Catalyst 2950 / ip dhcp-server

Similar Messages

• Catalyst 2950 - Radius

  Is it possible of crypter the password radius-server on a catalyst 2950. (example: "radius-server key 7 toto")?

  Tagging on to this discussion from another thread in the forum:
  Actually the answer to this question is very highly release dependent. Earlier releases did not support it. Current releases do. I am not sure where the change is and believe it may be a 12.3 (or maybe even a 12.3T) enhancement. I have quite a few routers (most with TACACS and some with Radius) where the key is encrypted. When I started with those routers the key was not encrypted. At some point in doing a software version upgrade the keys for TACACS/Radius started being encrypted.
  The encryption of the TACACS/Radius key is part of the service password encryption. The service has been enhanced several times to increase the number of keys that it protects. If you have service password encryption enabled (and in a live network I hope that you do) and have a release that supports the new enhancement your TACACS/Radius key will be encrypted automatically. If your version of IOS does not support it yet the key will not be encrypted.
  HTH
  Rick

• DHCP on Cisco Catalyst 2950 Switch

  Hello
  I need to configure my cisco catalyst 2950 series switch in order to act as DHCP server for devices connected to its ports.
  Please say me, how to do that ?
  Thank you
  Narek

  Please find the sample DHCP configuration for one of the VLANs.
  Interface Vlan1
  description Cisco DHCP
  ip address 10.10.2.1 255.255.255.0
  ip dhcp pool cisco
  network 10.10.2.0 255.255.255.0
  default-router 10.10.2.1
  domain-name mydomain.com
  dns-server 10.10.2.10
  netbios-name-server 10.10.2.15
  lease 7
  A 24 hour lease is the default if left out and the netbios-name-server is WINS in the Windows world.
  If you want to use DHCP server for other VLANs as well create similar DHCP pools and assign the DG to the corresponding VLAN interface IP.
  HTH, rate if it does
  Narayan

• Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

  Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
  Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
  ipv6 dhcp database disk0://DHCPV6-DB
  ipv6 dhcp pool VLAN206IPV6
   prefix-delegation pool VLAN206IPV6-POOL
   dns-server 2620:B700:0:1001::53
   domain-name global.bio.com
  ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
  interface Vlan206
   description *** IPv6 Subnet ***  
   ip address 10.2.104.2 255.255.255.0
   ipv6 address 2620:B700:0:12C7::2/64
   ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
   ipv6 nd managed-config-flag
   ipv6 dhcp server VLAN206IPV6
   standby version 2
   standby 0 ip 10.2.104.1
   standby 0 preempt
   standby 6 ipv6 2620:B700:0:12C7::1/64
   standby 6 preempt
  I'm getting a result from my debug as follows:
  Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   dst FF02::1:2
  Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
  Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
  Apr 10 16:28:03.861 PDT:     elapsed-time 101
  Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
  Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
  Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
  Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
  Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
  Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
  Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
  Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
  Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
  Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
  Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
  Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

  Hello,
  maybe hitting the following bug.
  Pv6 Address Assignment Support for IPv6 DHCP Server
  CSCse81385
  Hope this helps

• RARP Server for Catalyst 2950 Switch

  Is there a RARP Server capability for the Cisco Catalyst 2950 Switch? I know that Cisco Routers support an "ip rarp-server" command. Do Cisco Switches support RARP?

  To the best of my knowledge, the RARP protocol is working with cisco 2950 switch and also it supports in most of the cisco products.
  http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00800f0804.shtml

• Catalyst 2950 switch

  Hello,
  I am using a catalyst 2950 switch and connecting machines which have the operating system as TRU64 UNIX 5.1B (HP make DS25 servers) and WINDOWS XP Professional. The WINDOWS machines are getting connected on the network ( I am able to PING each other), but the UNIX machines are not getting connected on the network. The port LED on the switch is normal (GREEN). The netstat -r command on the UNIX machine shows default as defgw (/etc/routes) and the IP of defgw is defined in the /etc/hosts file. But there is actually no such gateway.
  Please help me to get the UNIX machines connected on the network.
  Thank You very Much
  Best Regards
  S R Vijayan

  I wonder if the Windows machines are configured to use DHCP? If they are configured for DHCP and there is a DHCP server that is reachable, then it explains why the Windows machines have reachability to each other. If there is not a DHCP server available then the Windows machines are probably taking addresses in 169.254 (which is the default for Windows when it can not acquire from DHCP). This would also explain the ability of Windows machines to communicate with each other. Can the original poster clarify what IP addresses the Windows machines are using?
  Then the question becomes how are the Unix machines configured? Are they supposed to use DHCP? Is so is the DHCP server reachable? If not how is the interface on the Unix box configured?
  I also think that the suggestion about verifying whether the switch is configured with more than one VLAN is an excellent suggestion.
  HTH
  Rick

• Can I use DHCP snooping and IOS DHCP server on the same switch stack

  Hello,
  I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
  There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
  For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
  Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
  I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
  Unfortunately I do not have access to a layer 3 switch to test this at the moment.
  Thanks

  Nope.  That's the issue.
  They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

• SG 300-28: how to configure it as DHCP server.

  I am relatively new the configuring network switches. Could someone point me in right direction to configure SG300-28 as a DHCP server?
  From the people I talked based on device specs it should be able to act as dhcp server. However, if we cannot, can it be configured so that clients get DHCP infomation from Firewall to which L3 switch is connected.
  Thank you,
  S.

  Hi Sreenath,
  I guess when you try the GUI or CLI interface, you would have noticed there is no mention of DHCP server.
  They both mention, as does the datahseet, DHCP relay;
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
  Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2
  Relay of DHCP traffic to DHCP server in different VLAN. Works with DHCP Option 82
  The new SG300-28 switch or  ordering p/n SRW2024-K9,   does not incorporate a DHCP server, but relies on DHCP relay to get IP addresses allocated to PC's on seperate VLANs.
  If you needed a DHCP server within a Layer 3 switch you would have to look at the traditional Catalyst 3XXX series switch for that functionality.
  I guess this is not the answer you wanted to hear.
  regards Dave

• Ccum 9.1 as DHCP server

  Hello,
         In my lab I have Cisco Catalyst Express 500 POE switch and vmware workstation 10 with 2 virtual machines Windows 2008 R2 acting as dns server and CUCM 9.1 which is acting as DHCP server as well, both the virtual machines as briged to the physical network and able to ping each other and the host operating system as well. The switch is configured with 2 vlans namely DATA 20  AND VOICE 30 all the ports are added to both the Vlan. THE PROBLEM IS WHEN I PUT THE PC ON ANY OF THE PORT THE IP ADDRESS IS ACQUIRED BUT WHEN THE PHONE IS ATTACHED DIRECTLY TO THE SWITHC PORT IT DOESNT ACQUIRES THE IP ADDRESS.
  Thanks
  Syed

  interface FastEthernet1/0/1
  switchport access vlan 20
  switchport mode access
  switchport voice vlan 30
  mls qos trust device cisco-phone
  mls qos trust cos
  spanning-tree portfast
  conf t
  service dhcp
  cdp enable
  cdp timer 5
  cdp advertise v2

• Making Switch as DHCP server

  We have cisco 2950 switch. can we use it as dhcp server in our network if yes then how ?
  Please give me all commands to make it DHCP server.

  Hi Blue,
  i completely i won't accept the rest of ppl. say that DHCP is not supported on Cisco 2950, infact i am running dhcp server on my cisco 2950T-24 for the past 10 months IOS ver 12.1-22.EA6
  find the commands
  ip dhcp excluded-address 10.1.1.51 10.1.1.60
  ip dhcp pool xyz
  network 10.1.1.0 255.255.255.0
  domain-name abc.org
  dns-server 10.2.1.31
  default-router 10.1.1.252
  ip dhcp-server 10.1.1.250
  hope this helps.
  rate this post if cleared.

• Catalyst 2950 trouble

  I have been trying to get a Catalyst 2950 switch to work for over a week now. I received the switches with no box or packaging and I was told that there were no previous setup attempts on it. I tried performing the express setup but the lights on the server don't seem to behave the way the instructions explain. I also was never able to make a connection between the linux server I am trying to use to configure the switch and the switch. All i received was the switch and nothing else. I have an AC power cord and I also found an RJ45 - DB 9 adapter if needed. I have looked through alot of the manuals on the cisco main pages and nothing seems to be working or clicking. Please help!

  Results of pinging from switch to linux box and switch to switch were both 0%.
  Switch2>show arp
  Protocol Address Age (min) Hardware Addr Type Interface
  Internet 192.168.1.10 - 000a.8a7a.f280 ARPA Vlan1
  No luck pinging switch from linux box again...
  Arp -a Results
  c358-hsrp102.xxxxx.com (xxx.xxx.102.1) at 00:00:0C:07:xx:xx [ether] on eth0
  Route -n Results
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric Ref Use Iface
  192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
  xxx.xxx.102.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
  169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
  0.0.0.0 148.174.102.1 0.0.0.0 UG 0 0 0 eth0
  Ifconfig results
  eth0 Link encap:Ethernet HWaddr 00:13:72:FD:xx:xx
  inet addr:xxx.xxx.102.78 Bcast:148.174.103.255 Mask:255.255.254.0
  inet6 addr: fe80::213:72ff:fefd:871d/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:38172 errors:0 dropped:0 overruns:0 frame:0
  TX packets:16406 errors:0 dropped:0 overruns:0 carrier:0
  collisions:224 txqueuelen:1000
  RX bytes:8127476 (7.7 MiB) TX bytes:3941903 (3.7 MiB)
  Interrupt:169
  eth1 Link encap:Ethernet HWaddr 00:13:72:FD:87:1E
  inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
  inet6 addr: fe80::213:72ff:fefd:871e/64 Scope:Link
  UP BROADCAST MULTICAST MTU:1500 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  Interrupt:225
  eth2 Link encap:Ethernet HWaddr 00:04:23:CD:B5:6A
  BROADCAST MULTICAST MTU:1500 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  Base address:0xecc0 Memory:fe9e0000-fea00000
  eth3 Link encap:Ethernet HWaddr 00:04:23:CD:B5:6B
  BROADCAST MULTICAST MTU:1500 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  Base address:0xec80 Memory:fe9c0000-fe9e0000
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:6376 errors:0 dropped:0 overruns:0 frame:0
  TX packets:6376 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:4647441 (4.4 MiB) TX bytes:4647441 (4.4 MiB)
  sit0 Link encap:IPv6-in-IPv4
  NOARP MTU:1480 Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  Lot of info there you are only allowed 3 attachments thats why i put it all in here and attached the last 2 hope you can find everything ok.

• Can I use ASA to be a DHCP Server use in WLC wireless Client

  I want to use ASA to be a DHCP Server for Wireless Client not it can't.
  I check the debug log in WLC, I confirm the WLC have send the request to ASA.
  In the ASA, it don't have any hits in the rule when the WLC send the DHCP relay request.
  I have try don't use dhcp relay in WLC but don't success. Anybody have the same case with me? And Is the ASA can't support DHCP relay agent to request to get the IP Addr.
  P.S. In the Network Design limitation so I can't use WLC to be DHCP Server.
  Equipment:
  ASA5510
  WLC4402
  How can I fix it.
  Thank you very much

  The issue is that the ASA doesn't accept DHCP requests from a relay agent, only broadcast DHCP requests. In the 4.2 version for the controllers there is now an option so you can change the way the controller forwards DHCP requests so that it is sent as a broadcast and not from a relay agent.

• Remote access VPN with ASA 5510 using DHCP server

  Hi,
  Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
  I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
  ASA Version 8.2(5)
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.6.0.12 255.255.254.0
  ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
  route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
  crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map dyn1 1 set transform-set FirstSet
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface inside
  crypto isakmp enable inside
  crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
  vpn-addr-assign aaa
  vpn-addr-assign dhcp
  group-policy testgroup internal
  group-policy testgroup attributes
  dhcp-network-scope 10.6.192.1
  ipsec-udp enable
  ipsec-udp-port 10000
  username testlay password *********** encrypted
  tunnel-group testgroup type remote-access
  tunnel-group testgroup general-attributes
  default-group-policy testgroup
  dhcp-server 10.6.20.3
  tunnel-group testgroup ipsec-attributes
  pre-shared-key *****
  I got following output when I test connect to ASA with Cisco VPN client 5.0
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
  4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
  [OK]
  kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
  Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
  Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
  Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
  Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
  Regards,
  Lay

  For RADIUS you need a aaa-server-definition:
  aaa-server NPS-RADIUS protocol radius
  aaa-server NPS-RADIUS (inside) host 10.10.18.12
    key *****   
    authentication-port 1812
    accounting-port 1813
  and tell your tunnel-group to ask that server:
  tunnel-group VPN general-attributes
    authentication-server-group NPS-RADIUS LOCAL
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Can you use the Airport Express A1264 as an AP and a DHCP server at the same time?

  Can you use the Airport Express A1264 as an Access Point and a DHCP server at the same time?
  I would like to use it as a DHCP server and AP at the same time in my LAN (no internet, just local machines through a few switches). I was lead to belive this could be the case from a few networking friends that haven't been friendly enough to help me out setting it up.

  I need it to act as a dLink/Cisco/Linksys/etc basic wifi router, in the fact that you can access it via wifi, and it will spit out DHCP addresses (192.168.1.xxx) to everything wired downstream of it.
  I want to simultaniously provide a Wifi connection and a LAN connection at the same time
  Thanks,
  BRad

• Can I use my WRT54G as a DHCP server only? I've got 5 dynamic IP's from Time Warner..

  Hi everyone, I'm wondering if I can use my WRT54G as a DHCP server only only my network, without having to have any of my PC's plugged into it's router ports?  I looked at the settings but I couldn't get it to work.
  Here's why:  I just got Time Warner Business Class cable internet which comes with 5 dynamic IP's.  I want each computer, well 4 of them at least and 1 for the WRT54G, to have a unique IP when accessing the internet, and the other computers (5 more computers) to use the DHCP server in the WRT54G to get a NAT IP for use on the internet.
  We play Diablo II on the internet and only 4 computers can be connected through 1 IP, so that limits us in my current configuration.
  Current Equipment: One WRT54G, one Netgear GS116 16 port gigabit non-managed switch.  One Time Warner Cable modem.  Also attached to the network is one HP network printer, a Buffalo LinkStation NAS and a Zensonic Network DVD player.
  Current config:  Cable modem -->  WRT54G --> Netgear switch.
  Ideal config: Cable modem -->  Netgear switch -->  WRT54G.
  With my current config, I am not taking advantage of the 5 dynamic IP's, but all the computers connected to the Netgear switch or the WRT54G can connect to the internet and the NAS. 
  So my ideal config (where I don't have to buy anything and where all the computers can print and access the NAS) is to connect all the computers and devices to the Netgear Switch and somehow force 4 of the computers and the WRT54G to get a dynamic IP from the cable modem, while the other computers and devices use the DHCP server on the WRT54G to get to the internet. 
  Is this possible?
  I called Time Warner Cable and they weren't any help.  I called the Linksys sales department and they weren't of much help either. 
  I suppose that I could purchase a new 8 port switch and attach 4 computers, the cable modem and the WRT54G to it.  Then attach the Netgear to the WRT54G to accomodate the printer, NAS, and the other 5 computers.  But in that senario, the 4  computers connected to the new switch can't print and can't reach the NAS.  And geez, some computers would have to go through 3 devices to reach the internet, which has got to slow them down.
  I did read about the Linksys EFG120 which has a DHCP server, but at $400 and only 120 gigs, it doesn't work for me. 
  I called Time Warner and the cost of more dynamic IP's is prohibitive, I'm already paying $79 a month for this internet and they want another $50 a month for 7 more dynamic IP's and that wouldn't help my NAS or my printer.
  The cost of a 16 port gigabit switch with DHCP is an amazing $800 or so, which is out of the question. 
  Sorry for being so long winded and thanks for reading this far.  I'm looking forward to any replies. 

  That is a hell of a setup. I don't know if it would be easier and cheaper to either buy a real router like a Cisco, get fixed IP addresses and a RV042, or buy 4 network cards for the four of the five computers which need the internet access for gaming.
  O.K. First your setup:
  1. You wire the modem to the 6-port switch.
  2. You connect the remaining 5 ports with the WAN ports of 5 WRTs with DHCP on the WAN interface.
  3. You configure each WRT with unique LAN IP addresses in the same subnet, e.g. 192.168.1.1/255.255.255.0, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5.
  4. You turn off all DHCP servers except on one, e.g. 192.168.1.1. That router will be the default router and internet connection for any client which gets dynamic LAN addresses (as fallback or guests, I would not configure the NAS or printer with DHCP addresses if you have everything else on static IP addresses). You can certainly disable all DHCP servers if you want, too.
  5. Now you connect all WRTs with each other.
  5a. You connect port 1 of the 1st WRT with port 1 of the 2nd.
  You connect port 2 of the 2nd with port 1 of the 3rd.
  Port 2 of the 3rd with port 1 of the 4th.
  Port 2 of the 4th with port 1 of the 5th.
  (Do not create a loop connecting port 2 of the 5th with port 2 of the 1st!!)
  5b. You buy another switch and connect each port 1 of each router with this switch. This has the advantage that you don't have a long cascade between the 1st and the 5th router like in 5a.
  6. You connect all devices to the LAN.
  6a. If you did 5a, you will probably put each computer to the router which internet connection it uses. The NAS and printer could go anywhere.
  6b. If you did 5b, you hopefully bought a 16 or 24 port switch. Then you plug simply everything into that switch. Otherwise you can certainly use the free ports of the WRTs like in 6a.
  7. You configure all your devices with static IP addresses. For instance,
  IP 192.168.1.11
  netmask 255.255.255.0
  gateway 192.168.1.1
  For the DNS servers I would highly recommend to use the DNS servers of your ISP directly and not use the relay on 192.168.1.1.
  The gateway address defines through which router the computer connects to the internet.
  8. You may still have to configure port forwardings on the router to the game computer if required for the game.
  An interesting alternative to this setup might be to buy 4/5 network cards for the 4/5 computers with direct internet access. Then you use the one network card to connect to your single LAN behind your single WRT. The other network card goes into the switch behind the modem and has direct internet access. You then have to tell Windows which of the network cards has the default gateway for the internet connection (to prevent routing all traffic through the LAN and the WRT to the internet). One game computer would have to be behind the WRT.