DHCP not issuing DNS to client.

My xServer is using OSX Server 10.4.10 and is our networks DHCP server. When I set a client machine to automaticaly get its settings it correctly gets its IP address, Subnet Mask and Gateway. However it will not connect to the internet until I add the DNS settings manually.
I cannot find any reason why this should be. This must be some stupid setting I am missing, any help would be very kind.

It is a new server and I have been trying to configure it. It does not work properly and I have turned to these forums in the hope that somene here would be able to tell m what I have done wrong. Kostas I don't really understand why you are asking me this.
Wjat I have should be a ver simple thing to configure I a have a network which is going to use the xServe as its Gateway, DCHP Server and mail server. I have allocated the mailserver the internal I address of 192.168.101.40 and my ISP has given me an ip of 62.49.189.82 for the WAN side. At the moment it seems to work, except for three things, which may be related(DNS, FTP & Host names), my plan was to fix the first and see if the others goes away.
The first problem is that client machines are not recieving the DNS settings and so they cannot connect to the internet unless I manually provide them with the ip address of the xServer.
I have submitted a couple of screenshots via pdf documents to show you my settings, and I will be very greatful if you can see what I have done wrong. Have I provided enough information for someone to be able to help me. Most of the settings I have made I copied from my old machine (A Cobalt Qube) which the xServe replaces. Until the Qube failed it worked without any problems for 5 years. I don't understand why it is that this server seems so much more difficult to configure than the Qube.
Apple has a good reputation for providing easy to configure machines, this software seems to have bypassed the QC check on software design.

Similar Messages

DHCP not issuing IP's, SIU Problems

Upgraded to 10.5 server from 10.4.11 Server and I am having a few problems.
Number 1
I am trying to get NetBoot Running again but none of my systems are recognizing the server. I have checked the logs and everything is looking great except that I see DHCP requests coming through (MAC address' are in the log) but the server is not distributing the IP to the machines. The log file reports the subnet is not right.
Number 2
I am trying to create factory restores for new macs. When using SIU I am having trouble getting the program to recognize that there are usually two DVD's that come with macs for restores. I tried having the unit select packages but that does not come up with anything. When I run the image workflow it does not even ask for the second disk which has a lot of bundled software. Any help would be appreciated!

I was having various DHCP problems, it was telling me the start IP wasn't within the range, although it clearly was - try making a new subnet with the same details then restart the service.
Also check directory utility on the client machines, if they are running leopard too, I noticed a but where if it was set to automatically discover the server via DHCP the search policy for authentication had to be set to a custom path not automatic, else the clients were getting self signed IP's instead of DHCP assigned.

DHCP to pass DNS asssigned clients

Hi all,
I'm using the DHCP server to asssign IP address to my clients.
The problem is that the DNS server only recognize the machines with the static IP's configured in the DNS machines section.
Is there a way to configure the DHCP (or the DNS) to share information so the the DNS will recognize all clients connected throgh DHCP?
Thanks,
Ziv

I set generic forward/reverse entries for the entire zone. This way, every IP, whether static or dynamic, will have a forward/reverse entry.
This would take a while by hand, but I use an excel worksheet to automate it. Just enter domain and subnet, and then copy/paste into Terminal.
If you are comfy in terminal and modifying zone files, I can send it to you.
Jeff

Help! Can't Connect, DHCP Not Issuing Correct IP Address

I get an vDSL connection and have a home LAN set up with both Ethernet and Airport. Usually, when a computer connects through DHCP, it gets an AP Address of 192.168.0.x, "x" being a number higher than 1, depending on when it connected to the network. My desktop iMac works fine in this regard, with an internal IP address of 192.168.0.5, and the router being 192.168.0.1.
The problem: My Powerbook also used to do this fine, but suddenly this morning it could not connect to the network via Airport or Ethernet, with one or the other turned off, or both turned on.
The key: via Ethernet, the DHCP automatically sets to 10.0.1.4, with the router as 10.0.1.1--which, if I am not mistaken, is the Airport address system. But this is not under "Airport" in the Network control panel, it's under "Ethernet," and thus my problem. I cannot get the danged IP Address to go back to the correct Ethernet address! I tried restarting, turning Airport off, renewing the DHCP license, and trying the assistant features--nothing worked. My Powerbook is completely offline--and I have to use this for my workj in just a few hours!
Help! Thanks!

OK, never mind. It turns out that I had plugged in the ethernet cable to the wrong port on the Airport base station. Somehow that was mucking everything up. I switched the port, and now it works fine.

DHCP not issuing IP System Preferences/Ethernet failure

I have 10.4.6 running a dhcp connection and it stopped recognizing my ethernet connection one day. I have troubleshooted it and zapped pram not been able to get it to recognize when my ethernet is plugged in or system preferences to recognize ethernet as an option, even when I configure it to.
I see this is pretty common. Does anyone know what to do?
Thanks
David

Since I just got through installing a replacement NIC for a customer, because lightning took out his factory ethernet interface, I thought I might share.
We knew lightning had struck, because all of the network devices were disabled. On the Mac that got damaged, the ethernet interface failed to appear in the hardware list of the System Profiler.
If you're not seeing any adaptor, and you're reset the PRAM, then it's possible your adaptor was damaged by external forces. Could even be from a static discharge. In that case; for $5, you can install a new network interface card (NIC). Be sure to read Tim's posts about generic cards that are supported by Apple's standard drivers (don't require a driver).
Then again, you may have a completely different problem!

Lion Server not handing out DHCP addresses to Snow Leopard client

I have been pulling my hair out over this.
Here is the layout
Lion Server running on the newest Mac Mini and doing mail, DNS, DHCP, Software update and has a valid, not self assigned, certificate
3 clients running Lion Desktop (2 iMACs and a MBP pro (all no more that a year old and all woth the current updates)
1 client running Snow Leopard Desktop (last years 13 inch MBA)
The 3 Lion clients can get dhcp fro mthe Lion server without any issue
The SL client cannot get a DHCP address from the Lion server
A tcpdump shows the DHCP request coming from the MAC address of the SL client but no response from the Lion Server and nothing showing a deny in the logs for the DHCP server or any other system/kernel logs. The Lion clients all show the request and reply for them. All 4 clients currently have a static assignment in DHCP but even if I remove them all and do auto-assign for everything or even each one individually, the SL client will not get an address both on the Wifi and Ethernet (I have the USB ethernet adapter).
I also have an Aiport Extreme and if I use that for the DHCP server then all clients get the addresses. I know the DHCP server in the extreme cannot be shut down but if you give the extreme a static address then assign dhcp on the extreme to only give out one address and that is the same one that is statically assigned then it "thinks" it is out of addresses and no longer tries to assign addresses
At first I thought there was a conflict between the extreme and the Lion server but as I mentioned above, tcpdump clearly shows the requests going right to the Lion server
I'm usually pretty good at this kind of thing but this one has me stumped. I'm thinking bug, anyone else run into this yet?

Ryan jones,
> Having trouble with our dhcp server handing out IP addresses through the
> Wireless Lan Controller.
Has it ever worked? Is the Wireless controller configured to forward DHCP
requests to your DHCP server?
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
Ingo

Hi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo

WLC 5508 Internal DHCP server issues

Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address         Type        Ap Mgr        Gu
est
guest                                        1    301      10.255.255.30    Dynamic   No              No
management                          1    100      172.17.1.30        Static          Yes            No
service-port                              N/A N/A      192.168.0.1       Static         No               No
virtual                                        N/A   N/A      10.0.0.1              Static         No               No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID               Status    Interface Name
1        LAN                                    Enabled   management
2        Internet                               Enabled   management
3        Managment Assets          Enabled   management
4        Guest                                  Enabled   guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
       MAC                IP         Lease Time Remaining
00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central       <<<<<<<<<
H-REAP Authentication............................ Central       <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100           <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100

Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu

DHCP/ARP issue in WLC

We have an issue where the client PCs are not receiving IP address from DHCP though they get authenticated. Clients with static IP address don't have any issue. I get the below DHCP error message from the logs,
%DHCP-4-INVALID_VLANID_ARP: dhcp_proxy.c:1035 ARP table stores invalid vlan id 0, for the IP Addr 0x85. Expected vlan id for this ip address is 174616833
And in the ARP table, I see an invalid arp entry for the gateway IP address for a particular VLAN.
00:0D:BC:2B:76:BF   10.104.113.1     2      0      Host
While this MAC address should be learned from port 1 and in VLAN 133, it shows as port 2 and VLAN 0. The ARP entry gets corrected itself when I flush the ARP cache or if I do a ping to the IP from WLC.
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
kwe-wireless                     1    133      10.104.113.2    Dynamic No     No
WLC Model - 4402
OS Version - 5.1.151.0

Well just for information purpose, the v5.x is the worst code version out there. Since you have 4400's, I would upgrade to v7.0.x. Makes ire your AP's are compatible by looking at this list.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App

Dhcp not allocating addresses

My network is managed by Mac Mini Server (Lion) with an Airport Extreme.
I have the wireless set up as WPA2 Enterprise with the Radius Server, Open Directory, DNS and DHCP running on my Mac Mini Server.
In the past week, possibly since the last updates were applied, all wireless devices are having real issues connecting to the network. They are authenticating OK but an address is either never assigned or appears after 5 or ten minutes. To verify this I tried to connect iPad. This was set to use DHCP and the wifi symbol appears intermittently at the top of screen but on the networks page a spinning wheel appears next to the network name and the address details (i.e local address, router, DNS, etc.) are all empty. If I configure for manually entered address details the deveice connects immediately and works fine. Switching back to DHCP and the problem comes back (i.e. connects to wifi but no address is ever allocated).
Any ideas on why DHCP would suddenly stop working. I have tried restarting the service, rebooting the Airport, rebooting the server but nothing seams to fix it. Every thing was working just fine for the past 6 months.

Thanks for reply.
Router is:
Netopia ADSL Gateway 3346N-002
4 port 10/100 Ethernet built-in
The settings in the Control Panel didn't show anything of note.
What's interesting is that when the user's laptop went back to the hotel again today, the same issue cropped again -- hotel's DHCP not giving IP Address. The office DHCP server was assigning no problem.
Then... I checked Access Connections Profiles and noticed that "Disable this wireless radio when switching to a different location" was not checked for any profiles.
I checked off on all profile and then the hotel DHCP made the connection.
I did read somewhere that a possible fix is to do an IPCONFIG/RELEASE * and then do an immediate Shutdown/Restart. Issue is that I didn't have this option on the user's laptop before I made the Access Connections fix.
Please reply to clarify or add anything -- I appreciate your quick response because I spent 4 additional hours last night.
Paul

CWA NOT REDIRECT AUTOMATIC IN CLIENT WEBBROWSER

Guys, i have problem, the the portal cwa not open automatic in clients, if the client copy and paste the url of session, this open!! but automatic is the problem, the acl is ok, dns is ok.
switch version 15.2

Client Machine URL Redirection Function Not Working
Symptoms or Issue
Users are not appropriately redirected to the correct URL for authentication.
Conditions
The monitoring and troubleshooting configuration validator is designed to catch this. The web authentication configuration (global) details may display something like the following:
•Mandatory Expected Configuration Found On Device
•aaa authorization auth-proxy default group <radius_group> aaa authorization auth-proxy default group radius
•aaa accounting auth-proxy default start-stop group <radius_group> Missing
•ip admission name <word> proxy http inactivity-time 60 Missing fallback profile <word>
•ip access-group <word> in
•ip admission <word> Missing
•ip http server ip http server
•ip http secure-server ip http secure-server
Possible Causes
The switch is missing the ip http server and/or ip http secure-server command.
Resolution
Verify and (if necessary) adjust the configuration on the switch.
and also verify the similar issue with solution:https://supportforums.cisco.com/discussion/11954461/cwa-page-does-not-redirect

Manage Devices url not coming up on clients

After configuring OS X server. I try to access the URL for enrollment, the site will not coming up. Say cannot connect to server. Anyone have this issue?

Please launch the Applications > Utilities > Terminal.app tool on the server and issue the following non-disruptive diagnostic command:
sudo changeip -checkhostname
The output from this command will provide some information on the host name and network, and then whether DNS is correctly configured or has issues. If your DNS has issues, you'll need to address those before working with the web server or any other services; OS X Server (and other servers) tend to get wonky when DNS isn't working.
With a server, you'll want to have a real and registered domain. If you don't have that, then a bogus name can be used — that's not something I generally recommend, but it does work for folks just getting started — and you'll want to avoid using .local domains for your DNS, or any domain names you don't have permission to use.
Your client(s) will also need to be using your DNS server(s) on your LAN for host translations, and not sending DNS translation requests directly to your ISP or other off-LAN DNS servers.

DHCP Name Protection & DNS Records

How correlates DHCP Name protection & DNS records for domain PC? We found a lot of old records from PC's in DNS, and I'm just wondering, does DNS (or DHCP) removes records about PC, which were removed from AD (not gracefully, just deleted computer
account)?

Hi,
If you want the DHCP server to register the DNS records for the DHCP clients, you need to configure the DNS configuration and options settings on DHCP server. In addition, it seems that Windows DHCP clients cannot update their records with the DNS server themselves,
but DHCP server can be configured to perform updates for both Windows DHCP clients and non-Windows DHCP clients. The links below may be helpful to you:
[Forum FAQ] DNS Dynamic Update Troubleshooting Guide
DHCP and DNS
Best regards,
Susie

Xsan 4 will not mount volume on client

I recently upgraded my MDC and my client computer to Yosemite. I went through the migration process the best I could and created a Configuration Profile on my MDC for my client computer. I installed the profile successfully but the volume will not mount on the client computer. On the client computer within Profiles, the Xsan Configuration Profile has in red "Unsigned" underneath it, is that what is causing the problem?
Also a few notes: there are two other client computers that haven't been upgraded and are running Maverick and the volume does mount to those computers. The volume is also mounted on the MDC and if I go to Disk Utilities on the client computer I do see the volume, just not mounted.
Any help would be great! Thank you.

Thank you Claudio,
After doing much research and testing I believe you are onto something with my fsmpm or my .auth_secret file not being created. After using Server.app on the MDC I used the configure profile within Server.app. After installing the profile on my client computer it didn't mount and when looking within the Library/Preferences/Xsan folder there was no files (including the hidden .auth_secret file). So I then I used the web profile interface to create the configuration profile and this time it installed the fsnameservers and config.plist files but not the hidden auth_secret file and still no mount.
To answer some of you questions, I did try several times the "sudo xsanctl mount Volume Name" but had no success. I was previously running 10.9 on the MDC and my client computer. I am not sure if the MDC already had an Open Directory Master before upgrading and I did have a little bit of problems activating Xsan, because some of my DNS settings had changed. I got that all squared away and Xsan started working.
The reason I believe it is a fsmpm issue is because when I executed the command "sudo xsanctl i" (views the volumes connected to Xsan) I go a message reading "fsmpm not running error3". So after reading this forum Xsan: "fsmpm not running" message in Xsan Admin - Apple Support I copied the .auth_secret from the MDC to my client and still no mount. I tried again with all the files within Library/Preferences/Xsan folder and nothing. I then got the .auth_secret file from another client computer running 10.9 and still no mount, BUT when I copied all the files within the 10.9 client's Library/Preferences/Xsan the volume appeared! YEAH! But I'm not sure if this is a fix I should be happy with or continue to figure out why its not working the proper way? That way in the future I'm not running into this issue over and over again.
So I need to figure out either how to get my fsmpn running in 10.10 or figure out why my my Server.app on the MDC won't create the auth_sect file. I read somewhere that within the Xsan screen in the Sever app it should show the Authentication Secret, but I do not see this on my Xsan screen. Should it be there and if so is this where my problem steams from? Any thoughts? Thank you so much!

Remote Desktop - The Remote Desktop administrator software does not match the installed client software version.

Hi,
I just upgraded to Mavricks and get this when I try to launch Remote Desktop:
The Remote Desktop administrator software does not match the installed client software version.
I tried removing the application and reinstalling it to no avail. Any suggestions?
Thanks.
-David J. Eisen

Hi coold88!
I have an article for you that addresses your issue:
Remote Desktop 3: How to install Remote Desktop Administrator software after the client software has been updated
http://support.apple.com/kb/HT3596
You will want to make sure you have the latest version of the software as well:
About Apple Remote Desktop 3.7
http://support.apple.com/kb/HT5896
Thanks for using the Apple Support Communities. Have a good one!
-Braden

DHCP not issuing DNS to client.

Similar Messages

Maybe you are looking for