Clients not receiving DHCP on layer 2 Vlan

I have flexconnect WAPs with local switching and local dhcp server on the switch.
I have one SSID assigned to a layer 2 vlan. The wireless clients are unable to receive an ip address on this vlan. The wired clients are able to receive an ip address on this vlan with no problem.
The WAP switchport is trunked and all of the layer 3 vlans are working with no problem.
The layer 2 vlan interface is assign the DHCP - ip address pool Vendor_VLan
Any help would be appreciated.
Thanks
LH

Hi LH,
Have you configured the SSID with "Local Switching" feature.
Also did you do the vlan mapping on this FlexConnect AP for the configured SSID ?
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

Clients not receiving DHCP IP address from HREAP centrally Switched Guest SSID

Hi All,
I am facing a problem in a newly deployed branch site where the Clients are not receiving DHCP IP address from a centrally switched Guest SSID. I see the client status is associated but the policy manager state is in DHCP_REQD.
The dhcp pool is configured on the controller itself. The local guest clients are able to get DHCP and all works fine, the issue is only with the clients in the remote site. The Hreap APs are in connected mode. Could you please suggest what could be the problem. Below is the out of the debug client.
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Adding mobile on LWAPP AP 3c:ce:73:6d:37:00(1)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Reassociation received from mobile on AP 3c:ce:73:6d:37:00
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'Guest-ACL' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific IPv6 override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying IPv6 Interface Policy for station 10:40:f3:91:7e:24 - vlan 81, interface id 13, interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 3c:ce:73:6d:37:00 vapId 17 apVapId 1
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 apfMsAssoStateInc
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Idle to Associated
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 49) in 28800 seconds
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sending Assoc Response to station on BSSID 3c:ce:73:6d:37:00 (status 0) ApVapId 1 Slot 1
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfProcessAssocReq (apf_80211.c:4672) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Associated
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4183, Adding TMP rule
*apfReceiveTask: May 24 11:35:53.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 3c:ce:73:6d:37:00, slot 1, interface = 13, QOS = 3
ACL Id = 255, Jumbo F
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 IPv6 Vlan = 81, IPv6 intf id = 13
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sent an XID frame
*apfMsConnTask_3: May 24 13:26:49.401: 10:40:f3:91:7e:24 Updating AID for REAP AP Client 3c:ce:73:6d:37:00 - AID ===> 1
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 12) in 10 seconds
*osapiBsnTimer: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:4897) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Disassociated
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: May 24 13:29:09.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Sent Deauthenticate to mobile on BSSID 3c:ce:73:6d:37:00 slot 1(caller apf_ms.c:4981)
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsAssoStateDec
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:5018) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Disassociated to Idle
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:ce:73:6d:37:00]
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Deleting mobile on AP 3c:ce:73:6d:37:00(1)
*pemReceiveTask: May 24 13:29:09.317: 10:40:f3:91:7e:24 0.0.0.0 Removed NPU entry.

#does the client at the remote site roams between AP that connects to different WLC?
#type 9 is not good.
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
#Does your dhcp server getting hits.
#Also, get debug dhcp message & packet.
#Dhcp server is not responding.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

WLC2504 clients not receiving DHCP leases

I'm stock with a 2504 using version 7.0.220.0 that won't lease out DHCP adresses
Wifi clients are unable to get a DHCP lease from an external DHCP server.
The WLC are handling 3 WLAN, 2 using internal DHCP server, 1 (that wont work) using external DHCP. The external DHCP server, is a router/firewall (out of my reach) that suffered from a power out, a short while ago, ever since the DHCP is not working on that VLAN, if client are getting static ip adresses, everything works fine. If i'm using the same network link, and plug it into a computer, I get a DHCP address.
I've enable DHCP proxy
Debbuging DHCP, using: Debug DHCP packets enable
Gives me this:
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP received op BOOTREQUEST (1) (len 308,vlan 20, port 1, encap 0xec00)
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option len (including the magic cookie) 72
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option: message type = DHCP INFORM
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option: 12 (len 1) - skipping
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP option: 55 (len 13) - skipping
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP options end, len 72, actual 64
*DHCP Socket Task: Nov 08 14:21:11.397: c8:0a:a9:cc:6d:f6 DHCP dropping packet (no mscb) found - (giaddr 0.0.0.0, pktInfo->srcPort 68, op: 'BOOTREQUEST')
Thanks

Hi Steen,
When a client is in DHCP REQ state on the controller, the controller drops DHCP inform packets. The client will not go into a RUN state on the controller (this is required for the client to pass traffic) until it receives a DHCP discover packet from the client. DHCP inform packets are forwarded by the controller when DHCP proxy is disabled.
Please check this, if still u r facing issue then provide more info.
Can you please paste a client debug of the client having DHCP issues.
Go to cli of the wlc and run the client debug . Diconnect the client then reconnect and gather the output and post.
Regards

WLC2412-Clients Not receiving DHCP addresses

I recently upgraded a clients WLC and they keep saying they are unable to get an IP address from the DHCP server. It's a simple, flat network and here is what the logs are showing. Any advice would be greatly appreciated.
*apfReceiveTask: Apr 11 13:37:25.477: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:17.278: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:05.880: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:13:47.397: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:25.477: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:17.278: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:05.880: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:13:47.397: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.

(Cisco Controller) show>interface detailed management
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:5d:40
IP Address....................................... 192.168.8.3
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.8.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 8
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 192.168.8.49
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled

Vmware clients not receiving dhcp from wifi networks

we are testing mac laptops running windows 7 virtually using vmware fusion at our office. One problem i ran into is windows 7 cant ever get the dhcp information from Domain Controller to get onto the network/internet here at the office. i have set the NIC to bridged mode in vmware fusion. it works fine at my house where i can get on my home network/internet just not in the office so i know it can be done, but not sure what setting on the cisco wireless lan controller 2106 controlls that feature. can anyone assist me in resolving this? if i plug it into the network using an ethernet cable everything works just fine, so i believe it is just a setting on the wireless controller that needs to be changed, at least thats what i am hoping, im hoping its not some limitation of the system......

Hi,
I thought i replied to this post.. but i havent.. extremly sorry!! here is the bug that we are hitting!!
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi90344
There are workarounds to overcome this..
Workarounds: 1. Configure the virtual machine software for NAT ("shared networking") mode, not bridged mode. 2. If using 4.1 WLC software, configure the virtual machine to use static IP addressing, not DHCP. 3. If you have an AP that does H-REAP, change the AP mode to H-REAP and local switching so that DHCP (and other) packets do not traverse the controller.
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Clients not receiving addresses from DHCP

I have a Cisco 2811 router and have configured it to be a DHCP server at a remote site. It seems like it should be pretty straight forward to configure DHCP. Apparently I'm missing something because I can't get clients to receive an address. Below are the applicable parts of the config. I also have tried associating the DHCP pool with the Claims vrf and that did not work either.
ip dhcp excluded-address 10.10.30.0 10.10.30.99
ip dhcp excluded-address 10.10.30.201 10.10.30.255
ip dhcp pool Claims_Office
   network 10.10.30.0 255.255.255.0
   domain-name fmi.com
   default-router 10.10.30.253
   dns-server 10.10.10.191
   lease 7
interface FastEthernet0/0
description Claims Office
vrf forwarding Claims
ip address 10.10.30.253 255.255.255.0
duplex auto
speed auto
no mop enabled
interface FastEthernet0/0/0.1205
description Claims Office
vrf forwarding Claims
encapsulation dot1Q 1205
ip address 192.168.103.2 255.255.255.252

Unfortunately that didn't work. Here is the output before:
Pool Claims_Office :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 0
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.10.30.1           10.10.30.1       - 10.10.30.254      0
And after:
Pool Claims_Office :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 0
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.10.30.1           10.10.30.1       - 10.10.30.254      0
What I want is for it to assign addresses from 10.10.30.100-199

Client not receive ip address - dhcp_reqd

Hi,
In my environment there's a 5508 (firmware 7.4.110.0) and ap 1600 with a ias radius server. All wlan are in flex-connect local switching, one client try to connect on a wlan but not receive ip address. After enabled debug aaa all i took the log corresponding :
Cisco Controller) >*emWeb: Feb 11 16:52:36.047: Created WARP Capabilities IE (length 12) for WLAN LAB
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Adding mobile on LWAPP AP 00:3a:9a:77:55:a0(0)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Association received from mobile on BSSID 00:3a:9a:77:55:06
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP radio
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Max Client Trap Threshold: 50 cur: 3
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP wlan
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Re-applying interface policy for client
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 In processSsidIE:4264 setting Central switched to FALSE
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific Local Bridging override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Local Bridging Interface Policy for station 18:3d:a2:25:01:a4 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Re-applying interface policy for client
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Processing WPA IE type 221, length 24 for mobile 18:3d:a2:25:01:a4
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 unsetting PmkIdValidatedByAp
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfMsAssoStateInc
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Idle to Associated
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2:session timeout forstation 18:3d:a2:25:01:a4 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Sending Assoc Response to station on BSSID 00:3a:9a:77:55:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Associated to Associated
*apfMsConnTask_2: Feb 11 16:54:22.506: 18:3d:a2:25:01:a4 Updating AID for REAP AP Client 00:3a:9a:77:55:a0 - AID ===> 4
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 1)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Received EAPOL START from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 2)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received Identity Response (count=2) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 EAP State update from Connecting to Authenticating for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticating state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=3) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 3)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=4) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 4)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=7) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 WARNING: updated EAP-Identifier 4 ===> 7 for STA 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 7, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Processing Access-Accept for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created for mobile, length = 253
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Creating a PKC PMKID Cache entry for station 18:3d:a2:25:01:a4 (RSN 0)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Sending EAP-Success to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Starting key exchange to mobile 18:3d:a2:25:01:a4, data packets will be dropped
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Entering Backend Auth Success state (id=7) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Received Auth Success while in Authenticating state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticated state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-key in PTK_START state (message 2) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 apfMs1xStateInc
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Key exchange done, data packets from mobile 18:3d:a2:25:01:a4 should be forwarded shortly
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*pemReceiveTask: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask3: Feb 11 16:54:22.707: 18:3d:a2:25:01:a4 Sent EAPOL-Key M5 for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.769: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
(Cisco Controller) >*emWeb: Feb 11 16:54:46.127: 18:3d:a2:25:01:a4 Central Switch = FALSE
*emWeb: Feb 11 16:54:46.128: 18:3d:a2:25:01:a4 Central Switch = FALSE
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*emWeb: Feb 11 16:55:36.461: 18:3d:a2:25:01:a4 Central Switch = FALSE
*emWeb: Feb 11 16:55:36.463: 18:3d:a2:25:01:a4 Central Switch = FALSE
From log i know that 802.1x passed, while dhcp don't send ip address. It seems that the local vlan id is 0 while in reality is 3... WHY ? i don't understand.
Someone can help me to find the problem? i think the problem is on the network, the dhcp ( the corporate router) is directly connected to the ap.

Are you setting your FlexConnect native vlan and the wlan to vlan mapping? You also need to make sure you have the ip helpers setup and that dhcp is working. I would configure a switch port to a vlan that the wireless users is suppose to be on locally at that site and connect a laptop to that port and make sure that the laptop gets an address.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****

Clients not getting DHCP from external server

Hi,
I have a 4402 (version 7.0.235) working with 10 units of 1121 APs connected to it. The WLC is not configured to work in LAG mode. Physical portt #1 is connected to the Main Switch (trunk). I have 3 WLAN mapped to 3 Different VLAN and Everything (security and internal, external DHCP) is working swell...
Now- I have connected Physical port #2 directly to an ADSL Router (giga port), Configured Port 2 as untaggedwith the proper IP details.
I have configured this interface to receive DHCP from the ADSL Router and for some reason, Clients are not getting addresses.
When I assign a Static address to my laptop I get internet access and all is nice. I tried configuring The WLC internal DHCP server (instead of the ADSL router) and that didn't help. It seems like a DHCP problem but I dont understand the source of the problem of think of the solution.
When turning off the proxy settings I noticed that it helped. Is there anything to do with that? The problem was that after a while the other WLANs starting causing DHCP issues as well.
What is supposed to be configured? Any Expert is the House?
I attached a crappy drawing..

Hi Scott,
Thanks for your answer.
So what you are basicly saying is that I have 2 choices: 1 - disable the Proxy option on the WLC and work with external DHCP servers (internal will not work when this is enabled). 2 - Enable the Proxy option and only work with the WLC internal DHCP.
I have installed many WLCs this way, having Different DHCP Servers (external and internal) for multiple WLANs.
What do you think may be different this time? The router that I am using isn't the most expencive but it is providing DHCP to other clients (wired client) with no problems.
Thanks!!!

Simple contact form Client not receiving email from test site

I have entered my client's verified email, cut and pasted it into place. I have added my email and my wifes email. The only person not getting the forms email info is my client. I'm baffled.

The URL for the site is getthenetbassguide com.businesscatalyst.com/index.html. I have added several peoples email address', including my own to the back end of the form. As I've said the only person not receiving emails is my client who opened an account with 1 and 1. I contacted 1 and 1. They show no spam filters on their end so I'm still baffled. I asked about firewall permissions and they were not helpful. Is there a way to monitor the email and see what could be blocking it?
Owen Moore
Moore Designs
847-732-1318
[email protected]
Freshbrewedart.com
Sent from my iPhone

Clients not getting DHCP in VRF

Good morning -
We have devices in the global routing table (not in a VRF) getting DHCP addresses without issue. The SVI is configured as such:
interface Vlan2301
description BLUE
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description RED
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
Clients in BLUE are getting DHCP but clients in RED are not. If I statically assign an address I have connectivity and can reach the DHCP server (which is also DNS server; with a static IP in VLAN 2512 I can do name resolutions for example).
I am at a bit of a loss. Is there anything special I need to do for VRF IP HELPER-ADDRESS configuration? A capture on my firewall interface shows the DHCP server is trying to reply - it is like the helper-address is not forwarding the dhcp reply (or is not getting it)
11:11:52.915180 IP (tos 0x0, ttl 254, id 17478, offset 0, flags [none], proto UDP (17), length 337)
    10.217.5.1.67 > 10.4.16.222.67: BOOTP/DHCP, Request from xx, length 309, hops 1, xid 0xb53a220c, Flags [none]
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
11:11:52.918761 IP (tos 0x0, ttl 124, id 28096, offset 0, flags [none], proto UDP (17), length 344)
    10.4.16.222.67 > 10.217.5.1.67: BOOTP/DHCP, Reply, length 316, xid 0xb53a220c, Flags [none]
          Your-IP 10.217.5.12
          Server-IP 10.4.16.222
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
Any ideas?

Good morning -
I have a pair of 6513 in a VS40 (VSS quad sup) connected via L3 MEC to a VSS pair of 4500X. Active to Active and Standby to Standby connected in a L3 MEC port-channel that is also a vnet trunk:
(Core)
interface Port-channel5
description Distribution Uplink
no switchport
vnet trunk
ip dhcp snooping limit rate 100
ip address 172.20.68.1 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
spanning-tree guard root
(4500 Distribution)
interface Port-channel1
description Core Uplink
vnet trunk
ip arp inspection trust
ip address 172.20.68.2 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
The interfaces are all using LACP mode Active inside the channels
On the 4500 we have a global routing table and a vrf. Both have helper addresses pointing to the DHCP server which is extranet service behind the 6513 Core.
interface Vlan2301
description Global Routing Table
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description VRF
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
DHCP for the Global Routing Table subnet works. DHCP for the VRF does not.
What is interesting is if we shut down the link that is connected to the standby 4500 (Te2/1/1) DHCP starts to work for the VRF.
Using <debug ip dhcp server packet detail> at the 4500 here is what I am seeing.
When both links are up and DHCP is failing for the VRF:
Mar 10 20:02:02.419: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:02:10.473: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:02:10.473: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:02:10.474: DHCPD: client's VPN is RED.
Mar 10 20:02:10.474: DHCPD: using received relay info.
When I shut the Te2/1/1 link down in the L3 MEC at the 4500 DHCP starts to work for the VRF RED:
Mar 10 20:04:41.354: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:04:41.369: DHCPD: Reload workspace interface Port-channel1.2002 tableid 3.
Mar 10 20:04:41.369: DHCPD: tableid for 172.20.68.2 on Port-channel1.2002 is 3
Mar 10 20:04:41.369: DHCPD: client's VPN is .
Mar 10 20:04:41.369: DHCPD: forwarding BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:41.369: DHCPD: broadcasting BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:44.808: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:04:44.808: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:04:44.808: DHCPD: client's VPN is RED.
It is like there is a bug that is treating the L3 MEC as a L2 MEC when both links are present; or the VNET trunk is not being processed correctly.
Has anyone else used a L3 MEC with a VRF and a DHCP helper with success? Is this a bug?
03.05.01.E is the code we are running on the 4500X-32(SPF+)
This is also with TAC but I thought I would share with the community in case anyone else has a similar environment or if Cisco experts want to comment.

Clients Not seeing DHCP server at branch office or not accepting ip offers (NO LOG REPORTS KIND OF IN THE DARK)

Hi there i am having an issue that has popped up recently i have a DC at a branch office that is connected to the main office DC via a Persistent Demand Dial connection in RRAS. Everything was working properly according to me until i found out that the Network
Admin who manages the branch office network failed to notify me that client machines weren't getting IP addresses from the DHCP server. This server was recently installed and wasn't fully implemented till about a week ago when i configured the Demand Dial
connection in RRAS up until that point it just had a regular old VPN connection to the main office while we worked out the kinks with a few things. the things ive tried so far to get DHCP working are as followed
1.Rebooted the branch office server (MULTIPLE TIMES)
2. Uninstalled the DHCP Role and re-installed it....To my surprise 1 client managed to get a ip on its lan adapter after DHCP was re-installed but nothing else
3. Disconnected the connection between the main office DC and the Branch office DC as i figured the main office DC DHCP server might be interfering with the branch office DC DHCP Server but nothing happened
4. Unauthorized and Reauthorized the main office DHCP server and the branch office DHCP server nothing changed
5. sifted through multiple log files on both servers and found noting in fact DHCP logs are empty on both servers
6. restored backups of the DHCP servers from when they were working
7. came here cause im out of ideas and im pulling my hair out
here are the current statistics from the problem server
Start Time: 7/12/2014 2:02:10PM
Up Time: 1Hours, 18 Minutes, 41 Seconds
Discovers: 90
Offers: 90
Requests: 2
Acks: 13
Nacks: 0
Declines: 0
Releases: 0
Total Scopes: 1
Total Addresses 253
In Use 2 (0%)
Available: 251 (99%)
Id like to add that RRAS was getting IP addresses from the problem server up until the point i uninstalled the role and re-installed it
heres is a ipconfig /all from the problem server
Windows IP Configuration
Host Name . . . . . . . . . . . . : MNB-DC
Primary Dns Suffix . . . . . . . : VTEACR.LOCAL
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : VTEACR.LOCAL
PPP adapter Remote Router:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Remote Router
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.141.70.25(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.141.70.10
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-16-35-AB-D3-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d9e:daa4:34dd:db44%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.141.80.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::226:5aff:feb7:5b3c%10
10.141.80.1
DNS Servers . . . . . . . . . . . : ::1
10.141.80.102
NetBIOS over Tcpip. . . . . . . . : Enabled
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.238.243(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{427DF66B-3B30-40B1-B67E-B5587465C
394}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.ziricom.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{BE201060-A9B9-404A-8361-F8FFB82F5
6F6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.ziricom.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
if anymore information is needed please let me know i have full access to everything on the network so its not a problem and i am able to remotely access the branch office DC and all computer and switches at any time of the day
Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

Hi,
Does this issue occur on one client or multiple?
Please check this article:
http://technet.microsoft.com/en-us/library/cc757164(v=ws.10).aspx#BKMK_5
Regards.
Vivian Wang

Some clients not receiving SCEP definition updates

I have a collection for some of our application servers that is used in conjunction with an ADR to deploy the SCEP definition updates. 12 of the servers in this collection recently had the SCCM 2012 R2 client installed on them. (The collection has a total
of 23 servers in it)
I can see that these 12 servers have the Antimalware policy applied, but are not getting the SCEP updates. The summary for SCEP is: Service started without any malware protection engine; AV signatures out of date; AS signatures out
of date.
The policy application state is "Succeeded" with the recent date and time.
When I view the status of the deployment, the enforcement state is "Failed to install update(s) " with an error code of 0X87D00667 - No current or future service window exists to install software updates.
These servers are members of another collection that is used for deploying the Monthly updates. This "update" collection does have a maintenance window on it specific to software updates, with no recurrence schedule.
Do maintenance windows apply to the machine then, regardless of what collection they are in?
These 12 servers, for the Endpoint Protection client settings have the "Allow EP client installation and restarts outside MW" set to No, and the Suppress any required computer restarts after the EP client is installed set to Yes.
For the Software Updates client setting, the update scan schedule and deployment re-evaluation is set to every 7 days.
So, in looking at this, it appears that these servers will never get any SCEP updates because they are members of another collection that has a MW, even though the SCEP collection does not have a MW?
Is that correct?

I added a MW on the collection that is used for SCEP updates. I made the MW effective yesterday, but the MW hours were from 5:30am-7:30am daily (which should have started this morning, 1/30, at 5:30am).
In the updatesdeployment.log, I see the MW starting:
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 1/30/2015 5:30:00 AM 3004 (0x0BBC)
No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 1/30/2015 5:30:00 AM 3004 (0x0BBC)
CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
Attempting to cancel any job started at non-business hours. UpdatesDeploymentAgent 1/30/2015 7:30:00 AM 3312 (0x0CF0)
However, the definitions are not installed. These 12 servers have the SCEP client, but no definitions installed.
There are 11 servers in this collection that are getting the definition updates, but the 12 servers in this collection that have recently had the SCCM client installed on it are not getting the updates. So I know that the ADR is working.
What am I missing to get these 12 servers to install/update the definitions?

Socket Question: Client not receiving the server messages...

I have a client and server where in the client sends the server a file name to look for. The server looks for that file and checks for its existence and reads the file line by line displays it and then sends it to client. The client should recieve the contents send by the server and display it line by line. Here is what I have done
Server
import java.io.*;
import java.net.*;
import java.awt.*;
import javax.swing.*;
public class Server extends JFrame
     public static void main( String args[] )
//Pass the port no as an argument
Server s = new Server(Integer.parseInt(args[0]));
s.runServer();
     private ServerSocket ss;
     private Socket Connection;
     private BufferedReader input;
     private BufferedWriter output;
     private PrintWriter poutput;
     private int port;
     private int bufLength;
     private JTextArea display;
     public Server(int port)
          super( "Socket Server" );
          display = new JTextArea();
          getContentPane().add( display, BorderLayout.CENTER );
          setSize( 400, 300 );
          setVisible( true );
// Construct of a socket
          try
               ss = new ServerSocket(port);
          catch( SocketException se )
               se.printStackTrace();
               System.exit( 1 );
          catch( IOException io )
               io.printStackTrace();
     public void runServer()
          String fileName = null;
          try
               Connection = ss.accept();
               input = new BufferedReader(new InputStreamReader(Connection.getInputStream()));
               OutputStreamWriter out = new OutputStreamWriter(Connection.getOutputStream());
               boolean done = false;
               while(!done)
                    String lline = input.readLine();
                    if (lline != null)
                         done = true;
                         display.append( "\nThe server has read the file name:" + lline);
                         fileName = lline.trim();
               input.close();
               File fileLoc = new File(fileName);
               if (fileLoc.exists())
                    input = new BufferedReader(new FileReader(fileLoc));
                    boolean eof = false;
                    while (!eof)
                         String line = input.readLine();
                         if (line == null)
                              eof = true;
                         else
                              display.append( "\nThe server has read the line:" + line);
                              out.write(line);
                         Connection.close();
               else
                    String message = "The file specified does not exist on this server. Recheck your request";
                    poutput.println(message);
               out.flush();
          catch (Exception e)
               System.out.println(e);
Client
import java.io.*;
import java.net.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class Client extends JFrame implements ActionListener
private JTextField enter;
private JTextArea display;
private BufferedReader bufferInput;
private BufferedWriter bufferOutput;
private Socket connection;
private JPanel p;
private JLabel label;
private PrintWriter out;
private int serverPort;
private int bufLength;
public Client(int serverPort)
super( "Client Socket" );
label = new JLabel("Enter file name to retrieve:");
enter = new JTextField();
enter.addActionListener( this );
getContentPane().add( enter, BorderLayout.NORTH );
display = new JTextArea();
getContentPane().add( display, BorderLayout.CENTER );
setSize( 400, 300 );
setVisible( true );
     String serverHost = "spentapa-nt";
try
connection = new Socket(serverHost, serverPort);
//Input stream
bufferInput = new BufferedReader(new InputStreamReader(connection.getInputStream()));
//Output Stream
     out = new PrintWriter(connection.getOutputStream(),true);
catch( SocketException se )
se.getMessage();
se.printStackTrace();
System.exit( 1 );
catch( IOException io )
          io.printStackTrace();
public void actionPerformed( ActionEvent e )
     String fileName = null;
try
          Object o = e.getSource();
          if(o==enter)
               fileName = enter.getText();
               System.out.println("The file entered is :"+ fileName);
          out.println(fileName);
display.append( "\nThe File is:" + "\n" );
//sends the text file to the server
//receives the contents of the text file from the server
boolean eof = false;
boolean eof = false;
     while (eof)
          String line = bufferInput.readLine();
          if (line == null)
               eof = true;
          else
               display.append( "\n" + line);
          System.out.println(line);
     out.flush();
catch ( Exception ioe )
display.append(ioe.getMessage() + "\n" );
ioe.printStackTrace();
public static void main( String args[] )
//Pass the Host Name and Port no. as arguments
Client c = new Client(Integer.parseInt(args[0]));

For starters, change while(eof) to while(!eof)

Airport Express not receiving DHCP from Ethernet

Hello All,
Recently, one of my Airport Express 802.11n access points started using the self assigned IP address 169.254.238.166. While troubleshooting, I have found that this device will receive an IPv4 address when I connect it's Ethernet interface to my D-Link DG-S1248T, but not when I connect it to my Linksys SE2500 (the one it was connected to for over a year before starting this behavior). Ordinarily, I would suspect that something is preventing the Linksys from switching DHCP packets correctly to the Airport Express, but I can assure you the Linksys is sending DHCP packets because I am starting this thread from a Mac Pro connected to that Linksys, with a valid IPv4 address, and wireshark is showing bootps request and reply. I'm using bridged mode on the Airport Express, because I already have a gateway as my DHCP server with NAT, and created a wireless network with firmware version 7.5.2. I even setup another Airport Express 802.11n right next to the faulty one, same config (except the ID), same switch, and it works fine. I also swapped Ethernet patch cables on the Airport Express 802.11n Ethernet interfaces. The green LED access point went back to green when the cables were swapped, while the blinking amber access point stayed blinking amber. Therefore I believe the problem is localized on the faulty Aiport Express 802.11n. Has anyone else seen this fault? What is the root cause, and how did you repair the issue?
Thanks!

The Airport Express was functioning normally as recently as last Thursday, when I unplugged it to move. I took care in transporting it so there was definitely no chance of physical damage.
You mean that it was functioning normally when it was connected to a cable modem last Thursday. Everything has changed. Unfortunately, the Express is known to sometimes have problems after it has been plugged in for a long time, is unplugged, and then started up again. On average, I lose an AirPort Express about once a year this way.
Power up the Express for a few moments
Hold in the reset button for 8-10 seconds and release
Allow a full minute for the Express to restart to a slow, blinking amber light
Connect the Ethernet cable from wall jack to the WAN "O" port on the Express
On the Mac, open Macintosh HD > Applications > Utilities > AirPort Utilities
Click on Other WiFi Devices
Click on AirPort Express
The utility will suggest a setup that looks similar to this, except you will see a different picture of the AirPort Express
Network Name = Name that you want to call your wireless network. Keep it very simple.
Base Statation = Name that you want to call the AirPort Express device
Password = Password that will be used for both the wireless and device
Verify Password
Click Next
The utility will setup everything for you. When you see the message of Setup Complete, click Done
Check the network

10.5.6 setup on mini with USB nic, not receiving DHCP from WAN (cable modem

Hello,
I'm probably in a little over my head thinking I could configure MacOS X Server without much IT knowledge. But I started, so I'm not giving up yet.
Here's my setup:
— cable modem ethernet connects to USB nic (the apple macbook air one) plugged into mac mini running 10.5.6 Server
— ethernet on mac mini connects to switch
— switch connects to airport base station set-up as bridge
— in the future other computers will connect over ethernet to the switch (that's why mac mini isn't plugged into base station directly)
Here's the issue:
— cable modem uses DHCP (no fixed IP).
— when first installing 10.5.6 Server, modem was connected directly to ethernet on mac mini, and picked up everything from DHCP, worked fine. Ran all the system updates (started with a 10.5 initial install)
— after everything was installed, I switched the modem to the USB ethernet adapter and ran NAT setup assistant. configured the USB Ethernet as the WAN, Ethernet as the LAN, turned on VPN.
— now the USB Ethernet won't pick up the DHCP of the WAN anymore. It did it once, and then never again.
— I've run the NAT setup assistant to switch the WAN and LAN nics to see if the USB Ethernet was the issue, but with the same results.
— This setup used to work although not quite stable on 10.5.4 server.
My initial questions:
— is the firewall blocking the DHCP?
— is the LAN DHCP messing with the WAN?
— in the previous version I had to set the replythresholdseconds from 10 to 0 in the bootpd.plist for it to hand out DHCP on the LAN, but there is no such entry in the pootpd.plist anylonger, and the keynet_address entry that was missing from the previous version of bootpd.plist is now present, so it seems the bootpd.plist has been fixed by apple.
— what am I doing wrong? Why doesn't this just work as advertised...
I know there are several of you out there that have the same setup working (I found posts from hirstey and DigiAngel with the same setup) so it must be possible. All your help is much appreciated!!
Thanks,
Hagenaer
Thanks!
Message was edited by: Hagenaer

Thanks for your reply, DigiAngel.
DSL modems differ from cable modems as far as I understand. Where DSL modems are actually routers capable of NAT/DHCP, cable modems are just a network interface/brigde and can't do any of that. So it should pass the external IP to the computer. I'm writing on a laptop with the cable modem directly plugged into it, and it picked up the external IP etc. near instantly. The mac mini did the same before I ran the NAT setup assistant. I believe it picked it up once after that, but never since.
I had done a clean install, had the ethernet plugged into its internal ethernet port (en0) and was able to download all the system updates. Then plugged in the USB ethernet, I'm pretty sure it still picked up the IP there. Ran the NAT setup assistant and can't get anything to work anymore. Even with all services switched off.
So the modem is doing its job, but when I connect it to the USB nic the connection gets a self-assigned IP in about 3 seconds after seeing the cable is connected. The one time I've seen it get the right IP, it got a self-assigned IP first and then about 5 seconds later picked up on the correct IP. (And it picked up everything, including DNS server and search domains, which this laptop I'm writing on does not, although it works just the same).
Unfortunately, this laptop runs 10.4.11 which doesn't recognize the USB nic, so I can't test the adapter outside of the server environment. But I've had the genius bar test the adapter previously and it worked fine then, plus I've run the NAT setup assistant with the connections inverted (WAN over built-in ethernet, LAN over USB ethernet) with the same results: WAN gets self-assigned IP.
I've also tried configuring manual IP for the WAN from what I saw was given to this laptop (it kept the same IP even after being disconnected/reconnected, so I guess the IP for my modem won't change IP unless I reset it. Although I'm not sure if it's correct logic to assume the mac mini would pick up the same IP as well since I think that's actually tied to the MAC address and the IP doesn't belong to the modem but to the computer behind it).
Anyway, I'm not sure what to try next...
Hm. Wait, this might have something to do with it: the firewall logs the following:
Mar 22 14:12:07 server ipfw[4997]: 65534 Deny UDP 73.227.220.1:67 255.255.255.255:68 in via en 2
Looking up 73.227.220.1 gives me dns1.inflow.pa.bo.comcast.net, clearly my provider's DNS server. Trying to get me an IP that my wirewall is denying? Turning off the firewall doesn't make it pick up the correct IP though... I have turned off all services and still just got a self-assigned IP.

Clients not receiving DHCP on layer 2 Vlan

Similar Messages

Maybe you are looking for