DHCP lease for Guest Wireless network

Is there a "rule-of-thumb" for the lease of DHCP on a guest or general use wireless network. The standard user is expected to be relatively transient. Thanks in advance for the comments / help.

I think ther no such rule of thumbs in a wireless network but the networks that incorporate large numbers of mobile devices, such as laptops and wireless telephony devices, should be configured with shorter DHCP lease times (for example, one day) to prevent depletion of DHCP-managed subnet addresses. Mobile devices typically use IP addresses for short increments of time and then might not request a DHCP renewal or new address for a long period of time. Longer lease times will tie up these IP addresses and prevent them from being reassigned even when they are no longer being used.

Similar Messages

  • ASA5510 base config for guest wireless network

    Hello
    I am partitioning off my guest wireless traffic out a new connection.
    I have a WISM and a 5508 controller. The WISM will anchor the subnets to the specific controller.
    AP - WISM - 5508 - FW - Cable link - Internet
    Can anyone assist in implementing a base config so only traffic originating inside can get out, nothing from outside getting in.
    The external link will be via cable and I want to configure their static on my outside int,
    Where would be the best place to ratelimit the subnet(s)?
    sMc       

    ip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 80ip access-list 10 permit ip 172.16.16.0 255.255.255.0 eq 443
    These are router configurations and would not work on the ASA.  To do this the ACL config would need to look like this:
    access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 80
    access-list LAN extended permit ip 172.16.16.0 255.255.255.0 any eq 443
    access-group LAN in interface inside
    Keep in mind that you can change the ACL name (LAN) to anything you want it to be.  You could apply the ACL in the outbound direction but this is very unusual to do on the ASA and I do not suggest doing it unless you have a specific reason for doing so.
    Also, to make sure this subnet has no access to inside services, what would be needed?
    Not exactly sure where you are going with this.  Is this subnet also located on the inside interface? or on a different interface?
    If it is located on a different interface, then all you have to do is either give it a lower security level than that of the inside interface (lets say 90 for example), or add an ACL that denies traffic to the inside network subnet and then under that rule have an entery permitting traffic to any.
    Keep in mind that the ACLs are checked top to bottom and there is an implicit deny any rule at the bottom of all ACLs.  If this ASA is version 8.3 or higher the implicit deny can be seen in the global ACL in the ASDM.
    Please remember to rate and select a correct answer

  • Self-assigned IP after trying to renew DHCP lease for former network

    Hi all,
    MacBook Pro 15" purchased in Februrary 2008, currently running 10.5.5, up-to-date with patches as of yesterday, 10/20/2008.
    For a few weeks now, I've been consistently unable to connect to wireless networks (secured or unsecured, public or private) after changing networks (i.e. going from home to a coffee shop).
    I have control over my home network router, and its logs show that upon connecting to the network, OS X tries to renew a DHCP lease for the previous network it was on. Upon receiving the "bad network" DHCP reply, instead of releasing the lease and obtaining a new one, the AirPort interface is immediately assigned an IPV4LL address (from 169.254.0.0/16) and no combination of changing network settings, changing AirPort settings, or rebooting will eliminate the old DHCP lease.
    The end result is that my MBP is entirely nonfunctional on some wireless networks that other clients (both Windows and Mac) seem to have no trouble accessing. The problem is quite annoying because I can't connect to access points that (previously) worked fine and whose configurations haven't changed.
    In any case where this problem occurs, an old DHCP lease for a different network (10.0.0.0/8 when trying to get on 192.168.0.0/24 or vice versa) is present, so I strongly suspect a DHCP problem. In all cases, I have perfect connectivity to the access point itself, so problems with the wireless connection parameters (including encryption), or those troublesome problems with 802.11b/g/n interoperation seem highly unlikely.
    One of two things would help me:
    1) Please tell me how to clear the DHCP lease cache. Deleting files from /var/db/dhcpclient/leases does nothing (they appear again upon reboot, identical save for timestamps even after changing network environments, so the cache must be read at boot time and written at shutdown). Selecting "Renew DHCP lease" from the "TCP/IP" tab in the advanced network settings merely attempts to renew the existing lease (for an invalid IP address); it does not appear to release invalid leases.
    2) If this is really how the DHCP client is behaving, change the DHCP client so that upon receiving the "Bad network" response, it releases (or simply abandons) the lease and obtains a new one, rather than immediately assigning an IPV4LL address to the AirPort interface.
    Additionally, is there any documentation on the Apple DHCP client? Under Linux, I could alter dhcpcd parameters to diagnose things like this. I could find no documentation about the Apple DHCP client outside of Mac Help, which wasn't really any help in this case.
    Finally, I do not suspect that this is an instance of the problem discussed in http://discussions.apple.com/thread.jspa?threadID=1352518&tstart=0 as my connection is rock-solid if it can get an IP address when it connects. I've never even seen it hiccup.
    Thanks,
    Matt Z.

    I have had wireless problems intermittently for a year, and seriously for 6 weeks. Apple denied the issue and was no help in spite of many tens of thousands of people on their own discussions complaining. I found a post suggesting a couple of things which fixed the problem. I don't know if both are necessary, but the first by itself does not solve the problem.
    Lock the channel of your router to channel 1, apparently Apple and 802.11n don't play well together on higher channels. When this becomes a standard this will be resolved I hope.
    Open your network preferences, select 'airport' and advanced. Delete unused networks. Select your network.
    Open TCP/IP and write down all the settings, configure iPv4 manually. Enter the settings manually. Turn off IpV6.
    Open DNS and write down your DNS server. Delete it and re-enter it manually.
    This has worked on 2 macbooks and an iMac for the last 3 weeks with no network drops.
    Joe Shea
    Philadelphia

  • Guest Wireless Network

    Hello,
    Is anyone aware of a way, "except for not broadcasting the SSID", to prevent clients from Inadvertently obtaining an IP address on a guest wireless network?
    We are using two pair of 5508's for anchor controllers, and we're close to reaching our limit of 14k clients.  While researching, we've found a number of addresses that are being handed out, are mobile devices with their WIFI enabled, walking through our facilities, but not necassarily wanting to use the guest WIFI.
    We would like to somehow not have the devices obtain an IP, unless they truly want to connect.  All I've been able to come up with is not to broadcast the SSID, which senior managment feels is not acceptable.
    Thanks

    Hi,
    you can on the create on WLC, a separate dummy L3 interface (192.168.250.0/24 and a VLAN thet is not on Your LAN "3333") and WLAN with the name "1"
    The DHCP is configured on 5508 with a lease of 240s.
    The SSID appears first in the selection. and the clients will connect to the.
    Your SSID can be broadcast and the user can select the need.
    miro

  • Internal Corporate wireless and guest wireless network

    I need some technical information on hwo the wireless guest network is created on the Airport Extreme. We currently do not permit personal wireless devices to connect to our internal wireless network in order to protect out data. Several times users have presented us with justifiable business requests to have access to the wireless network from their own devices. We've been looking at using the Airport Extreme in order to do this, but we are bound by PCI (Payment Card Industry) requirements to keep our customer credit card data secure. PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?
    Two or three of these on each floor would fit our need for such access and keep out customer data secure.
    Thanks

    Welcome to the discussion area!
    +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
    I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
    This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
    FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

  • Web Based Registration for Guest Wireless Access

    I just started a project to make a guest wireless network available at every site in my enterprise.  Guest wireless networks are currently available at some sites.  Two key goals of this project is to enable WPA/WPA2 encryption and to develop a web based registration/autentication solution.  All of the sites have a mixture of 1230, 1240, and 1250 autonomous access points.  What do I need to do/get in order to make this happen?

    You should get a WLC and upgrade the 1240 and 1250 and replace the 1230's if they are in remote sites.
    The WLC has a Webauth feature that is great. You can define users on the WLC also if you wish.
    Guest access should always be open authentication with the use of a Webauth page. This makes it easy and you won't have to help manage guest access. Autonomous ap's and to have a splash page will require a 3rd party software or you can use a Cisco NAC guest server.
    Search for Cisco Wireless Guest Access or Webauth and you will see many docs on this type of setup.
    Sent from Cisco Technical Support iPhone App

  • Guest Wireless Network Setup

    I got the task of setting up a Guest wireless network for one of our remote campuses. We already have some APs that are connecting to our WLC.
    The Enviroment:
    WLC Cisco 5500 is at our Corporate office. Connects to our Core Switch then to our Router
    Router connects to our remote campuses over mpls
    We currently already have APs at this campus that are connecting back to our WLC.
    We have a DSL line at the remote campus that we want this Guest wireless routed to.
    I have already created the guest network on the WLC and a guest VLAN on the Core switch
    My main question is how to configure the two routers for this and have this go out the DSL modem?
    Any help is very appreciated...

    That is fine. All you have to do is enable h-reap/FlexConnect local switching on the guest WLAN. Then change the mode on the AP to h-reap/FlexConnect and then the ap will reboot once it comes back up, you need to co figure the switch port as a dot1q trunk only allowing the vlans for the AP and guest. Set the native vlan on the trunk I the vlan the ap belongs on. On the h-reap ap, you will have another tab on the top for h-reap/FlexConnect. You enable vlan support and then put the vlan I'd the ap belongs on. Hit apply then go back to the h-reap/FlexConnect tab and click on vlan mapping. There you will see the guest SSID and then a box in which you can enter a vlan. That is where you will put your vlan for the guest. Now since this vlan your dsl is connected needs to reach all the AP's, you just need to create a layer 2 vlan and connect the dsl router to that. Users will get an ip from that dsl router etc.
    Sent from Cisco Technical Support iPhone App

  • Printing Solutions for Guest Wireless

    So this is something that has been bouncing around the forums for a year or two now.  I have failed to come up with a "best-of-breed" approach that meets the strict security requirments of a government department.
    The scenario is this - the wireless platform is based around centralised Wism controllers in a datacentre and an anchor controller (for guest wireless) in a dmz, we have WCS to manage the components including the Lightweight Access-Points (mainly Cisco 1142N's) with a Cisco NGS to act as both hotspot and as the client credentials RADIUS authority. it works great except for printing which simply isn't currently an option.
    The solution services a wide number of geographic locations - all members of the one guest SSID and mobility group.  Since clients that connect to this are effectively DMZ'd and only able to connect to the internet, I am struggling to find a practical way to provide printing specific to each geographic site without going for a cloud service such as "Drop-box", or "PrinterON" 
    Has anyone out there in the Community come up with any innovative approaches to this connundrum?  If so please join the conversation

    Hi, I've encountered the same issue. Did you find a solution?

  • TS1398 iphone2 can not scan for my wireless network; i tried all troubleshoots but still same problem. Can anyone help?

    iPhone2 can not scan for my wireless network; i tried all troubleshoots but still same problem. Can anyone help?

    Anyone have any ideas or information to help with this?  Any help and consideration is MUCH appreciated.

  • I have a new iPad 2 it won't search for open wireless networks how do I fix this?

    I have an iPad 2 that won't search for open wireless networks for example when I go to the car dealership.  How do I fix this?

    Take it back and have it replaced.

  • Onfigure a WAP54G to act as a repeater for my wireless network hosted by a Cisco/Linksys WAP610AP

    How can I configure a WAP54G to act as a repeater for my wireless network hosted by a Cisco/Linksys WAP610AP
    I am using ONLY 2.4GHz wireless band on the WAP610AP running Firmware Version 1.0.04
    The signal from WAP610AP is weak in my home office and I would like to use the WAP54G as the repeater. Is this possible? If yes, please help!
    TIA

    This statement is according to the WAP’s user interface: When set to "AP Client" and "WirelessBridge" mode, this device will only communicate with another Linksys Access Point (WAP54G). When set to "Wireless Repeater" mode, this device will only communicate with another Linksys Access Point (WAP54G) and Linksys Wireless-G Router (WRT54G). In a nutshell, the WAP54G may have a big possibility that it will not work on that device.

  • If i install my airport extreme using a pc, does that pc need to always be in the house for the wireless network to work?

    Do I need to have the PC that I set up teh airport extreme with in teh house for the wireless network to work?

    No. You would only need the PC to run the AirPort Utility if you ever need to make any configuration changes to the AirPort Extreme Base Station (AEBS). You can even do that from a remote location. A computer is not required in order for other wireless clients to connect to the AEBS for network/Internet acess.

  • How do you set up a password for a wireless network when using an Airport Extreme?

    How do you set up a password for a wireless network when using an Airport Extreme wireless router?

    Thanks for the updated information.
    Open Macintosh HD > Applications > Utilities > AirPort Utility
    Click on the AirPort Extreme icon, then click Manual Setup
    Click the Wireless tab below the row of icons
    Check to make sure that the setting for Wireless Security reads either WPA2 Personal or WPA/WPA2 Personal
    Enter a Wireless Password and Verify Password
    Click Update to save any changes and wait a full minute for the AirPort Etreme to restart

  • I have an Airport Extreme which I'm using for a wireless network. Can I also plug in my iMac to one of the free ethernet ports on the Airport Extreme to connect to the Internet that way? Thank you.

    I have an Airport Extreme which I'm using for a wireless network. (The wireless router is connected to a DSL modem.) Can I also plug in my iMac to one of the free ethernet ports on the Airport Extreme to connect to the Internet that way? Thank you.

    Yes, you can.

  • Time Capsule - Can it run as DHCP router, create a wireless network and plug into switch for wired network all at the same time?

    I have a closet with Wired connections from all over the house terminating in it. I also have the internet modem and a switch in this closet. My old setup was a netgear in the closet creating a wireless network and also feeding the Ethernet ports all over the house. In my room, I had an Airport express (a month old) bridging the wifi to make the wifi network larger. The Express was hard wired from the wall and my mac mini was using it's wifi (printer was plugged into other ethernet port). Everything was working great.
    Fast forward to last week. My Netgear died. So, I bought a time capsule. My plan was to move the Express to the closet and have it create the wifi network and also then run cat 5 cord from express to the switch to feed all the wired wall plugs. Reset it and set it up to create the wifi network as well as DCHP NAT. Wireless was running great on it. Then I plugged in the Cat 5 in the second Ethernet Port to the switch. Wifi stopped working and none of the computers would connect using wired connections either. They would see a 'network' but nothing would work. I would unplug the Cat 5 feeding the swtich and the wireless would start working again. Plug the Cat 5 back in and wireless would stop.
    So I thought I would try the Time Capsule in the closet and see if I could get it to work. Pretty much the same thing, except at this point I figured out if I went in and told it NOT to create a wifi network the wired portion worked fine and all the wired computers in the house worked fine. Of course, then I didn't have Wifi.
    I'm not clueless when it comes to networking, but I can NOT figure this out! Can either the Time Capsule or Express Create the wifi network AND also feed the data to the switch for all the wired computers?
    To simplify this is what I want my end result to be. I prefer the Time Capsule to be the wireless connection extender, but if I have to have the Express do it, I'm fine with that.
    1. Express in the closet creating the wifi network as well as feeding the data to the wired connections via my switch.
    2. have the Time capsule in my room at the opposite end of the house plugged into the hard wired connection to extend the wrieless network as well as have wired connections such as my printer and my Mac Mini.
    If I can get #1 to work, I don't think I'll have any problems with #2. Help!

    I have an equally complex setup with a managed switch actually but I have never seen the TC have this kind of issue.
    What I do notice is you have changed the TC from defaults.. you are using a non-default IP range.
    I have run across issues like this where people move things from default.
    I would like you to start over.. factory reset the TC. That will set it back to default router mode.
    Do the min setup on the TC..
    1. Change all names from what you were using. That includes the TC name and wireless name/s
    Make them short, no spaces and pure alphanumeric because that is the correct way to network. Apple default names with spaces and apostrophes are fundamentally bad.
    2. With just the TC plugged into the switch.. and a single computer connected by ethernet. Power cycle the whole network.. this allows the switch to clear all the old MAC address.
    3. Test on the computer just ethernet. Turn the wireless off.
    The computer must use dhcp and must get an ip from the TC.
    It has to get the correct Router.. ie Gateway.. I wish apple could stick with proper network terminology.
    And it must get same address or valid DNS server address/es.
    If it fails.. please plug ethernet directly to the TC.. bypassing the switch.
    You should get the standard IP addressing and internet connection.
    If not please post the screenshot from the Mac of the network preferences showing the ethernet setup.
    I need to see what address it does get. I need you to make sure the ethernet is the TOP of the list. So rearrange the order of network connection. With the airport off it should just go to the top of the list.
    If it appears to be working .. but a browser cannot connect, open a terminal and ping an internet address.
    Ping the actual gateway address the ISP gives you and ping the ISP dns address.

Maybe you are looking for