DCHP snooping requirement on 5760 controller

To All;
I like to know if DHCP snooping is a requirement in a centralized deployment where there is one 5760 and 5508 for guest access.
In "Converged-Access-White Paper" page 31 states DHCP snooping is required in the Converged Access deployment and I am not clear if this requirement is for deployments with 3850 switches which is not my case.
Thanks;

I am  not referring to AP IP addresses, but client IP (Yes it is a good practice to keep AP IP  in DHCP so it is more flexible from operation point of view).
I like to know if DHCP and DCHP snooping are REQUIREMENT for roaming when the APs are associated to a 5760 instead of 3850
No, it is not specific to 5760 instead of 3850. It is a best practice configuration in Converged Access where enabling DHCP snooping on wireless vlans help to build different client database tables & helping wireless client to get IP addresses much quicker.
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

  • Cisco 5760 controller in centralized mode supports 4404 controller as anchor controller?

    Hello All,
    I have a cisco 5760 controller running in centralized mode. I want to configure one 4404 controller as anchor controller to work with the 5760 controller. Is this supported?.
    Thanks in advance
    Shabeeb

    No, It is not supported.
    You cannot have a mobility peer with 5760 unless you enable "new mobility" on its peer . In CUWN products this is supported in 5508/WiSM2/8510 on specific codes. In current supported codes it has to be 7.6.x or 8.x.
    As you know 4400 only supported upto 7.0.x code. So new mobility is not supported, hence you cannot peer with CA products.
    In case if you have a "new mobility" supported WLC, here how you configure it
    http://mrncciew.com/2014/05/06/configuring-new-mobility/
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Required PCI Driver Controller

       Hi ,
    Model No :   Hp Pavilion  15e034tx
     Required : Bluetooth Controller
                        : Pci Device
                        : Video controller

    Please provide the PCI\VEN character strings for the devices that you need drivers for.
    See the following image. It is an example. Note the places I have pointed out woith narrows and circles.
     Right click a device without a driver and click on properties to invoke the device's properties window.
    ****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
    2015 Microsoft MVP - Windows Experience Consumer

  • DRIVERS REQUIRED 3D VIDEO CONTROLLER , BLUETOOTH CONTROLLER , PCI DEVICE FOR HP 15-r033tx

    I am unable to find 3D video controller, Bluetooth controller and PCI device for HP 15-r033tx. Can anyone please provide the links.
    This question was solved.
    View Solution.

    Hi:
    First install the Intel chipset driver and reboot.
    http://h10025.www1.hp.com/ewfrf/wc/softwareDownloa​dIndex?softwareitem=ob-130504-1&cc=us&dlc=en&lc=e...
    Next, install the Intel HD graphics driver and reboot.
    http://h10025.www1.hp.com/ewfrf/wc/softwareDownloa​dIndex?softwareitem=ob-134230-1&cc=us&dlc=en&lc=e...
    Then install the nVidia graphics driver and reboot.
    http://h10025.www1.hp.com/ewfrf/wc/softwareDownloa​dIndex?softwareitem=ob-130198-1&cc=us&dlc=en&lc=e...
    You can also find the rest of the W7 x64 drivers and software you need at the link below...
    http://h10025.www1.hp.com/ewfrf/wc/softwareCategor​y?cc=us&dlc=en&lc=en&os=4063&product=7308900&soft...
    The PCI dev needs this driver...
    http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-140783-1&cc=us&dlc=en&lc=en...
    The bluetooth needs this driver...
    http://h20565.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_130390_1

  • Guest Controller License requirement ???

    Hi All ,
    Question regarding the Guest controller ( Ancher controller). ... What license will be required to guest controller ???
    Assume i have a LAN controller with a license of 100 AP , and now i am going to plan for guest user  WiFi access as well but with separt Controller.
    Will i need guest controller with 100 AP license ???
    Your quick response will be helpful for me and if possible please share the URL for reference. Thanks.

    There is no need for any license for anchoring Guest in you network. You can configure you current WLC for the same.
    Below is the link for configuration guide.
    http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

  • UPNP-DLNA TV access through Cisco Controller 5760 & AP 3702

    Hello,
    I am trying to connect a Windows Media Server and a TV in the same vlan. The Media Server is connected to a switch and the TV is in WiFi connected to a Cisco 3702 managed by a 5760 controller. I enable the multicast and broadcast commands in the controller but it still does not work.
    wireless multicast
    wireless broadcast
    When I tested in a switch the TV and the Media Server works, but not when one of them are in the WiFi.
    Thanks for your help,
    Cesar.

    Hello Rasika,
    The software we are using is Windows Media Player. I read that it use multicast streaming.
    The test was in a different switch where the controller is connected, but the other switch where the test was done, is connected through trunk ports.
     This is the command you asked me:
    controller#sh wireless multicast
    Multicast                               : Enabled
    mDNS                                    : Enabled
    AP Capwap Multicast                     : Multicast
    AP Capwap Multicast group Address       : 239.3.3.3
    AP Capwap Multicast QoS Policy Name     : unknown
    AP Capwap Multicast QoS Policy State    : None
    Wireless Broadcast                      : Enabled
    Wireless Multicast non-ip-mcast         : Disabled
    Vlan        Non-ip-mcast     Broadcast        MGID
    1           Enabled          Enabled          Disabled
    102         Enabled          Enabled          Disabled
    110         Enabled          Enabled          Enabled
    112         Enabled          Enabled          Enabled
    114         Enabled          Enabled          Enabled
    116         Enabled          Enabled          Enabled
    210         Enabled          Enabled          Enabled
    212         Enabled          Enabled          Enabled
    the vlan 102 is my management vlan. The vlan where the PC Windows Media Server is located is vlan 116.
    Thanks for your help,
    Cesar.

  • WLC 5760 with internal DHCP server, clients no get IP address

    Hi all,
    I have  2  Cisco 5760 WLC (active-standby)  IOS-Xe 03.03.03SE  with  one WLAN.
     sh wlan summary 
    Number of WLANs: 1
    WLAN Profile Name                     SSID                           VLAN Status 
    1    Invitados_ADSL                   Guest                          905  UP
    sh vlan         
    VLAN Name                             Status    Ports
    1    default                          active    Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
                                                    Te2/0/4, Te2/0/5, Te2/0/6
    100  VLAN0100                         active    Te1/0/1, Te2/0/1
    101  Planta_1                         active    
    905  Internet                         active    Te1/0/2, Te2/0/2
    The DHCP server is internal.
    Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
    The workaround done by me to solve the issue is “clear  ip dhcp  binding *”.
    Some days later the problem appears again.
    I see this bug with a similar problem:
    NGWC blocks DHCP traffic if wireless broadcast disabled
    CSCun88928
    Description
    Symptom:
    Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
    In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
    Conditions:
    Seen on 3.3.2 IOS-XE
    Workaround:
    Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
    OR
    Enable "wireless broadcast" globally
    My DHCP configuration is:
    ip dhcp relay information trust-all
    ip dhcp snooping vlan 905
    ip dhcp snooping
    ip dhcp excluded-address 172.16.0.1 172.16.0.19
    ip dhcp excluded-address 172.16.1.250 172.16.1.254
    ip dhcp pool Invitados
     network 172.16.0.0 255.255.254.0
     default-router 172.16.0.1 
     dns-server 212.66.160.2 212.49.128.65 
     lease 0 8
    I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
    DHCP Snooping and Trust Configuration on CT5760
    ip dhcp snooping vlan 100, 200
    ip dhcp snooping wireless bootp-broadcast enable
    ip dhcp snooping
    interface TenGigabitEthernet1/0/1
    description Connection to Core Switch
    switchport trunk allowed vlan 100, 200
    switchport mode trunk
    ip dhcp relay information trusted ip dhcp snooping trust
    interface Vlan100
    description Client Vlan
    ip dhcp relay information trusted
    My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
    Thanks in advance.
    Regards.
    D

    Yes, test it with the command you mentioned
    ip dhcp snooping wireless bootp-broadcast enable
    HTH
    Rasika
    **** Pls rate all useful responses *****

  • New Cisco 5760 and Prime 2.1

    Hi@all,
    we have deployed two new 5760 with Prime 2.1 -> New we have Problems.
    Our old system was three WLC 4404 with WCS 7.0.240, this system works well but was outdated, so we make a clean install of the prime, generate new maps and installed the licenses.
    This morning we changed the wlc, some of our antennas are connected with the new wlc but the most send a failure:
    *%DTLS-4-BAD_CERT: 1 wcm:  Certificate verification failed. Peer IP: 172.20.22.220
    Aug  4 13:25:23.819: *%DTLS-3-HANDSHAKE_FAILURE: 1 wcm:  Failed to complete DTLS handshake with peer 172.20.22.220  for AP 0000.0000.0000Reason: no certificate returned
    This is the first problem, we don´t know why some aps will work and some not.
    The second thing is that we can´t generate dynamic interfaces in Prime, if we want´t to send the template to the controllers we get these meassage:
    Currently no controllers are added to Prime Infrastructure or the selected template options do not match any controller where the template can be applied.
    But the controllers are listed and sync with the prime.
    An the third thing is, the 5760 don´t work in a mobility group. We have decided to the centralized mode, so we give both wlc the same mob.-groupe  get them the multicast-address, but in both devices, the control-link is down. 
    I know many problems, but maybe someone of you have solutions.
    IOS athe 5760 are 3.3.2 and we use the prime 2.1.
    kind regards 
    René

    Hi Rene
    Glad to see you sort out AP registration issues.
    Configuring Dynamic interface on 5760 is not mandatory. If you want you can configure it like on a switch (ie interface vlan x & then IP address under it)
    What you want to do is 
    1. Define all wireless users L2 vlans on your 5760
    2. Enable DHCP snooping for the required vlans where you will map it to WLANs
    3. Trust DHCP snooping on your 5760 Port Channel & Physical interfaces connect to wired network.
    If you want to use interface-group this post may help you as well. 3850 or 5760 configuration syntax is same as both operate on IOS-XE
    http://mrncciew.com/2014/07/30/vlan-groups-in-57603850/
    NB: Dynamic interface of user vlan on 5760 or 3850 is required when you set DHCP server configuration under WLAN setting where you want to send different WLAN DHCP request to different DHCP servers.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • WLC 5760 and 802.11r/CCKM support

    Experts;
    I have a couple of 5760 controllers running as MC/MA and I am planning to enable Layer 3 roaming between the two 5760 MC/MA controllers. On a 5508 controller running Air-IOS there is an option, "fast transition", for devices that support 802.11r, my understanding if a device doesn't support 802.11r "fast transition" should not be checked. 
    I like to know if there is a similar command or option for 802.11r support on a 5760 controller and if the only configuration option to establish mobility between the 5760 controllers is that both controllers need to be in the same mobility group.
    Thanks;
    Juan

    Hi Juan,
    my understanding if a device doesn't support 802.11r "fast transition" should not be checked
    This is because certain clients that does not support 802.11r (like Mac OSX) won't like when SSID advertising 802.1X & 802.r FT (802.11r mixed mode) on the same SSID. Therefore they will not associate to that SSID. See this post as it listed 802.11r supported & unsupported devices/OS.
    https://supportforums.cisco.com/discussion/12314591/8021r-and-fast-roaming
    You need to have IOS-XE 3.6 onward to support 802.11r mix mode. (7.6 or 8.0 for AireOS codes)
    Regarding config you will find that options (enabling & Over the DS tick box) under SSID  configuration (refer link provided by Daniel). If you want to go more into detail how these different options work please read below, I have used 3850 in these post, but config should be same for a 5760.
    1. http://mrncciew.com/2014/09/06/cwsp-802-11r-ft-association/
    2. http://mrncciew.com/2014/09/08/cwsp-802-11r-over-the-ds-ft/
    3. http://mrncciew.com/2014/09/07/cwsp-802-11r-over-the-air-ft/
    In your case both 5760 should be in same mobility group in order to MDID to be same which is required for 802.11r fast roaming.
    Pls do not forget to rate our responses if that is useful
    HTH
    Rasika

  • Upgrade LIC for 5760 and 3850(L-LIC-CTIOS-1A)

    Hi ,
    the license part number (L-LIC-CTIOS-1A) is available from both 5760 primary upgrade LIC and 3850 Primary upgrade LIc with same prices as well
    My Question is,
    if i purchase L-LIC-CTIOS-1A with the primary upgrade lic as
    L-LIC-CT5760-UPG
    Upg license SKU for Cisco 5760   WirelessController (e-deliv)
    will i be able to use it for 3850 switches as well  because the primary upgrade LIC for 3850 is
    L-LIC-CT3850-UPG
    Upg license SKU for Cisco 3850   WirelessController (e-deliv)
    Hope i am clear and if anybody has come across this suitation please reply

    Found the answer
    it can be transferred between 3850 and 5760 controllers
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/product_bulletin_c25-720777.pdf
    AP License for Cisco Catalyst 3850
    There is no license required for a Cisco Catalyst 3850 to operate as a distributed termination point for Access
    Points (Mobility Agent mode). The same switch can also operate in the full controller Mobility Controller (MC)
    mode by adding an AP license for up to 50 Access Points. Other devices that can act as an MC are the new Cisco
    Wireless Controller 5760, Cisco Wireless Controller 5508 and Cisco Wireless Services Module 2 (WiSM2)
    wireless controllers. AP licenses can be transferred between two 3850 switches or between 3850 and 5760
    controller.

  • Domain controller 2008 Server with SP2

    Here is a real issue which i cannot track down what is causing it.
    It appears that in windows 2008 Server running DHCP, DNS and AD i am getting some weird errors on the clients.
    The client machines are all Windows 7 Professional x64.
    The Issue is that the Domain controller seems to disappear as the logon server from the client after a few days. On some it indicates that there was no logon server available, but still logs in.. Which should be impossible since i have group policy configured
    to block the ability of logon without a logon server.
    The issue with this, is that over time, the desktops seem to go rogue, they no longer populate the information as to password expiration, and at times don't allow the clients to access the network shares.
    The security log, shows hit and miss as to if it sees them log into the domain.
    the weird issue is that if you log out, switch user, and change the users password, then log back into the desktop with domain\username and a new password the issue goes away for about 10 days.. then re-appears and causes all sorts of fun issues on the domain.
    I took another step and decided that i would give a shot to building a clone test network, using a cloned image of the Domain controller, and it doesn't seem to happen on that side..The test network just has less PC's but they are all the same hardware..
    Here is what i have troubleshot so far:
    DNS looks fine.. no errors or issues..
    DHCP looks fine, no duplicates etc..
    AD has all the information correctly, and the security log looks fine, most of the time..
    Windows updates are all up to date
    All desktops have logon scripts, but i have removed the cached data from the management console (Cred manager)
    Modified Group policy and forced it across the network.. Can see the GPResult from the clients and they have the updated settings, but the clients don't seem to care..
    Group policy is set to wait till network comes up and require a domain controller to log into the client desktop.. This sometimes works, sometimes does not, it was done to see if the problem was happening on other machines, there are about 15 total out of
    47 currently having the issue.
    All the desktops are fresh installs, not ghosted images, not clones, or something you would need to sysprep.
    Thoughts?
    Rob

    Hello,
    please post an unedited ipconfig /all from the DC/DNS servers and a client with the problems.
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • How to extend the sap.ui.core.mvc.Controller ?

    We are in the process of building a web application that allows users to "plugin" their own views (pages). When they create there own views there are a number of activities that are common across all pages that occur in the onInit() and onExit() methods, additionally, we may provide additional utility functions that should be available to the controller.
    Currently when creating a controller the standard is to use sap.ui.controller("some.name", { controller specific functionality } );  I would like to create a sap.ui.MyController("some.name", { controller specific functionality }); that contains the utility functions and extra functionality in the LifeCycle methods so that these are automatically available to anyone defining this type of controller.
    I believe the documentation I need to reference is boilerplate code for typed Controller however I am unsure on how this can be used
    I assume that I define the controller abc/xyz/MYController.js
    jQuery.sap.declare({modName:"abc.xyz.MYController", type:"controller"}); // declaring a special type of module
    abc.xyz.MYController = function () { // the constructor
        sap.ui.core.mvc.Controller.apply(this, arguments);
    jQuery.sap.require("sap.ui.core.mvc.Controller"); // this is currently required, as the Controller is not loaded by default
    abc.xyz.MYController.prototype = jQuery.sap.newObject(sap.ui.core.mvc.Controller.prototype); // chain the prototypes
    /* end of boilerplate code for typed Controller */
    abc.xyz.MYController.prototype.onInit = function() {
        // modify control tree - this is the regular lifecycle hook
        console.log("Inside my new controller.");
    Then use it in app/pageController.controller.js ...
    jQuery.sap.require("abc.xyz.MYController");
    abc.xyz.MYController("app.pageController", { ..... });
    When I try this I get the Error
    Uncaught Error: failed to load 'app/pageController.controller.js' from /mywebapp/js/app/pageController.controller.js: Error: Controller type app.pageController is still undefined after trying to load it. sap-ui-core-all-dbg.js:20313requi
    Any help with this would be appreciated.
    Regards,
    Trevor

    Hi Trevor
    may this code snippet will help.
        jQuery.sap.declare("example.MyController");
        jQuery.sap.require("sap.ui.core.mvc.Controller");
        "use strict";
        sap.ui.core.mvc.Controller.extend("example.MyController", {
            onInit: function () {
    -D

  • Should one update Embedded Controller program before a BIOS update ?

    Hello All,
    I have an IBM Thinkpad 600E 2645 4AU that has an old version of BIOS that am trying to update to the latest.
    I read on the net that before updating the BIOS its required to update the Embedded Controller program.
    This is what I read and am quoting :
    " It is also important to understand that Thinkpads from IBM have two separate firmwares: the BIOS, and the Embedded Controller program. A given BIOS version will require a certain version of the Embedded Controller program. The IBM documentation is sometimes unclear about the order in which these two firmwares should be updated. On most, but not all Thinkpads, the correct update order is Embedded Controller program first, and then the BIOS. Make sure to do the two updates immediately one after the other. Newer models from Lenovo update both the Embedded Controller program and the BIOS at the same time, so you don't have to worry about it."
    Could anyone let me know if this applies ? I searched the Lenovo site for a  Embedded Controller program for my laptop model but found none. So wondering if this model would require the Embedded Controller program update ?
    Thanks.
    Alex

    OK, I've fixed this now.
    I had Kaspersky Internet Security installed and had disabled it manually but it was obvisouly still blocking fundamental system changes like these.  I uninstalled KIS completely and then ran these updates again and all worked fine.

  • How to configure PortFast & BPDU Guard on an Aruba controller.

    Requirement:
    An Aruba controller running 6.4.3.x and above.
    Solution:
    PortFast:
    PortFast feature basically causes a switch port or a trunk port to directly enter the forwarding state instead of going through listening and learning state of the STP.
    PortFast is usually configured on an edge port, which means this port should not receive any STP BPDUs.
    If this port receives any STP BPDU, this port moves back to normal/regular mode and will end up participating in listening and learning states.
    BPDU Guard:
    The BPDU Guard feature basically guards the port against receiving any BPDUs.
    If it detects any incoming BPDUs on the port, it would put the port into ErrDis (Error-Disable).
    This port remains in the ErrDis state unless until this port is manually changed by using a configuration command “shut” followed by a “no-shut” applied on this interface.
    Configuration:
    Below screen shot show the configuration of Portfast for both Trunk and Access ports.
    Below screen shot shows the configuration of BPDU Guard for switch ports.
    Verification
    We can verify if the Portfast is enabled using the commands shown in below screen shot.
    We can verify if the BPDU Guard is enabled using commands shown in below screen shot.

    I was having troubles with this as well when a customer had an older Aruba Controller and 2 Access Points. We went with a couple IAP-205s and needed LDAP integration. Using the above configuration there were some additional items needed. I found that I needed the DISPLAY NAME of the admin for the Admin-DN. I had created a user with the first name Aruba and the last name LDAP. This made the DISPLAY NAME "Aruba LDAP". This is what needs to be in the CN= for the Admin-DN.I also found there is a difference in using the CN= and OU=Currently our admin account is in the Users group which is a “Container”. Our actual user accounts are stored in an Orginizational Unit with sub OUs as well. So the Admin-DN needed the CN=Users and the Base-DN needed the OU=MyUserOU.For the windows machines I had to download and install the Aruba GTC Shim because the customer was previously using GTC and they were not going to a RADIUS server at the moment. My Android phone and IPHONE did not need any additional addins for the authentication.  The windows laptop I am using I needed to manually create a wireless profile with… Security Tab >“Choose a network authentication method:”Microsoft: Protected EAP (PEAP)Settings >Select “Trusted Root Certification Authorities”GeoTrust Global CASelect Authentication Method:EAP-Token (This is the Aruba GTC Shim) This allowed me to use my domain login credentialsUsernamePasswordDomain (This is blank because the Base-DN already has this, if anything is put in here the authentication fails)

  • Catalyst 2955T-12 Power Supply n IGMP Snooping

    Hello everyone,
    I have Two Catalyst 2955T-12 switches, on this switch there are Two Power Supply (DC) options...I want to implement redundant Power Supply solution, can this Two DC Input on Switch will give this solution or I have also external Din Rail power supply...my question is how I can implement redundant power supply so that if one PS of switch fails then automatically other will start?
    Also can any body tell me what IGMP snooping do? do I need to configure it? also the command (I need global command as well as port/interface based command)?
    Regards,
    Shahid

    For the power redundancy question, I believe this link will help:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea2/2955hig/hginstal.htm
    Also can any body tell me what IGMP snooping do? do I need to configure it? also the command (I need global command as well as port/interface based command)?
    >>Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.
    The multicast router sends out periodic IGMP general queries to all VLANs. When IGMP snooping is enabled, the switch responds to the router queries with only one join request per MAC multicast group, and the switch creates one entry per VLAN in the Layer 2 forwarding table for each MAC group from which it receives an IGMP join request. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry.
    IGMP Snooping is by default Enabled globally and per VLAN. If for some reason it is not enabled, "ip igmp snooping" at the config mode to enable it.
    There is nothing else to configure.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swigmp.htm#wp1020034
    Please rate helpful posts.

Maybe you are looking for