Catalyst 3750E's and DHCP Snooping
I am using on our perimeter Catalyst 3750E's and 4500 series switches and I have DHCP Snooping enabled. Each switch has redundant Layer 3 10Gb uplinks back to our Core/Distribution switches. We have a central DHCP server and each switch writes its snooping database back to a central TFTP server.
This was working fine until we upgraded our Active Directory domain to a 2008 domain, with our DHCP server now residing on a Windows 2008R2 server.
Since the upgrade all 12 stacks of 3750E's will no longer write of the dhcp snooping database.
show ip dhcp snooping database
Agent URL : tftp://<path>
Write delay Timer : 3600 seconds
Abort Timer : 300 seconds
Agent Running : No
Delay Timer Expiry : 17 (00:00:17)
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts : 0 Startup Failures : 0
Successful Transfers : 0 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 0 Failed Writes : 0
Media Failures : 0
All of the 4500's (5 of them) however still work as they did prior to the upgrade.
show ip dhcp snooping database
Agent URL : tftp://<path>
Write delay Timer : 3600 seconds
Abort Timer : 60 seconds
Agent Running : No
Delay Timer Expiry : 2737 (00:45:37)
Abort Timer Expiry : Not Running
Last Succeded Time : 07:18:07 EDT Wed Jun 15 2011
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts : 13 Startup Failures : 0
Successful Transfers : 13 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 13 Failed Writes : 0
Media Failures : 0
Is this a software bug and has anybody else seen this after upgrading to a Windows 2008 AD domain?
well i found this
When DHCP snooping is disabled and DAI is enabled, the switch shuts down all the hosts because all
ARP entries in the ARP table will be checked against a nonexistent DHCP database. When DHCP
snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny ARP packets
We dont do arp acl
Here is a little infor on the setup on 6500
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: Q,W,E,RT,TY,Y
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
Interface Trusted Rate limit (pps)
GigabitEthernetX/X yes unlimited
Port-channel yes unlimited
port config port-channel
ip arp inspection trust
ip dhcp snooping trust
2960 config
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:Q
Insertion of option 82 is disabled
circuit-id default format: vlan-mod-port
remote-id: 1111:1111:1111 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Allow option Rate limit (pps)
Port-channel yes yes unlimited
port config
interface Port-channel
ip arp inspection trust
ip dhcp snooping trust
Similar Messages
-
How to synchronize between DHCP binding table and DHCP snooping table ?
I clear DHCP snooping table with command "clear ip dhcp snooping binding " , and PC can't communicate with other any more. So how to synchronize between DHCP binding table and DHCP snooping table ?
dhcp-test#sh ip dhcp bind
IP address Client-ID/ Lease expiration Type
Hardware address
99.1.65.32 0100.1125.353c.25 Mar 02 1993 01:05 AM Automatic
99.1.65.33 0100.1438.059f.85 Mar 02 1993 12:01 AM Automatic
dhcp-test#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
Total number of bindings: 0
thanks!ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id expiry seconds
Add binding entries to the DHCP snooping binding database. The vlan-id range is from 1 to 4904. The seconds range is from 1 to 4294967295.
Enter the above command for each entry that you add
To delete the database agent or binding file, use the no ip dhcp snooping database interface configuration command. To reset the timeout or delay values, use the ip dhcp snooping database timeout seconds or the ip dhcp snooping database write-delay seconds global configuration command.To renew the database, use the renew ip dhcp snooping database privileged EXEC command. -
Hi all,
The ISE configuration validator says we should have DHCP snooping enabled on our network access devices (switches) so we do it. However I have never understood what this accomplishes. (In terms of ISE/NAC. I understand what DHCP snooping is).
Can anyone explain? Thanks.Thanks for the reply, Vattulu.
Interesting article/section, but I don't see where it says anything about the relationship between dhcp snooping and profiling. It seems to be talking about the use of dhcp snooping option 82 to convey the 802.1x user info to the dhcp server. The dhcp server can then act on this information to assign specific IPs to specific users. I can see how ISE would get this information via ip-helper or maybe by snmp bulk query, but don't understand how that would assist with profiling. I mean, ISE already has the 802.1x user identity from the radius request, right? Maybe you can enlighten me.
Googling around I found this article/section:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/user_guide/ise_user_guide/ise_sw_cnfg.html#wp1059679
which seems to imply that dhcp snooping info can be used when applying DACLs. Interesting, because I thought that was based on the ip device tracking table only. But, it says that dhcp snooping is optional, and doesn't go into any detail.
Still digging, I would like to understand this. Thanks for your help. -
Can I use DHCP snooping and IOS DHCP server on the same switch stack
Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
ThanksNope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition. -
[solved] DHCP snooping in environment with core and access switches
Hello,
I'd like to know what steps are needed to configure DHCP snooping in my environment:
1) two core switches Catalyst 6500 (VSS): VLAN defined here, DHCP server connected here
2) access switches Catalyst 3750: clients connected here
Access switches are connected to core ones via trunk ports (fiber optics).
How many snooping databases are required? One for core and next for each stack?Hi Marian,
If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.
If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.
I am not sure if this answers your question so please feel welcome to ask further.
Best regards,
Peter -
IP DHCP snooping, IP source Guard, and DIA
Hi All,
I have Configured DHCP snooping and IP source guard and Dynamic arp inspection on my 3560 and 3750 Network Switches,
on both of them I'm facing that issue. (the printers and access points are configured to get ip addresses via DHCP), but when the lease time expires, they don't get ip addresses, and become unreacheable.
while all other clients get thier ip addresses normally
below you can find the Configuration configuration
ip dhcp snooping vlan 98,105,111
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcpsnooping
ip dhcp snooping database write-delay 15
ip dhcp snooping
ip arp inspection vlan 98,105,111
ip verify trust on all access ports including printers and access point ports
all access ports are DHCP snooping untrusted
also when I create a static dhcp snooping binding record for these devices on the switch it resolves the Issue, but when I reload the switch it's removed automatically.
any resolution will be much appreciated.
regards,
Mahercheck the following link for configuration of DHCP snooping
http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html -
C2950 IOS for DHCP Snooping and DAI
hi all,
anyone knows what image i would need for my 2950 to enable DHCP snooping and DAI features (just for lab purpose)?
or are these features just available on the bigger modular switches (4500 and 6500)?
>sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA8a, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 28-Jul-06 15:16 by weiliu
Image text-base: 0x80010000, data-base: 0x8056A000
Switch(config)#ip dhcp snooping ?
information DHCP Snooping information
vlan DHCP Snooping vlan
<cr>
Switch(config)#ip arp ?
% Unrecognized commandHi Alain,
Thanks for this info! I've read you're CCNA Security.
Just curious, are you gonna write your CCNP Security soon?
Could you recommend a good lab switch for SECURE?
Sent from Cisco Technical Support iPad App -
Help understanding DHCP Snooping and Dynamic ARP Inspection
Please help me to understand DHCP Snooping and Dynamic ARP Inspection.
HI Ezra,
In simple words:
DHCP Snooping is a feature which is available on switches. This feature is used to prevent rogue dhcp server attacks.
In the diagram, a valid dhcp server is connected to the network. The computers are suppose to receive dynamic ip addresses from the valid server. An attacker implants a rogue dhcp server on the network as shown in the diagram. The following steps are followed for a client to receive an ip address from a dhcp server.
When a client (computer) is connected to the switch and is configured to receive a dynamic ip address from a dhcp server, the dhcp service on the client, sends out a DHCP Discover packet, searching for servers on the network. This packet is broadcast in nature. DHCP servers on the network, would respond to the DHCP Discover packet sent from the client. In the example, both the DHCP servers would respond to the DHCP discover packet. The client would process the first packet it receives. If the response send by the rogue dhcp server reaches the client first, then the computer would have an ip address provided by the rogue dhcp server.
To prevent this, dhcp snooping is configured on the port on which the valid dhcp server is connected to. After the configuration is performed, no other ports on the switch would be able to respond to DHCP Discover packets from the clients. So even through the attacker has set up a rogue dhcp server, the port on the switch to which the attacker has connected would not be allowed to respond to DHCP discover packets. Thus dhcp snooping thwarts the attempt from the attacker in setting up a rogue dhcp server.
DAI:
Please read the expalined version from here: http://ciscocertstudyblog.blogspot.de/2010/06/ciscoblogpics.html
More about DHCP snooping and DAI: Please read this attached document with some detailed explanation.
Hope it helps.
Regards
Please use rating system and mark athe question answered it may help others. -
Sg200-50 support dhcp snooping and dynamic arp inspection?
do the sg200-50 switches support:
dhcp snooping
dynamic arp inspection
?? thanksHI d.pennington,
SG200 is L2 switch only. so this mean switch not support dhcp snooping. Switch support IGMP snooping, Switch support dynamic arp table. You can management switch with web page GUI only (CLI) not supported.
Thanks,
Moh -
The question is: is there such thing? The bits and pieces of info I've found kind of contradict each other (some say it's been there since IOS SXE, some say it's not supported at all) - the fact is, we have a 6509 in our network running s222-adventerprisek9_wan-mz.122-18.SXF17a.bin on which "ip dhcp snooping" doesn't seem to be available, either in global or interface config mode...
Thank you.Hi,
Looking at the configuration for your IOS version.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SXF/native/configuration/guide/swcg/snoodhcp.html
You need a PFC3 st support ip dhcp snooping
Configuring DHCP Snooping
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 6500 series switches.
Note•The DHCP snooping feature requires PFC3 and Release 12.2(18)SXE and later releases. The PFC2 does not support DHCP snooping.
•For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Master Command List, Release 12.2SX at this URL:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
Regards,
Alex.
Please rate useful posts. -
N7K - Any way to save the DHCP Snooping DB?
Catalyst has 'ip dhcp snooping database' command to save as a file. Cannot find similar command on the Nexus. Without it, wouldn't a reboot cause the DB to come up empty, triggering arp inspection and source guard for legitimate traffic?
Hello Bob,
In the recently releases by default DHCP bindings are not saved persistently across switch reboots. To maintain persistent bindings across switch reboots, use the copy run start command.
When the copy run start command is issued, all bindings that exist at that time are made persistent across switch reboots. -
Ip source guard feature and dhcp DHCP scope exhaustion (client spoofs other clients)
Hi everybody.
A dhcp server assigns ip adress based on mac address carried by client hardware field in dhcp packets.
One potential attack is when a rogue host mimics different mac addresses and causes dhcp server to assign the ip addresses until no ip address is left for legitimate host.
For e.g a host h1 with mac1 has assigned ip address by dhcp server as:
199.199.199.1 mac1
Dhcp server has the above entry in its database.
Using hacking tools such as Yersinia or Gobbler one can create a dhcp discover messages each time creating a different mac for client hardware field in dhcp server thereby causing a dhcp server to assign ip addresses because to dhcp server , these are legitimate dhcp discover messages with each carrying a different mac in client hardware addresses.
You might say use dhcp snooping and it will prevent that ( dhcp scope exhaustion) and configure the switch to check if src mac matches the client hardware address in dhcp message. But still we can creat spoofed discover messages where src mac in ethernet header will match the client hardware address in dhcp discover message. We still did not overcome the problem.
You might say use IP source guard feature but will it really prevent that problem from happening?
Let me illustrate it :
h1---------f1/1SW---------DHCP server
Let say we have configured dhcp snooping on sw1 and f1/1 is untrusted port. The switch has following dhcp binding
199.199.199.1 mac1 vlan1 f1/1
Next we configure ip source guard to validate both src mac and src ip against the dhcp bindings . When we configures ip source guard first , it will allow dhcp communication only so a host can request ip address and a dhcp binding can be built. After that ip source guard will validate src ip or src mac or both against the dhcp binding.depending upon how we configure ip source guard.
In our case we have configured ip source guard to validate both src mac and src ip against the dhcp binding.
A dhcp binding is already created as:
199.199.199.1 mac1 vlan 1 f1/1
Now using the hacking tools Yersinia or Gobbler on h1, we create our first spoofed dhcp discover message where src mac=mac2 in ethernet header and client harware address= mac2 in dhcp discover message. Since switch is configured with ip source guard feature and therefore allows dhcp discover message to pass through. Dhcp server upon receiving the dhcp message assigns another ip address from the pool. Now the dhcp server has following entries:
199.199.199.1 mac1
199.199.199.2 mac2.
We can continue to craft spoofed dhcp discover messages as mentioned above and have dhcp server keep assigning ip addresses until the whole pool is exhausted.
So my question is how does ip source guard in conjuction with dhcp snooping prevent this particular attack from happening? ( i.e DHCP scope exhaustion)
I really appreciate your input.
thanks and have a great week.Thanks Karthikeyan.
First of all, we gather all the information about the locations of legitimate dhcp servers in our network. Once we have this information, we will configure the ports used to reach them as trusted. All the ports where end users will connect will be untrusted and therefore subject to dhcp snooping .
it means if any of user connected in that switch/vlan runs a dhcp services like vmware for eg. Snooping will prevent the dhcp/bootp servers connected to that port will not be able to process.
Yes that is correct. Because dhcp snooping feature will check these ports for the messages usually sent by dhcp server such as dhcp offer, etc. If the end user is running dhcp server using virtual machine, that port should be configured as trusted if it is dertermined that end user is running a legitimate dhcp server using vm ware.
When we have the dhcp snooping it prevents the 1st level of hacking itself. I don't think so it will have any impact on dhcp address releasing.
I am sorry. You lost me here. What is 1 level of hacking?
Dhcp snooping checks for dhcp messages such as dhcp release, dhcp decline.on untrusted port against the dhcp bindings.
Here is why;
h1---------SW1-------dhcp server
|
h2
Let say we don't have dhcp snooping in above attack and h2 is a legitimate user has already assigned ip address 199.199.199.2 by dhcp server. Thus the dhcp server has an entry:
199.199.199.2 mac2
Next we connect rogue user and it gets ip address 199.199.199.1 now the dhcp server has entries:
199.199.199. 1 mac1
199.199.199.2 mac2
Now using hacking tools, h1 create a fake dhcp release message with 199.199.199.199.2 mac2
Dhcp server upon receiving this message, will release the ip address and returns it to the pool.
By using DHCP snooping, switch will peer inside dhcp release message and checks against the binding. If there is conflict, it will drop the message.
IFor e.g
If have dhcp snooping configured , then switch will have adhcp binding as:
199.199.199.1 mac1 vlan 1 f1/1 lease time
199.199.199.2 mac2 vlan 2 f1/2 lease time.
If h1 tries to send fake dhcp release with ip address 199.199.199.2 mac2
Switch will check ip address 199.199.199.2 and mac2 against the binding related to f1/1 . Sw will find a conflict and therefore drops the dhcp release packet.
Thanks -
Hi,
Can anyone help me with these setup issues.
The Cat OS config guide chapter "configuring DHCP-snooping and IP source guard" for v8.4 doesnt mention how to:
1) Disable dhcp-snooping
2) configure a destination for the snooping database.
I would like to setup the local flash PCMCIA card as a destination for the DB.
I have found documentation for other releases of CatOS that state how to specify a DB location:
set dhcp-snooping bindings-database <device>:[filename]
However this syntax is not supported in 8.4. With command line auto-complete (the tab key) and/or help there is no option for "bindings-database" available.
Do I need to activate the DB somewhere else in the config?
thanks,The command to disable DHCP snooping is:disabled the ip dhcp snooping
-
Hi,
I would like to DHCP snooping on the WLC.
Or a method to block DHCP pirate and authorized my DHCP.
Best Regards,
Julien Hernandez.Here the client 192.168.0.0 :
(Cisco Controller) >show client detail 1c:99:4c:6f:c6:96
Client MAC Address............................... 1c:99:4c:6f:c6:96
Client Username ................................. N/A
AP MAC Address................................... 44:ad:d9:57:fd:20
AP Name.......................................... AP-INDE-106
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 44:ad:d9:57:fd:20
Connected For ................................... 8127 secs
Channel.......................................... 11
IP Address....................................... 192.168.0.155
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 8
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 15000
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 5.5,11.0,6.0,9.0,12.0,18.0,
............................................. 24.0,36.0,48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. none
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
FlexConnect Data Switching....................... Local
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 321
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 2526655
Number of Bytes Sent....................... 2425132
Total Number of Bytes Sent................. 2425132
Total Number of Bytes Recv................. 2526655
Number of Bytes Sent (last 90s)............ 64
Number of Bytes Recv (last 90s)............ 6764
Number of Packets Received................. 25105
Number of Packets Sent..................... 5996
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 1018
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 56
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -60 dBm
Signal to Noise Ratio...................... 24 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP-INDE-108(slot 0)
antenna0: 5364 secs ago.................. -74 dBm
antenna1: 5364 secs ago.................. -87 dBm
AP-INDE-106(slot 0)
antenna0: 5364 secs ago.................. -67 dBm
antenna1: 5364 secs ago.................. -57 dBm
AP-INDE-106(slot 1)
antenna0: 5363 secs ago.................. -82 dBm
antenna1: 5363 secs ago.................. -87 dBm
AP-INDE-111(slot 0)
antenna0: 5364 secs ago.................. -94 dBm
antenna1: 5364 secs ago.................. -97 dBm
AP-INDE-119(slot 0)
antenna0: 5364 secs ago.................. -87 dBm
antenna1: 5364 secs ago.................. -91 dBm
AP-INDE-105(slot 0)
antenna0: 5364 secs ago.................. -68 dBm
antenna1: 5364 secs ago.................. -79 dBm
AP-INDE-105(slot 1)
antenna0: 5363 secs ago.................. -90 dBm
antenna1: 5363 secs ago.................. -87 dBm
AP-INDE-109(slot 0)
antenna0: 5364 secs ago.................. -75 dBm
antenna1: 5364 secs ago.................. -85 dBm
AP-INDE-109(slot 1)
antenna0: 5364 secs ago.................. -83 dBm
antenna1: 5364 secs ago.................. -78 dBm
AP-INDE-121(slot 0)
antenna0: 14490 secs ago................. -91 dBm
antenna1: 14490 secs ago................. -92 dBm
AP-INDE-126(slot 0)
antenna0: 8132 secs ago.................. -89 dBm
antenna1: 8132 secs ago.................. -92 dBm
AP-INDE-126(slot 1)
antenna0: 38197 secs ago................. -93 dBm
antenna1: 38197 secs ago................. -83 dBm
AP-INDE-116(slot 0)
antenna0: 5364 secs ago.................. -61 dBm
antenna1: 5364 secs ago.................. -50 dBm
AP-INDE-116(slot 1)
antenna0: 5364 secs ago.................. -82 dBm
antenna1: 5364 secs ago.................. -86 dBm
AP-INDE-112(slot 0)
antenna0: 5364 secs ago.................. -71 dBm
antenna1: 5364 secs ago.................. -71 dBm
AP-INDE-112(slot 1)
antenna0: 5364 secs ago.................. -88 dBm
antenna1: 5364 secs ago.................. -90 dBm
AP-INDE-107(slot 0)
antenna0: 8129 secs ago.................. -91 dBm
antenna1: 8129 secs ago.................. -85 dBm
AP-INDE-118(slot 0)
antenna0: 5364 secs ago.................. -94 dBm
antenna1: 5364 secs ago.................. -91 dBm
AP-INDE-114(slot 0)
antenna0: 5364 secs ago.................. -93 dBm
antenna1: 5364 secs ago.................. -85 dBm
AP-INDE-114(slot 1)
antenna0: 38197 secs ago................. -93 dBm
antenna1: 38197 secs ago................. -91 dBm
AP-INDE-123(slot 0)
antenna0: 5364 secs ago.................. -72 dBm
antenna1: 5364 secs ago.................. -83 dBm
AP-INDE-103(slot 0)
antenna0: 5364 secs ago.................. -91 dBm
antenna1: 5364 secs ago.................. -83 dBm
AP-INDE-104(slot 0)
antenna0: 5364 secs ago.................. -87 dBm
antenna1: 5364 secs ago.................. -90 dBm
AP-INDE-102(slot 0)
antenna0: 5364 secs ago.................. -90 dBm
antenna1: 5364 secs ago.................. -87 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
Client Dhcp Required: True
Allowed (URL)IP Addresses
(Cisco Controller) >show client detail ec:59:e7:e9:e5:68
Client MAC Address............................... ec:59:e7:e9:e5:68
Client Username ................................. N/A
AP MAC Address................................... 44:ad:d9:57:fd:20
AP Name.......................................... AP-INDE-106
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 44:ad:d9:57:fd:20
Connected For ................................... 3043 secs
Channel.......................................... 11
IP Address....................................... 192.168.0.162
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 4
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 15000
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 5.5,11.0,6.0,9.0,12.0,18.0,
............................................. 24.0,36.0,48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. none
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
FlexConnect Data Switching....................... Local
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 321
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 1
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 13499
Number of Bytes Sent....................... 7662
Total Number of Bytes Sent................. 7662
Total Number of Bytes Recv................. 13499
Number of Bytes Sent (last 90s)............ 0
Number of Bytes Recv (last 90s)............ 0
Number of Packets Received................. 184
Number of Packets Sent..................... 69
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 61
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 2
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -70 dBm
Signal to Noise Ratio...................... 18 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP-INDE-120(slot 0)
antenna0: 36159 secs ago................. -98 dBm
antenna1: 36159 secs ago................. -97 dBm
AP-INDE-115(slot 0)
antenna0: 11075 secs ago................. -96 dBm
antenna1: 11075 secs ago................. -96 dBm
AP-INDE-108(slot 0)
antenna0: 188 secs ago................... -96 dBm
antenna1: 188 secs ago................... -95 dBm
AP-INDE-106(slot 0)
antenna0: 188 secs ago................... -78 dBm
antenna1: 188 secs ago................... -67 dBm
AP-INDE-111(slot 0)
antenna0: 1451 secs ago.................. -98 dBm
antenna1: 1451 secs ago.................. -95 dBm
AP-INDE-119(slot 0)
antenna0: 188 secs ago................... -87 dBm
antenna1: 188 secs ago................... -95 dBm
AP-INDE-122(slot 0)
antenna0: 73165 secs ago................. -95 dBm
antenna1: 73165 secs ago................. -95 dBm
AP-INDE-105(slot 0)
antenna0: 188 secs ago................... -85 dBm
antenna1: 188 secs ago................... -86 dBm
AP-INDE-109(slot 0)
antenna0: 332 secs ago................... -91 dBm
antenna1: 332 secs ago................... -89 dBm
AP-INDE-121(slot 0)
antenna0: 2708 secs ago.................. -98 dBm
antenna1: 2708 secs ago.................. -96 dBm
AP-INDE-126(slot 0)
antenna0: 215 secs ago................... -84 dBm
antenna1: 215 secs ago................... -86 dBm
AP-INDE-116(slot 0)
antenna0: 188 secs ago................... -61 dBm
antenna1: 188 secs ago................... -61 dBm
AP-INDE-112(slot 0)
antenna0: 187 secs ago................... -83 dBm
antenna1: 187 secs ago................... -85 dBm
AP-INDE-107(slot 0)
antenna0: 188 secs ago................... -89 dBm
antenna1: 188 secs ago................... -90 dBm
AP-INDE-118(slot 0)
antenna0: 188 secs ago................... -95 dBm
antenna1: 188 secs ago................... -98 dBm
AP-INDE-114(slot 0)
antenna0: 187 secs ago................... -83 dBm
antenna1: 187 secs ago................... -85 dBm
AP-INDE-113(slot 0)
antenna0: 38981 secs ago................. -94 dBm
antenna1: 38981 secs ago................. -95 dBm
AP-INDE-123(slot 0)
antenna0: 187 secs ago................... -73 dBm
antenna1: 187 secs ago................... -65 dBm
AP-INDE-117(slot 0)
antenna0: 11013 secs ago................. -94 dBm
antenna1: 11013 secs ago................. -97 dBm
AP-INDE-103(slot 0)
antenna0: 187 secs ago................... -70 dBm
antenna1: 187 secs ago................... -80 dBm
AP-INDE-104(slot 0)
antenna0: 214 secs ago................... -95 dBm
antenna1: 214 secs ago................... -91 dBm
AP-INDE-102(slot 0)
antenna0: 215 secs ago................... -87 dBm
antenna1: 215 secs ago................... -88 dBm
AP-INDE-100(slot 0)
antenna0: 11014 secs ago................. -96 dBm
antenna1: 11014 secs ago................. -96 dBm
AP-INDE-101(slot 0)
antenna0: 11013 secs ago................. -96 dBm
antenna1: 11013 secs ago................. -95 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
Client Dhcp Required: True
Allowed (URL)IP Addresses -
DHCP Snooping database - The current agent is active
Hello, I need to change an database URL. But switch can't end active agent.
After release of command I get an message, and nothing happend. After release "no" the result is the same.
I had tried no ip dhcp snooping and also use a timers to expire, but I think switch have got a software error.
Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1)
switch#ip dhcp snooping database scp://user:[email protected]/tftpboot/snooping/switch
%Cannot change URL. The current agent is active.Hi Sunil, that was the last idea I had got.
The one before the last was write on this support forum.
So I tried everythink but reboot. Which is little bit strange solution.
Thank you.
Maybe you are looking for
-
After the 6.1 update my iPhone 4S will no longer connect with my car stereo (2012 Chevy Sonic). Until update, everything was working fine and I experienced no such issues. I have tried deleting my phone from my stereo memory and re-pairing, but I g
-
How do you make adobe X open the "combine pdf" window in the foreground?
This may not be the correct forum for this question, but considering that I simply have not been able to get a reply in any other Adobe forum, I decided to just post this question to ALL Adobe forums until I get a response......... How do you make ad
-
How to rename folder in Final Cut Pro X project library?
How to rename folder in Final Cut Pro X project library? I can't double click on folder, when I right click it just gives options to erase. Can someone help?
-
Does anyone know how to set up account so we can order any apps using a purchase order with the exact amount instead of usig a voucher? Not sure if Im in the right place.
-
Color differences between Import preview and image in Library
Hi folks, when I try to import photos from my D200, theys show up in the bnright colors they should during the import dialog. But once they have been imported into the Library, they are all pale - no matter if it's NEF or DNG. I do not apply Auto-Ton