHCP through another AP then everything works as it should. But DHCP requests are never fulfilled if connected through this AP. (this goes also for a laptop with an existing DHCP address if you go through the \release \renew process) DHCP is served by a server living on the switch.
The AP lives on VLAN 2, hence native .2 on both ends, and wireless clients should recieve a VLAN 1 address. All the other APs, (1131s) are working without a problem and this is driving me NUTS! Have been through configs and every screen of the GUI but cant find any difference in set up. Apart from different AP models the new one is on a pwrinj4 while the others are on pwrinj3's.
Switchport settings:
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
AP Config
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
aaa authorization network default local
aaa session-id common
dot11 vlan-name *** vlan 1
dot11 vlan-name *** vlan 2
dot11 ssid ***
   vlan 1
   authentication open
   authentication key-management wpa optional
   wpa-psk hex ***
username manager privilege 15 password ***
username user privilege 0 password ***
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
channel 1
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
no dfs band block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
interface dot11Radio 0
ssid ***
no shutdown
interface dot11Radio 1
ssid ***
no shutdown
power inline negotiation injector installed
interface BVI1
ip address 10.25.97.245 255.255.255.0
no ip route-cache
ip default-gateway 10.25.97.1

Hi Scott,
Yes, the only difference is as this is a 1142 I was instructed to put it onto one fo the Gb ports. I tried the Ap on a known working port to rule out switch config to no effect.
Here is the extended switch config:
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
Not sure about the spanning tree settings on the others: I didnt set those up and am a great believer in the "if it aint broke, dont fix it" maxim!

Errors are not passed to the client database

Hello,
We are using Mobile Client 7.1 with MaxDB database.
We have a problem with the synchronization. We are developing a
notification handling application. The problematic scenario is as
follows:
The existed notification is modified on the client side. Then the
client performs the synchronization and the changes are passed to the
backend via DOE. The syncstate field of the NOTIFICATION table is 202
(during update). BAPI Wrapper returns an error during the update (i.e.
because the object is locked or some other reason...). The client
performs the synchronization one more time in order to receive the
feedback. This synchronization fails and when we check in the trace
file what is the problem, we see there the content of the error message from the
backend and the error "Column index 1 was not found". The syncstate field is not changed to 301 or some other value, it still remains 202. The message is stucked and it's not possible to
do anything with it, only to recover the device.
What is the problem?
Thanks in advance,
Sergey

Hi,
Can you please try to regenerate the data object, re-import the model and try to update?
Thanks and Regards,
Narayani

WLC2100 not issuing DHCP to clients

I've got a 2106 that I'm installing for a customer and having issues with it assigning DHCP to WiFI clients. What's odd is that this was working at one point at home during testing. Only difference at this point is LAN hardware at the customer location.
Simple config- single flat vlan on Cat2960G switch, ASA5505 serving up DHCP for the network. Wired clients are receiving DHCP fine.
Mgmt IP
192.168.0.10/24
Mgmt Gateway
192.168.0.1
Mgmt VLAN
0
Mgmt Int port
1
Mgmt DHCP server
192.168.0.1
AP Mgr Int IP
192.168.0.11
Virtual GW IP
1.1.1.1
RF group name
rfgrp1
SSID
xxxx
Client Static IP?
no
Country Code
802.11a/b/g status
enabled
Radio resource mgmt status
enabled
I've run dhcpd debug on both the controller and the ASA and I see the DHCPD requests on the controller, but I never see them hitting the ASA.
I don't have the specific version of code it's running, but I know it's 6.0. One of my local Cisco account engineers found some Cisco CSC bugs referencing this issue. One TAC cas even referenced stripping all security off the WiFi, connecting the client and then reimplementing the security again.
Anyone have any suggestions? I'm hoping to head back over there again this afternoon to do some more troubleshooting and hopefully solve this for them.
Thanks!
Mike

In this case, the controller is not currently configured as DHCP server, although I may be trying that this afternoon.
I've currently got DHCP proxy enabled and am pointing it to the ASA5505 (192.168.0.1)- I thought I mentioned that in my previous post.
Please keep in mind this was working fine at one point in my lab while I was testing it, then I shut it down for a couple weeks while I waited to install it at the customer site. I've even tried resetting back to factory defaults and reconfiguring it to see if I'd accidentally misconfigured something.
I don't have the exact version, but I do know that I'm running a 6.x code rev. I'm probably going to just upgrade to 7.0 this afternoon and see if that makes a difference. If not, I'll try enabling the internal DHCP server, but I don't want to do that if I don't need to. Just one more thing to worry about managing for the customer.
Thanks,
Mike

WET200-WET200 Bridge not passing DHCP Requests

Hi,
We have setup a bridge between two of our offices using two WET200's in adhoc mode. Everything is connected fine and the signal strengh is good. All traffic pass's over the bridge correctly but DHCP requsts/replys seem to be failing to traverse the bridge. Our DHCP server is hosted on site A and the computers on site B fail to obtain thiers IP's from the dhcp over the bridge requiring us to use static IP's.
Firmware is currently the latest.
Has anyone managed to resolve this issue?
Thanks
Nick

Mr. Muir,
What version of firmware are you running on the wet200's?
If the latest, have you downloaded a fresh copy of the 2.0.3.2 and backed up your configs/ reflashed the firmware/ factory reset the device/ and reloaded the configuration.
I would try this on both devices and let us know if your still having the same issue.

WLC not pass DHCP past bridged units

I have a WLC 5508 with LWAP 1242 with wireless bridges connected to the APs I cannot get DHCP to pass through the bridge to the PC connected to the bridge.

Some third-party WGBs need to operate in non-DHCP relay mode. If problems occur with the DHCP assignment on devices behind the non-Cisco WGB, use the following commands:
–config dhcp proxy disable
–config dhcp proxy disable bootp-broadcast disable
The default state is DHCP proxy enabled.
the above commands introduced from 7.0.116.0.

RV220W not showing DHCP Leased Clients (LAN)

I have notice that when I click on Networking -->LAN -->DCHP Leased Clients (LAN) I get 0 results found, but If I click on Status-->Avaiable LAN Host I see all my clients, most (all but 1) are listed as "unknown" under the Name.
How do I get them to show up under the DCHP Leased Clients (LAN)?

Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center.
First, Thank you for purchasing a Cisco product. I am sorry to here that you are still having the issue. I am going to follow-up with the agent that was working your case and work on determining what is causing your issue.
If you need anything, please let me know. You can reach me at emoyers at cisco . com
Eric Moyers
Cisco Network Support Engineer
1-866-606-1866

DHCP Server is not passing out DHCP Leases

I can't seem to figure out why DHCP server is not passing out DHCP lease a client?
Also I can't seem to figure out why NVI0 interface is UP? I have setup another box similarly and NVI0 is down on that and the DHCP server is working fine on that too. Strange!
I am working on CISCO 881 VPN Router...Please have a look at it and let me know. Thanks
Here is the configuration in the box...
sh run
Building configuration...
Current configuration : 6543 bytes
! Last configuration change at 17:09:54 CST Fri Sep 14 2012 by XXXXX
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXX
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone CSTime -6
clock summer-time CST recurring
crypto pki trustpoint TP-self-signed-3079619067
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3079619067
revocation-check none
rsakeypair TP-self-signed-3079619067
crypto pki certificate chain TP-self-signed-3079619067
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303739 36313930 3637301E 170D3132 30393134 31393231
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373936
31393036 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100993C D622004B F3AEA1E5 81106C28 36EC52D0 5435ABC3 8912095F 3641168A
B67D97AF AEB43CF3 00A00EB5 702FA355 9F58EBEF F42294DC 0E32CF40 E17D372A
3BC36401 55EDBA5C 910B7A51 89D709A8 7EAB3FF0 E4C99D34 CBE3F316 069C0E16
BC284055 35E3D762 463DABF6 852C4E7A D2EF45A4 21F08689 4DF17870 9E2A6C27
1BFB0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A506F70 6C617276 696C6C65 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 64EA4CAE 2029E4C2 702584C6 B5732464
5C9DA38A 301D0603 551D0E04 16041464 EA4CAE20 29E4C270 2584C6B5 7324645C
9DA38A30 0D06092A 864886F7 0D010104 05000381 81006C27 96E06B83 04DBDA81
EEB0AF35 84ED370E A8C9694E F9B9326D 69CB1043 9C396D7B 760D252F 4881926D
878E434F 9AFC3E6D A5BF43F2 E619D6EC F45C039A 5FFB478F A99F7EE5 274E37D5
11976FDE 823FD1A9 700203E5 67A329B3 F4CF45F0 245757C8 E2349276 B13414D1
017616FA 38A40BA8 42545AC5 C7676D21 29E4F491 CADB
        quit
ip source-route
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.100.101
ip dhcp excluded-address 192.168.1.254
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
ip dhcp pool Internal_Network
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.100.254
   default-router 192.168.1.254
ip cef
ip domain name yourdomain.com
ip name-server 192.168.100.254
no ipv6 cef
license udi pid CISCO881-K9 sn FTX1604828T
username XXXXX privilege 15 secret 5 $1$QEcR$96cmvs/h/.05G6BnorcWG/
username XXXXX secret 5 $1$PQQ1$3.Vin0i/2uZ/KD0xEJ8GC.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group YYYYYYY
key XXXXX_XXXXX_XXXXX
pool VPN-Pool
acl VPN-Access-List
crypto isakmp profile vpn-isakmp-profile-1
   match identity group YYYYYYY
   client authentication list vpn_xauth_ml_1
   isakmp authorization list vpn_group_ml_1
   client configuration address respond
   virtual-template 2
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN_INTERFACE
ip address 192.168.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
interface Vlan1
description VLAN1_INTERFACE
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool VPN-Pool 192.168.1.151 192.168.1.200
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.100 21 192.168.100.3 21 extendable
ip nat inside source static tcp 192.168.1.100 80 192.168.100.3 80 extendable
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip access-list extended VPN-Access-List
permit ip 192.168.1.0 0.0.0.255 any
permit tcp host A.B.C.D host 192.168.1.100 eq ftp
permit tcp host A1.B1.C1.D1 host 192.168.1.100 eq ftp
permit tcp host A2.B2.C2.D2 host 192.168.1.100 eq ftp
permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.100 eq ftp
permit tcp host A3.B3.C3.D3 host 192.168.1.100 eq ftp
permit tcp any host 192.168.1.100 eq XXX
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner motd ^C XXXXX-XXXXX VPN Router ^C
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 124A50424A5E5550
transport input telnet ssh
scheduler max-task-time 5000
end

Hi Jennifer,
I have gotten it resolved. Per your suggestion, I have turned on debug ip dhcp events and found that POOL EMPTY message. After little research, I found out that I have made a mistake in my excluded-address range.
I have had it as
ip dhcp excluded-address 192.168.1.1 192.168.100.101
It should have been
ip dhcp excluded-address 192.168.1.1 192.168.1.101.
It was a typo.
Thank you for the suggestion.
Srini

Guest LAN and DHCP Options not passing through

Managed to get the Guest LAN up and running for wired clients and all's working well. Users are sat behind a proxy and if I force the use of a appropriate wpad file I can get the WLC auth to happen and then push off to the proxy.
I'm trying to use option 252 in DHCP to present the WPAD url. Only issue that happens is that while the DHCP server on the egress interface is handing out addresses to clients on the ingress interface correctly, the WLC doesn't appear to be handing through the option 252 I have set in DHCP. I've used network monitor to see what the dhcp request process is dishing out in terms of options, and all look good if I'm not behind the WLC.
Anyone know if theres a limitation on the WLC that prevents DHCP options being passed through to the guest LAN?
TIA

When configured as a DHCP server, some of the firewalls do not support DHCP requests from a relay agent. The WLC is a relay agent for the client. The firewall configured as a DHCP server ignores these requests. Clients must be directly connected to the firewall and cannot send requests through another relay agent or router. The firewall can work as a simple DHCP server for internal hosts that are directly connected to it. This allows the firewall to maintain its table based on the MAC addresses that are directly connected and that it can see. This is why an attempt to assign addresses from a DHCP relay are not available and the packets are discarded. PIX Firewall has this limitation.
For more information please refer to the link-http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

Clients not receiving DHCP IP address from HREAP centrally Switched Guest SSID

Hi All,
I am facing a problem in a newly deployed branch site where the Clients are not receiving DHCP IP address from a centrally switched Guest SSID. I see the client status is associated but the policy manager state is in DHCP_REQD.
The dhcp pool is configured on the controller itself. The local guest clients are able to get DHCP and all works fine, the issue is only with the clients in the remote site. The Hreap APs are in connected mode. Could you please suggest what could be the problem. Below is the out of the debug client.
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Adding mobile on LWAPP AP 3c:ce:73:6d:37:00(1)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Reassociation received from mobile on AP 3c:ce:73:6d:37:00
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'Guest-ACL' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific IPv6 override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying IPv6 Interface Policy for station 10:40:f3:91:7e:24 - vlan 81, interface id 13, interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 3c:ce:73:6d:37:00 vapId 17 apVapId 1
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 apfMsAssoStateInc
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Idle to Associated
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 49) in 28800 seconds
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sending Assoc Response to station on BSSID 3c:ce:73:6d:37:00 (status 0) ApVapId 1 Slot 1
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfProcessAssocReq (apf_80211.c:4672) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Associated
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4183, Adding TMP rule
*apfReceiveTask: May 24 11:35:53.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 3c:ce:73:6d:37:00, slot 1, interface = 13, QOS = 3
ACL Id = 255, Jumbo F
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 IPv6 Vlan = 81, IPv6 intf id = 13
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sent an XID frame
*apfMsConnTask_3: May 24 13:26:49.401: 10:40:f3:91:7e:24 Updating AID for REAP AP Client 3c:ce:73:6d:37:00 - AID ===> 1
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 12) in 10 seconds
*osapiBsnTimer: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:4897) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Disassociated
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: May 24 13:29:09.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Sent Deauthenticate to mobile on BSSID 3c:ce:73:6d:37:00 slot 1(caller apf_ms.c:4981)
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsAssoStateDec
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:5018) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Disassociated to Idle
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:ce:73:6d:37:00]
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Deleting mobile on AP 3c:ce:73:6d:37:00(1)
*pemReceiveTask: May 24 13:29:09.317: 10:40:f3:91:7e:24 0.0.0.0 Removed NPU entry.

#does the client at the remote site roams between AP that connects to different WLC?
#type 9 is not good.
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
#Does your dhcp server getting hits.
#Also, get debug dhcp message & packet.
#Dhcp server is not responding.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

Clients not getting DHCP in VRF

Good morning -
We have devices in the global routing table (not in a VRF) getting DHCP addresses without issue. The SVI is configured as such:
interface Vlan2301
description BLUE
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description RED
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
Clients in BLUE are getting DHCP but clients in RED are not. If I statically assign an address I have connectivity and can reach the DHCP server (which is also DNS server; with a static IP in VLAN 2512 I can do name resolutions for example).
I am at a bit of a loss. Is there anything special I need to do for VRF IP HELPER-ADDRESS configuration? A capture on my firewall interface shows the DHCP server is trying to reply - it is like the helper-address is not forwarding the dhcp reply (or is not getting it)
11:11:52.915180 IP (tos 0x0, ttl 254, id 17478, offset 0, flags [none], proto UDP (17), length 337)
    10.217.5.1.67 > 10.4.16.222.67: BOOTP/DHCP, Request from xx, length 309, hops 1, xid 0xb53a220c, Flags [none]
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
11:11:52.918761 IP (tos 0x0, ttl 124, id 28096, offset 0, flags [none], proto UDP (17), length 344)
    10.4.16.222.67 > 10.217.5.1.67: BOOTP/DHCP, Reply, length 316, xid 0xb53a220c, Flags [none]
          Your-IP 10.217.5.12
          Server-IP 10.4.16.222
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
Any ideas?

Good morning -
I have a pair of 6513 in a VS40 (VSS quad sup) connected via L3 MEC to a VSS pair of 4500X. Active to Active and Standby to Standby connected in a L3 MEC port-channel that is also a vnet trunk:
(Core)
interface Port-channel5
description Distribution Uplink
no switchport
vnet trunk
ip dhcp snooping limit rate 100
ip address 172.20.68.1 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
spanning-tree guard root
(4500 Distribution)
interface Port-channel1
description Core Uplink
vnet trunk
ip arp inspection trust
ip address 172.20.68.2 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
The interfaces are all using LACP mode Active inside the channels
On the 4500 we have a global routing table and a vrf. Both have helper addresses pointing to the DHCP server which is extranet service behind the 6513 Core.
interface Vlan2301
description Global Routing Table
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description VRF
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
DHCP for the Global Routing Table subnet works. DHCP for the VRF does not.
What is interesting is if we shut down the link that is connected to the standby 4500 (Te2/1/1) DHCP starts to work for the VRF.
Using <debug ip dhcp server packet detail> at the 4500 here is what I am seeing.
When both links are up and DHCP is failing for the VRF:
Mar 10 20:02:02.419: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:02:10.473: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:02:10.473: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:02:10.474: DHCPD: client's VPN is RED.
Mar 10 20:02:10.474: DHCPD: using received relay info.
When I shut the Te2/1/1 link down in the L3 MEC at the 4500 DHCP starts to work for the VRF RED:
Mar 10 20:04:41.354: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:04:41.369: DHCPD: Reload workspace interface Port-channel1.2002 tableid 3.
Mar 10 20:04:41.369: DHCPD: tableid for 172.20.68.2 on Port-channel1.2002 is 3
Mar 10 20:04:41.369: DHCPD: client's VPN is .
Mar 10 20:04:41.369: DHCPD: forwarding BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:41.369: DHCPD: broadcasting BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:44.808: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:04:44.808: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:04:44.808: DHCPD: client's VPN is RED.
It is like there is a bug that is treating the L3 MEC as a L2 MEC when both links are present; or the VNET trunk is not being processed correctly.
Has anyone else used a L3 MEC with a VRF and a DHCP helper with success? Is this a bug?
03.05.01.E is the code we are running on the 4500X-32(SPF+)
This is also with TAC but I thought I would share with the community in case anyone else has a similar environment or if Cisco experts want to comment.

Why available Lan Host not showing up in the DHCP Leased Client table for RV180

I just purchased the RV180 and am puzzled as to why lan host with ip address of 192.168.1.102 not showing up in the DHCP leased clients list.
I have 4 static ip addresses with the last 3 digits ending in 101, 102,103 and 200 listed in the static DHCP and available local network list, but 102 is not in the DHCP leased clients list. The other 3: 101,103 and 200 are.
Should it not be there also?

Thanks Marty,
There is nothing different about 102 than the other hosts.
I did talk to tech support at Cisco this morning and I was told that I should not use the static DHCP under Networking LAN. Instead, I should set the static IP at the device level.
So under Static DHCP, the list is blank, but the IP address will show up under Available LAN Hosts and listed as Static as Type.
I thought this is a bit strange since it is Static DHCP and should be under Static DHCP (?)
George

AP 1231G Not Passing DHCP to clients

Similar Messages

Maybe you are looking for