Cisco 4402 Guest lan and product lan DHCP assignment

Similar Messages

• Define static IP for both LAN and W-LAN devices with an Airport Extreme Base Station

  Hey guys,
  I have a lot of different devices connected to my Airport Extreme Base Station (5th Gen) either wirelessly or via ethernet cable. Since I control some of them via VNC and currently have to find the corresponding IP-addresses through trial-and-error, I'd like to define static IP-addresses for the computers in question. My network consists of a cable modem connected to a TP-Link WR1043ND router in the basement, from which an ethernet cable leads to the WAN-port of the aforementioned Airport Extreme Base Station on the 2nd floor. Two of the devices I want to remote-access are  wired to a D-Link DES-1005D switch, which in turn is connected to the 1st ethernet port of the Airport Base Station. The remaining 3 remote clients are connected over 802.11n. All computers run Windows.
  My problem now is that even though I was able to define static IP-addresses employing the "DHCP only" router mode, this didn't seem to work for the two computers connected via ethernet. Not only did I lose any internet connectivity with those, I even lost the ability to remote-connect to them using the VNC-viewer.
  The question now is: how do I specify static IP-addresses for my ethernet devices correctly?
  I hope you can help me.

  My network consists of a cable modem connected to a TP-Link WR1043ND router in the basement, from which an ethernet cable leads to the WAN-port of the aforementioned Airport Extreme Base Station on the 2nd floor.
  If you read the information in the other post, my answer would be the same here.
  The Router Mode of DHCP Only is rarely used, and would only really be appropriate if your ISP was providing you with a fixed bank of multiple fixed or static IP addresses to use. This does not appear to be the case in your post.
  If this were the case, the first IP address would be used as a Static IP address for your connection, and other devices on your network would receive the other fixed IP addresses.
  99%+ of the time, you would use the Router Mode setting of DHCP and NAT on a network when you want the AirPort to perform as the main router for the network.
  But......your post also indicates that you have another router upstream on your network from the AirPort Extreme.  You would not want to run two routers in series on a network. That explains the problems that you are having.
  The AirPort Extreme needs to be configured in Bridge Mode. It cannot be the "main" router on your network when you already have another router on the network. That is a fundamental networking rule.

• Cisco NAC Guest Server and shellshock

  Hello,
  We are running NAC server v2.0.2 and would like to know if it's vulnerable to shellshock as the bug report CSCur05629 isn't clear on this. 

  Well you will need to use a 3rd party certificate..  Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Here is a link for the NGS:
  http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ
  The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems.  So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue.

• Guest LAN and WLAN on Controller

  Hi,
  While creating new ssid, i can see the option guest lan and wlan, whats the difference? which one is preffered?
  Thanks in advance..

  Hi,
  I remember answering this few days and also George joined the thread.. or max week back..
  Guest LAN WLAN =
  1> The clients connecting to the WLAN will have a time limit on the connectivity, for example you can configure the Guest WLAN for 24 hours or something which you want..
  2> I guess George pointed this in the previous thread.. Can be used for Wired Guest Users configuration as well , here is the link..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
  WLAN =
  Just nothing but a SSID with security which doesnt have any time limit.
  which one is preffered? =
  Its your network and what ever meets your requirements you can use that.. however both of them does its job with different features involved.
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Software Version Upgrade for Cisco 4402 Wireless Lan Controller

  Hi,
  We have Cisco 4402 Wireless Lan Controller with Software Version 3.2.171.6 and we want to upgrade it to latest version.
  So can anyone please let me know the latest version to upgrade the WLC?
  Also since WLC is running on very lower version is it possible to upgrade to the latest version directly or we have to move it step by step to upgrade this to latest version?
  Thanks

  Take a look at the compatibility matrix below:
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
  7.0.235 is the latest that you can go to:
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_235_0.html
  The release notes outline the upgrade process.
  "Upgrade to 4.0.206.0 or later 4.0 release, then upgrade to 4.2.176.0, before upgrading to 7.0.235.0."

• Server 2012 r2 essentials...urgent help needed...Two separate DHCP servers, one for lan and one for wifi...design picture attached

  hello
  S2012 R2 essentials is in office...Want to have functional 2012 dhcp, dns, ad, wds role for 1gbps wired lan and separate wi-fi for temporary visitors for internet access like gsm phones etc...Need functional anywhere access to office server and computers
  for administering...When worker with laptop go out of office must have have full functional wifi.
  here is picture what i have in my mind with all components in network.
  How to configure L3 switch, router and server? Many thanks

  Hi,
  Based on your description, I understand that you want to prepare network for the Windows Server 2012 R2 Essentials,
  then will run a DHCP Server on the Windows Server 2012 R2 Essentials and correctly configure router. Please refer to following article and check if can help you.
  Before You Install Windows Server 2012 Essentials
  For DHCP, please refer to following article.
  Running
  DHCP Server on Windows Server 2012 Essentials
  For router configuration, please refer to following article.
  Configure a Router - Windows Server Essentials
  If anything I misunderstand or any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Guest Anchors and external DHCP servers

  Hi,
  We are using guest anchors (GA) for supporting wireless guest user.
  Until now we used internal DHCP server on the GA but now we want to move to external.
  For example:
  The guest will reside on 192.168.0.x, this is separated by a firewall from the inside network and is not routable on the inside.(this is the guest interface of the GA)
  The DHCP server will be somewhere on the internal network only reachable by GA's management interface.
  Is it possible for DHCP requests to be forwarded to the DHCP server originating from the management interface?
  If this is not how it should happen, than what other options are there for placing the external DHCP servers?
  Let me know if you need more information regarding our solution..
  Thank you,
  Laszlo

  Hello Laszlo,
  Yes, what you want to do can be done but there are few things that you have to consider.
  First is that you are not going to use the WLC as the DHCP server so you should go to the interface configuration and point the DHCP server to the external one.
  Now, what you want to do here is to make the wireless LAN controller a DHCP relay agent (or proxy), this way the wireless LAN controller is the one handling all the DHCP requests and it is going to be the one asking for an IP address in behalf of the client using the management interface. This behavior is enabled by default and I believe you have it already configured because it is necessary for the internal DHCP server of the WLC to work; it is configured on the "Controller" tab > Advanced > DHCP. On new versions of software this option is configurable by interface.
  There is a catch though, if the DHCP server is an ASA or if the request has to go through an ASA or firewall, this might not work because by design some ASAs will drop every DHCP request comming from a relay agent so just consider this when you do these type of deployments.
  If you have any questions let me know.
  Best regards,
  Marco Gonzalez
  Cisco TAC TL

• Cisco Wireless Control System need wireless Lan Controller ?

  Cisco Wireless Control System need wireless Lan Controller , for Rogue detection

  Hi Joao,
  The WCS is used in conjuntion with the WLC (Wireless Lan Controller) for Rogue Detection. It is not a must for this function but more of an add-on :)
  The Cisco WCS is an optional network component that works in conjunction with Cisco Aironet Lightweight Access Points, Cisco wireless LAN controllers and the Cisco Wireless Location Appliance.
  From this doc;
  http://www.cisco.com/en/US/products/ps6305/index.html
  Overview of WCS
  The Cisco Wireless Control System (WCS) is a Cisco Unified Wireless Network Solution management tool that adds to the capabilities of the web user interface and command line interface (CLI), moving from individual controllers to a network of controllers. WCS includes the same configuration, performance monitoring, security, fault management, and accounting options used at the controller level and adds a graphical view of multiple controllers and managed access points.
  WCS runs on Windows 2003 and Red Hat Enterprise Linux ES 4.0 and AS 4.0 servers. On both Windows and Linux, WCS can run as a normal application or as a service, which runs continuously and resumes running after a reboot.
  The WCS user interface enables operators to control all permitted Cisco Unified Wireless Network Solution configuration, monitoring, and control functions through Internet Explorer 6.0 or later. Operator permissions are defined by the administrator using the WCS user interface Administration menu, which enables the administrator to manage user accounts and schedule periodic maintenance tasks.
  WCS simplifies controller configuration and monitoring while reducing data entry errors with the Cisco Unified Wireless Network Controller autodiscovery algorithm. WCS uses the industry-standard SNMP protocol to communicate with the controllers.
  From this good doc;
  http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b7270.html#wp1131195
  Detect and Locate Rogue Access Points
  From this WCS doc;
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806f070a.shtml#new5
  Rogue Detection under Unified Wireless Networks
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
  Hope this helps!
  Rob

• Cisco 4402 WLC IOS Upgradation using CLI and Web Interface

  Hi,
  I would like to know how to upgrade IOS of Cisco 4402 WireLess LAN Controller using CLI and Web interface ?
  Can any one help me regarding the same.
  Please answer as soon as possible.
  Thanks in advance.

  Here are the instructions for upgrading the controllers via GUI:
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn52.html#wp472449
  Instructions via cli:
  Cisco recommends that a direct CLI console port connection is used to update the controller software.
  1. Make sure a TFTP server is available for the Operating System (OS) software download. Also, keep these guidelines in mind when the TFTP server is set up:
  If a download is performed through the service port, the TFTP server must be on the same subnet as the service port because the service port is not routable.
  If a download is performed through the Distribution System (DS) network port, the TFTP server can be on the same or a different subnet because the DS port is routable.
  The TFTP server cannot run on the same computer as the Cisco Wireless Control System (WCS) because WCS and the TFTP server use the same communication port.
  2. Download the desired OS software update file from the Cisco website to the default directory on the TFTP server.
  3. Log into the WLC CLI.
  4. Issue the ping server-ip-address command to verify that the WLC can contact the TFTP server.
  5. Issue the transfer download start command and answer n when prompted to view the current download settings.
  This example shows the command output:
  transfer download start
  Mode........................................... TFTP
  Data Type...................................... Code
  TFTP Server IP.................................
  xxx.xxx.xxx.xxx
  6. TFTP Path...................................... TFTP Filename.................................. AS_2000_3_0_x_x.aes --OR-- AS_4100_3_0_x_x.aes --OR-- AS_4400_3_0_x_x.aes Are you sure you want to start? (y/n) n Transfer Canceled Issue these commands to change the download settings:
  * transfer download mode tftp
  * transfer download datatype code
  * transfer download serverip tftp-server-ip-address
  * transfer download filename filename
  * transfer download path absolute-tftp-server-path-to-file
  Note: All TFTP servers require the full pathname. For example, in Windows, the path is C:\TFTP-Root. (In UNIX forward slashes (/) are required.)
  7. Issue the transfer download start command to view the updated settings, and answer y when prompted to confirm the current download settings and start the OS code download.
  This example shows the download command output:
  transfer download start
  Mode........................................... TFTP
  Data Type...................................... Code
  TFTP Server IP.................................
  xxx.xxx.xxx.xxx
  TFTP Path......................................
  path>
  TFTP Filename..................................
  AS_2000_3_0_x_x.aes --OR--
  AS_4100_3_0_x_x.aes --OR--
  AS_4400_3_0_x_x.aes
  Are you sure you want to start? (y/n) y
  TFTP Code transfer starting.
  TFTP receive complete... extracting components.
  Writing new bootloader to flash.
  Making backup copy of RTOS.
  Writing new RTOS to flash.
  Making backup copy of Code.
  Writing new Code to flash.
  TFTP File transfer operation completed successfully. Please
  restart the switch (reset system) for update to complete.
  8. The WLC now has the code update in active volatile RAM, but the reset system command must be issued to save the code update to non-volatile RAM (NVRAM) and reboot the WLC.
  This is a sample output:
  The system has unsaved changes.
  Would you like to save them now? (y/n) y
  The controller completes the bootup proce

• Which Monitoring Tool is best to monitor LAN and WAN

  Hi,
  CAN ANYONE TELL ME Which Monitoring Tool is best to monitor LAN and WAN.
  Waiting for immediate response.
  Thanks
  Irshad

  To start with HP open, this is SNMP-based as well. As it is around for quite a while and delivers support for many vendors, it has become sort of an industry standard. Many other vendors deliver add-ons (even CiscoWorks) to support their products via HP open. That functionality however comes with a price. If you have plenty of money an a large network to manage, HP open might be your best choice.
  Cisco Works and other -start-with-C- products are typically used to manage Cisco devices. If you have a fair share of non-cisco boxes around you will find that you cannot see or do everything with them that you might want.
  One special thing about CiscoWorks is that it lacks a grapical real-time overview of the network. In my opinion this is a weakness in the product. On the other hand, it has many nice features to manage all kinds of Cisco devices.
  My ideal solution is to use both a generic SNMP manager, SNMPc in my case, and CiscoWorks 2000. With SNMPc I can quickly see network node status and do some bandwidth management (baselining). CW2k serves mainly to execute changes (NetConfig) and as a syslogger. It is also used to perform IOS upgrades and to store config files.
  I guess this could be done with HP open as well, but our money does not reach far enough to pay for both. SNMPc costs a lot less, both in purchase and in maintenance.
  Hope this clarifies things a bit.
  Regards,
  Leo

• Hyper-V Replication over Dedicated LAN and "is alive" checks over Corporate LAN

  I am testing Hyper-V replication to see if it will be a suitable replacement for the ArcServer RHA product.  One thing I am struggling with is configuring the replication to use the dedicated LAN, but still have the host servers verify over the corporate
  LAN.  
  I have seen the blogs on how to use a dedicated route and editing the hosts file to get replication to use the dedicated LAN, but that also changes the LAN in which the host servers communicate.  It seems to me that if the corporate LAN were to go down
  on the master server, I wouldn't be able to fail over the virtual machines to the replica server without first having to connect into the master server through the dedicated LAN of the replica server to shut down the virtual machines.
  I need to be able to fail over to the replica server if the corporate network connection on the master server drops without having to go through the extra steps of connecting into the master server first.
  Is it possible for the two items to be separated?  Can I tell Hyper-V to replicate using one specific IP destination on the dedicated LAN and have the replica server check to see if the master is live over the corporate LAN?

  Hi Telrick,
  >> It seems to me that if the corporate LAN were to go down on the master server, I wouldn't
  be able to fail over the virtual machines to the replica server without first having to connect into the master server through the dedicated LAN of the replica server to shut down the virtual machines.
  I want to say that there are "planned fail over" and "unplanned fail over " , the latter applies the primary server crashing (you can select "failover" on "replica server " then the VM will start up ,after the primary
  server online again you can do "reverse" )
  The point is that you can not use hyper-v replica as a backup (it will lost little data which have not yet been replicated to replica server when "unplanned fail over" happens ) 
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Transparent Tunneling and Local Lan Access via VPN Client

  Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
  Mike Bowyer

  Hi Mike,
  "Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
  What do you mean exactly with "disabled once the connection is made" ?
  You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
  Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
  Are any local LAN routes displayed when your are connected ?
  And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
  1: This feature works only on one NIC card, the same NIC card as the tunnel.
  2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
  Carsten
  PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel.

• WRT150N (New) Gateway IP stops responding to LAN and wireless clients. Hangs, stops, loss of service

  WRT150N Firmware Version: v1.51.3 : From LAN and wireless connected devices, Internet connectivity is lost. I try to ping the LAN side gateway IP address from my laptop and desktop, no response. Web management does not work either. Power re-cycle of the WRT150N fixes the problem. The problem is infrequent, it can happen twice per day or once every 2 days.
  When the problem occurs,
  the DHCP info in my clients looks fine and shows the correct gateway IP address, mask etc. ;
  the desktop and laptop can still ping each other;
  The gateway is unreacheable and all out going connectivity is lost
  Does anybody have any solution or maybe has had the same experience.
  I cannot track the problem happening to any particular event or usage pattern however I am using the Azureus bit torrent client all the time.
  I have an incident raised with LinkSys Technical Support but no response so far from them.
  WRT150N Firmware Version: v1.51.3  

  Hi - please go to this thread for more details:
  http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=103033#M103033
  or search for the other thread started by (fb2k). But briefly over the 1 year period since this thread started my local store replaced my wrt150n 3 times and then gave me a wrt160n which was replaced and its still having the problem. I am now running Open Source wireless software (DD-WRT) on the WRT160N and it has been up 18 days with no restart. I didnt want to do this but I got fed up taking my unit back to the store. Thanks to fb2k (on the other thread) for taking the plunge and reporting success with the DD-WRT software.
  Message Edited by NetGuy-Dubai on 08-23-2008 01:06 PM
  Message Edited by NetGuy-Dubai on 08-23-2008 01:07 PM

• Wireless Guest Network using Cisco 4402 as an Anchor Controller

  Hello,
  We have recently redesigned our wireless guest network in accordance to Cisco's recommended deployment using the anchor controller in the DMZ. We have created two mobility groups (enterprise and anchor). The anchor controller and DMZ has two subnets (guest managment and guest clients). The guest management subnet is connected to the controller and firewall allowing the mobility groups and EOIP tunnels while the guest client network is also connected to the controller and firewall to push the client traffic directly out the firewall. The setup works well but the one part that I'm not happy with is the DHCP. Currently DHCP is being handled on the firewall because of issues we had with dhcp relay and the controllers internal dhcp service.
  Does anyone have any information on getting DHCP relay working or the internal dhcp service on the controllers when using as a anchor?
  This is basically the setup guide that we followed.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
  Thanks!

  Hi,
  Make sure you have the IP helper address configured under the VLAN interface on the L3 and also make sure to disable DHCP proxy on both the WLC (Anchor and Foreign).
  This will help us as well..
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• 802.1x Authentication on Wired and Wireless LAN

  I have successfully configured 802.1x authentication on wired and wireless Lan. We have Cisco Switches, ACS SE and Windows AD.
  But i have one issue regarding the Single Sign on while authentication using the 802.1x with Windows Active directory the users that are login first time not able to logon but the users that have their profiles already existed in their PC then there is no issue and they successfully authenticated and login easily.
  Is there any way of login successfully for the users first time using 802.1x authentication with Windows AD like a Single Sign On?

  We ran into the same situation from time to time. We implemented 802.1x authentication using the Cisco Secure Services Client (SSC) on the windows hosts.
  At the beginning we were completly unable to logon on the maschines where no locally stored windows profile exists. After change to timeout to authenticate at the network in the SSC options we are able to logon to the network and also be authenticated by the domain controller.
  Sadly this works out often as a timing issue. Most times the user needs to try a couple of times. At the moment, I'm also very interessted in a good way to avoid this (as it seems to be) racecondition.
  Hope that someone else has any clue?