DHCP assign address range to AD computer groups - possible?

Similar Messages

• DHCP Server Address Range

  Hi there,
  I was wondering if there was a way to change the built-in DHCP server address range from 192.168.1.x to, say, 192.168.0.x?  For example, when you change the router IP from 192.168.1.1 to 192.168.0.1.  I noticed that when you commit such a change, the DHCP range does not update accordingly.  Any ideas?
  Thank you,
  Paul
  Solved!
  Go to Solution.

  Your DHCP server range should update automatically to the 192.168.0.x  subnet when you change your "Local IP address" to 192.168.0.1.   Be sure to use a computer that is wired to your router when you do this.  Also, be sure to click on "Save Settings", then wait (3 to 60 seconds) for the screen to refresh.  You will likely be disconnected from the router when you do this.  Do not worry about this.  Power down the router and your computer.
  Next, wait 30 seconds, then reboot router and computer.  Your Local IP address and the DHCP server range should now have the same subnet.

• 802.1x and DHCP assigned addresses

  I've done a lot of reading on this but I am still confused. I'm not a Microsoft guru so I don't really know waht is going on with login scripts, or cached user/pass.
  Scenario 1
  ==========
  I have 802.1x implemented and Joe the contractor comes into the office and plugs in his laptop. He is a guest. I allow guests to have access to a guest VLAN. How can Joe automatically get an IP address, or does he have to do ipconfig /renew?
  Scenario 2
  ==========
  What is the behind the scenes process that takes place for my corporate users that login to a domain....how do they get DHCP assigned addresses?
  Thanks

  I assume from what you have written 'Joe' doesn't have an 802.1x supplicant on his PC? Therefore the switchport eapol frames are ignored by the PC and after a timeout the port is placed in the guest vlan. You need to make sure DHCP is enabled for the guest vlan - either add the appropriate entried to the protecting ACL or add a scope on the router? Depending on the timeouts you may have some delay issues here; I would test this before you roll it out.
  For clients with 802.1x supplicants what happens is the PC effectively thinks it is disconnected from the network until the supplicant has authenticated. Once it has authenticated the PC thinks the network adapter is then connected and it will attempt to lease an IP address by broadcasting a DHCP request.
  There are however a few 802.1x supplicants and I am not sure how they all integrate with the host O/S. I know the built-in Microsoft one operates as I have described.
  HTH
  Andy

• DHCP exclude address range option config on Instant 2.0

  Q:  DHCP exclude address range option config on Instant 2.0
  A: ​This article applies to Instant 4.2 and above.
  Before 4.2, Use exclude-address as a range option was not available.
  Since IAP is getting used as an Edge device, the features needs to be in compliance with industry standard. 
  From 4.2 onwards, IAP local DHCP server will support exclude IP address as a range.
  With this feature we are supporting the following
  A. exclude-address ip1
  B. exclude-address ip1 ip2
  Show dhcps command will show the excluded range and available range

  I found this on TCPIPGUIDE.com that supports my findings.
  "One difference between BOOTP and DHCP is that certain communications from the client to the server are unicast. The most noticeable instance of this is when a client tries to renew its lease with a specific DHCP server. Since it sends this request unicast, it can go to a DHCP server on a different network using conventional IP routing, and the relay agent does not need to be involved."

• How to set up both static and DHCP assigned addresses on an AirPort Extreme

  I recently bought an AirPort Extreme to replace my failed Cisco/Linksys router.
  I am having trouble figuring out how I can configure the Extreme to support the already static IP addresses on my network as well as assign IP addresses via DHCP to a few devices where static IPs are not supported, i.e., work laptop.
  Additionally, when DHCP is turned on, are my only options the 10.0, 172.16, and 192.168? What if I am running something like 10.10 or 172.30?
  I am far from green when setting up computer networks, but this AirPort Extreme is making me pull my hair out.
  BTW, I have access to a number of computers running a number of OSes including Windows XP, 7, and 8, as well as Mac OS X Snow Leopard and Mountain Lion.
  The Mountain Lion or Windows 7 machine would be the preferred ones to configure the Extreme. I already have the AirPort Utility software running on them.
  Any help would be appreciated.

  I have found the 'DHCP Reservations' option on the AirPort Extreme to be buggy.  I seem to remember it causing IP conflicts for some reason.  I think what I remember is that if the computer with the reservation was off, and the DHCP server then handed out that IP to another DHCP client, then there would be a conflict when the reserved IP computer was turned back on.  Maybe it was an issue in ealier versions of the AE or OS X as the case may be, and maybe it's been corrected, but I've never bothered using it agian since the method I describe below has always worked without fail.  Also, I'm guessing DHCP Reservations would work fine if one manually enters IPs outside of the DHCP range but in the AE 'DHCP Reservation Setup Assistant' the IP options provided are within the DHCP range which to me makes no sense and increases the potential for IP conflicts.
  Here's what I do to setup a mixed environment of static and dynamic IPs on my network.  It works like a charm and does not require the DHCP server (beyond the distribution of dynamic IPs to hosts using DHCP).
  For machines on my network that are accepting services from the public network, I set them up with static IPs using the 'Manually' option (System Preferences/Network/Ethernet/Configure IPv4).  The settings for 'Router' IP address and 'DNS Server' IP address should both be set with your gateway/router LAN IP).  Use an IP address below or above the DHCP range of adresses (in AE/Internet/DHCP/DHCP Beginning & Ending Address).
  i.e. if my subnet is 10.0.1.1 and my DHCP range is 10.0.1.100 to 10.0.1.150, you could set the static IPs on your local hosts as 10.0.1.x where x = any number from 2 - 99 or from 151 - 200 as an example.
  All other machines and devices that do not require static routing are setup as DHCP clients and get a dynamic IP from the AE.  To me it's a simpler setup though it might take a little extra time to setup initially.
  John

• Windows 2008 DHCP Server Address Range and Exclusion Range

  Hi ,
  I have a couple of Doubts regarding DHCp windows 2008  server
  1) The DHCP server  is given a static Ip in a network series eg(192.168.1.x)  starting Ip is 192.168.1.1 to 192.168.1.254  , 
  and if the range is from 192.168.1.10 to 1.250 , 
  Should the DHCP server be not given an Ip in the DHCP range specified ?
  ie  the DHCP server static IP should not be in the 192.168.1.10-192.168.1.250 , ( I have given as 192.168.20.5)
  Even though the Exclusion range can be specified , Just want to know if this is best practice.
  2) And next setting up the range , should we give the entire network address as range ( eg 192.168.1.1 to 192.168.1.254) and set exclusion range 
  or  take a particular series  (eg 192.168.10-100) 
  Please advise
  Thanks in Advance
  Regards
  Anand M

  Your DHCP server range should update automatically to the 192.168.0.x  subnet when you change your "Local IP address" to 192.168.0.1.   Be sure to use a computer that is wired to your router when you do this.  Also, be sure to click on "Save Settings", then wait (3 to 60 seconds) for the screen to refresh.  You will likely be disconnected from the router when you do this.  Do not worry about this.  Power down the router and your computer.
  Next, wait 30 seconds, then reboot router and computer.  Your Local IP address and the DHCP server range should now have the same subnet.

• CRIO failing to get a DHCP assigned address

  I just went through heck with my IT deparment on this so thought I'd post it here.
  I had four cRIO-9073s on a remote switch in one of our labs, that MAX (Measurement and Automation Explorer) was saying were using Link-local addresses.  In fact, all were using the EXACT SAME address:  169.254.62.215.  Very strange!  I was able to talk to them using MAX some times, doing remote restarts, etc., but other times not.  All were configured to grab a DHCP address or fall back to link-local.
  As it turns out, the RIOs were attached to a Cisco switch that has a feature callled STP fully enabled on all ports.  STP is designed to prevent accidental loops in the network from downing your network, and that feature blocks all initial transmissions from attached devices for 30 seconds before letting them through, while it "listens" and "learns" about your device, analyzing to make sure that letting it connect won't create a loop.  Apparently this 30 second delay (forever in computer terms!) is too long for the cRIOs, so they take a link-local address, and since they can't even check the network for other link-local users because their transmissions aren't being forwarded, they all take the exact same address.  I'm still amazed MAX can find them under these conditions! 
  The way to get it working is to turn on "PortFast" on the Cisco switches, which simply disables the steps in STP that cause the slowdown (blocking, listening, learning).  Fortunately this can be done on a port-by-port basis, as it's recommended to NOT turn it on if ports are going to another switch (as that then opens the door for a loop).
  Here's more info:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00800b1500.shtml
  Here's hoping you don't need this!

  Hello Erik,
  Thank you very much for the post. Great work figuring out the root cause of your communication issue!
  Cameron F
  Applications Engineer
  National Instruments

• DHCP Assigned IPs

  My old D-Link router had a table where I could tell the DHCP server to assign specific IPs based on the MAC address of the device. I can't find a place in the WRT54G to do this. Do I have to go to each device and assign a fixed IP at the device? I like to keep the DHCP server active for setting up new devices and visitors. By using DHCP in my devices I don't have to reconfigure when I travel. With the old D-Link this worked find. It appears this could be a problem with the WRT54G. Am I missing something? Thanks, Bob

  You are correct.   The WRT54G does not support the "DHCP reservation" feature.   However, several of the newer Linksys wireless n routers support this feature.
  With the WRT54G, you can manually assign your computers a fixed LAN IP address.  You can also have a fixed address on some computers, while others take their address from the WRT54G's DHCP server.  Generally, unless you have a specific need for a fixed LAN IP address (for example, some online games require this for port forwarding to work properly), you should use a DHCP assigned address.
  Linksys has some specific rules about assigning fixed LAN IP addresses.  They are different from the D-Link.
  Rules for using fixed LAN IP addresses on Linksys routers:
  With Linksys routers, a fixed (static) LAN IP addresses must be assigned in the device that is using the address. So you need to enter the fixed address in the computer or printer, not in the router.
  When using a Linksys router, any fixed LAN IP address must be outside the DHCP server range (typically 192.168.1.100 thru 192.168.1.149), and it cannot end in 0, 1, or 255.
  Therefore any fixed LAN IP address would normally need to be in the range of
  192.168.1.2 thru 192.168.1.99 or
  192.168.1.150 thru 192.168.1.254
  assuming you are still using the default DHCP server range.
  Also, in the computer, when you set up a static LAN IP address, you would need to set the "Subnet mask" to 255.255.255.0 and the "Default Gateway" to 192.168.1.1 and "DNS server" to 192.168.1.1
  It is also important that no two devices on your network be set to the same static LAN IP address.

• Limitation on source group with services using ip address range

  Hello,
  I have an interface on CSS which I regard as public and another interface I regard as private. On the private interface is a server farm with private ip addresses. Since the server admin guys insisted the servers need to access internet just for Windows Update, I made a source group to NAT the private addresses to public addresses to allow the servers to access internet.
  I defined services for use by the source group. Since keepalive is not important in this case, I set keepalive none to ,I hope so, save system resources.
  I have server 192.168.1.1-5 (5 servers) and 192.168.1.11-14 (4 servers), so I made a service with ip address 192.168.1.1 range 5 and another service 192.168.1.11 range 4.
  But then I found that the two services cannot be put in the same source group. It is because of the different range in the service definition.
  I can get it work if I define services with single ip address, but then I will have a long configuration with repetative information. And I think this may be using more system resources.
  I can also get it work if I include 192.168.11.15 and define two services both with a range of 5 ip addresses. But 192.168.11.15 is not actually there.
  Why is there such a limitation on source group, or services with ip address range? Is there the same limitation for content rules? Or am I getting it all wrong and should do the configuration in other ways?
  Advices will be welcomed.
  CT Yau
  Hong Kong

  Yes you are correct. There is a limitation while adding services into source groups.
  You can create as many services that share an ip range (eg. a /24 subnet range). But the trouble starts when you add them into source groups. You can not add them into a source group NOR you can add them under different source groups as well.
  You mentioned that you can use single ip adress instead of range for the services...but it is not true as you will be stuck when you add them into source groups.
  I can think of these following options in your case.
  Option 1
  Change the ip range on the servers. Use 2 different IP ranges one for those 5 servers and another for those 4 servers.
  Create 2 services for each range.
  Create 2 groups and add the services.
  service server-out-192.168.1.1-5
  ip address 192.168.1.1 range 5
  active
  service server-out-172.168.1.11-14
  ip address 192.168.1.11 range 4
  active
  group server-out-192.168.1.11-14
  vip address x.x.x.1
  add server-out-192.168.1.1-5
  active
  group server-out-172.168.1.11-14
  vip address x.x.x.2
  add server-out-172.168.1.11-14
  active
  Option 2
  Create a service that includes all the ip addresses starting from 192.168.1.1 through .14 using the range keyword.
  Now you need to create one source group with a VIP. Add the service to the source group.
  If you do not want to cover the unassigned ip addresses just move them up and use consecutive ones.
  service server-out-192.168.1.1-14
  ip address 192.168.1.1 range 14
  active
  group server-out-192.168.1.11-14
  vip address x.x.x.x
  add service server-out-192.168.1.1-14
  active
  thanks

• Object-group with network-object containing an IP address range

  Hello,
  Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
  object-group network test
  network-object 192.168.0.0 192.168.63.255
  network-object-group mode commands/options:
    A.B.C.D  Enter an IPv4 network mask
  sh run ob id test
  object-group network test
  network-object 192.168.0.0 192.168.63.255
  I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly. Thank you.
  -John

  Hello,
  Thank you for your replies. In code version 8.0(5)23, it appears I am able to define a "range" of IP addresses as in:
  192.168.0.0 192.168.63.255 as opposed to defining a range with a netmask like 192.168.0.0 255.255.192.0.
  With the "range" of IP address applied to the "object-group network test" with sub command "network-object 192.168.0.0 192.168.63.255" the ASA does not pick up on said "range" when this object group is applied to a DENY access list. It only reads it properly when the netmask is attached, which is the correct configuration, as in: "network-object 192.168.0.0 255.255.192.0".
  To clarify, I mean range as in 192.168.0.0 - 192.168.63.255.
  Hope this helps to understand. I am just curious as to why this is even able to be applied in such a way or if it is a bug in this particular code version? I can also confirm that this can be done in code version 8.4(2). See below snippets of my configuration in the 8.4(2) code version:
  access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
    access-list 101 line 3 extended deny ip 192.168.0.0 192.168.63.255 any (hitcnt=0) 0x0623b0c4
  access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
  Packet trace results in allowing the "range" of IP address:
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: dmztest
  output-status: up
  output-line-status: up
  Action: allow
  Now with the "correct" configuration:
  access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
    access-list 101 line 3 extended deny ip 192.168.0.0 255.255.192.0 any (hitcnt=1) 0xa31c6bbd
  access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: dmztest
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  Thank you.
  -John

• Suse 9 oracle 10g installation DHCP-assigned public IP addresses problem

  Hi,
  I got below error when I have tried to install Oracle 10gR2.
  I have checked # hostname, it is Ok. I setup network to use static Ip.
  I checked /etc/hosts. Does oracle get hostname another file?
  How can I solve my problem.
  Thanks.
  Recommendation: Oracle supports installations on systems with
  DHCP-assigned public IP addresses. However, the primary network
  interface on the system should be configured with a static IP
  address in order for the Oracle Software to function properly.
  See the Installation Guide for more details on installing the
  software on systems configured with DHCP.

  Hostname command should return the fully qualified hostname as shown below:
  % hostname
  hostname.domainname

• Forcing Computer to Use a Certain IP Address Range

  Hopefully you guys can help me here.
  I have two WRT54G routers connected with one (upstairs) grabbing the signal from the other (downstairs) and extending it. My computers are upstairs and they still seem to connect to the router downstairs even though they are much farther away from it than the one upstairs. The SSIDs have to be the same since I am using WPA encryption so changing that isn't an option, even though it would work.
  The router upstairs assigns IP ranges starting at xxx.xxx.x.200 to .249. I was wondering if I could somehow force my computers to either connect to the upstairs router or only get IP addresses in the above range.
  I hope that made some sort of sense, any help would be greatly appreciated. Thanks.

  You do not choose the WiFi base station based on IP address. That is closing the bard door after the horse has left the barn.
  If you want to enforce upstairs systems using the upstairs base station, then use separage SSID names, and configure the upstairs Macs to choose that SSID as a preferred network (System Preferences -> Network -> Advanced -> Airport -> Preferred Networks)
  If you setup a roaming networks (all WiFi base stations using the same SSID and password), then the Mac has the option of choosing the base station which it feels has the strongest signal. The real advantage of a roaming network is the ability to move around the house with a laptop and never loose your connection even if the laptop switches base stations (which is the setup I have in my home).
  And as has been pointed out, you should really only have a single router, and all other wifi base stations should be in bridge mode (bridge the ethernet to wifi).
  If you have multiple routers, Bonjour (aka zeroconf in Unix speak) protocols can not cross an active router boundary. That would mean if you put an active router between the upstairs Macs and the downstairs Macs, they will not be able to see each other on the network, they will not be able to share files, share printers, etc... It will also make it more difficult to connect remotely over the internet (assuming you wanted to do something like that).

• Help needed : DHCP not assigning addresses on VMware. click for more details.

  Hello people of technet,
  I'm new to this forum I was told I could get some help here. I need your help with an issue that I have on my network. As the title says, my DHCP server is not assigning addresses from a specific pool.
  Information about the topology:
  I have to sites linked with a VPN site to site connection. In the first site I have a DHCP Server, In the second site I have a client that should get an address automatically from the DHCP. I installed a DHCP relay agent on the server that manages the VPN
  connection on the second site with a correct configuration. All other configurations are done right I verified a couple of times. I checked the connectivity with a ping test between the client (with static address for the test) from the second site to the
  DHCP server from the first site, it is all working. The problem is that the DHCP server is not assigning addresses from the specific pool. All machines (4) run on windows server 2008 r2.
  Thank you for your time and support, just tell me if you need more informations.

  I fixed the problem it is working now, apparently it was the VMnet cards that caused the issue I've just reseted their configuration to default state. I've had the idea after you asked me to check DHCP address assignement on the same site. One more thing
  to do now, switch from the workgroup to a domain.
  Thank you for you time.

• Automatic computer discovery by IP address range

  My domain is a subdomain of a parent domain and I only manage devices in my own subnet with static IPs. I am just installing SCCM2102 r2 as a trial version! at step 1 to configure and devices to manage, I don't see an option to scan devices via an IP address
  range! I don't want to scan entire root domain in which I don't manage. Is that option available somewhere in SCCM 2102 R2? thanks.
  Thang Mo

  There is also a network discovery that can be used to discover devices in a specific subnet. It's not very often used, as it cause lots of overhead and discovers also devices that you don't want to manage (see also:
  http://technet.microsoft.com/en-us/library/hh427340.aspx#BKMK_ConfigNetworkDisc).
  Also keep in mind that you don't need to discover the devices that you want to manage. It just makes it easier to install clients on them. Without discovering you would need to manually install the clietns.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• DHCP beginning address problem.

  Hi guys,
  I cannot understand how to configure my TC. I put exactly the same network settings as they were in the Airport Express to share the Internet connection. Everything works fine except the internet itself. The problem as I see it is that dhcp beginning address cannot be set far away from the static IP. In my case, the static IP is 213.170.70.** and I only can change these ** last figures in the dhcp range.
  But this conflicts with my provider and I have no internet while the TC itself works fine. If I set "share the only address" it doesn't help either.
  Anybody can help?
  Many thanks in advance.

  None really. These are the three IP Address ranges available for Private Networks. The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve these IPv4 address ranges for private networks. This has been published in RFC 1918.
  More info: Wikipedia: Private network