DHCP Server Assignment - Aironet 1130AG

I am attempting to configure a Cisco Aironet 1130AG to use a Windows Server 2003 DHCP server for assigning addresses to clients connecting to the access point. Does anyone know how to set this option? I cannot find it anywhere.
Any help will be greatly appreciated.

I'm having more or less the same problem but mine is even more low level than this. I have three 1130ag's that were setup in as PEEP authentication. The PEEP was proving to be a problem for whatever reason and we decided to go with WEP authentication and have the 1130's be regular old APs. Well apparently they can't or won't do that. I set one up as a standalone AP and it actually worked for about three weeks giving out DHCP addys to laptops then one day decided it wouldn't anymore. So I reset it using the MODE button and put the same information back into the device. Now it will allow clients to connect but never gives them a DHCP addy. We don't have and never had a Cisco Wireless controller and these have been working as PEEP WAPs for well at least a year or so. Why won't they simply give out DHCP to the clients?

Similar Messages

  • Unable to get ip address from DHCP server for Aironet 1130AG Access Point

    I have a network in which DHCP server is enabled. I have read the installation guide also there it is mentioned that 1130G Access point will not have any staic ip assigned to it.So it will automatically get the ip from the DHCP server from the network. I have connected that from the network but it is unable to get the ip address from the same. The same thing i have configured in the netgear it is coming fine. I have seen the sonic wall and used the IPSU tool also from checking the ip address from Mac Address but i am not able to get the same. Please provide me some tips to check where i am wrong in configuration because the first web page also not coming because of the ip address.

    narendra,
    I would suggest that the AP be connected to a laptop or desktop pc that would run a local dhcp server with a small scope setup...plenty of free ones on the web(this pc would obviously not be connected to your currnet network). This way you can watch the dhcp server hand the AP it's address (this can take a few minutes). Once you have the address use it to access the GUI and give the AP a static address (I find it good pratice to give all my autonomous AP's static addresses for ease of troubleshooting)...Hope that helps.

  • SG500 - DHCP server does not assign predefined static IP addresses to hosts

    hi guys
    I upgraded my SG500 switch firmware to 1.3.0.59, since there is a new functionality DHCP server v.4
    well I must say I came accross the issue I cannot solve. DHCP server assign dynamic address - no hassles.
    troubles start with static IP hosts.
    I defined a couple of hosts with static address within the correct subnet. I tried with hardware address and client identifiers. no luck. my switch does not assign the IP address I assigned to the suitable mac address. to define it I use both CLI & Web.
    no of them works. any idea ?
    below the cut from my config:
    ip dhcp pool host HP-Ellite
    address 10.10.11.7 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72
    client-name HP-Ellite
    default-router 10.10.11.1
    exit
    ip dhcp pool host VAIO-Z
    address 10.10.14.108 255.255.255.0 hardware-address 54:53:ed:1c:a1:46
    default-router 10.10.14.1
    exit

    Tom, thnkas for a quick reply...
    look, usually it is pretty easy to manage an issue with so precise instructions. but this particular time it is not.
    as I understood the "dhcp option 61" is nothing more than "00" which go before pure hardware address.
    so, coming back to my example from the first post
    with this configuration, my switch assigns 169.254.110.130 255.255.0.0 address
    ip dhcp pool host HP-Ellite
    address 10.10.11.112 255.255.255.0 client-identifier 01:d8:d3:85:cf:09:72
    client-name HP-Ellite
    default-router 10.10.11.1
    exit
    with that configuration, my switch assigns 10.10.11.11 255.255.255.0 address
    ip dhcp pool host HP-Ellite
    address 10.10.11.112 255.255.255.0 client-identifier 00:d8:d3:85:cf:09:72
    client-name HP-Ellite
    default-router 10.10.11.1
    exit
    otherwords "00" does not work as explained (unless I misunderstood the meaing of dhcp option 61). my switch assigns first available dynamic IP address. atlhough the arp table is cleared, dynamic address table is cleared as well. swtich is rebooted, host is rebooted
    once I change hardware address prefix to "01", my host asign itself 169.xxx.xxx.xxx adress.

  • How to change DHCP server

    Hi,
    Current DHCP svr (10.10.232.66), I have installed a new DHCP svr (10.10.232.71)
    I don't want to turn off current server and run both in parallel in order to make sure new svr work properly.
    So can I force some client to get IP from new svr ?? current svr assign 10.10.232.2-99 / new svr assign 10.10.100-200
    If test completed, I will use new svr to replace whole DHCP service on current svr.
    Thanks

    Hi,
    In general, you can run “ipconfig/release” and “ipconfig/renew” commands to force a DHCP client
    to obtain a new IP address. However, since you have two DHCP servers in the same subnet,
    clients can be leased at either server. Actual leases distributed to clients can depend on which server responds first to any given client. The clients can obtain
    IP addresses all from the new DHCP server only if the current server is unavailable.
    Besides, you can choose to reserve some IP addresses in the new DHCP server for permanent lease assignment
    to specified clients. Or you can use the 80/20 rule to set the new DHCP server with 80 percent of the addresses distributed and the remaining 20 percent provided by the current DHCP server. In these scenario, the new DHCP server responds to requests from DHCP
    clients most of the time and the current DHCP server assigns addresses to clients when the new DHCP server is not available or is out of addresses.
    The links below may be helpful:
    DHCP Best Practices
    Best regards,
    Susie

  • Window DHCP Server is not allocting IP to Voice Vlan

    Hi,
    I HAVE 3560 Switch, Over that two vlan configure Data & Voice respectively. Voice id Vlan 1 and Data Id Vlan 2.Routing is done on this switch and work as L3
    DHCP Server is member of Data Vlan which is connected to another 3560 Switch L2. DHCP Server is reachable.On that both vlan configured.
    Switch Port configure fr both Vlan ( Switchport access vlan 2 , Switchport voice vlan 1, Switchport mode access)
    WHILE Connect any pc to port DHCP server assign ip frm Data Pool while Cisco Ip phones are not getting IP. OPTION 150 is configured in DHCP.
    Over both interface IP Helper is configured and pointing to DHCP Server.
    For testing point configure DHCP service on switch with voice pool range ;at that moment Cisco IP phone got the IP fron switch DHCP.
    Now not able to understand why window dhcp server not assigning ip for Voice.
    Both Vlan are in different subnet and having / 24.
    Please guide

    Hi,
    Checked all configuration in network,apply packet tracer and found DHCP not responding on DHCP Req.
    Replace DHCP server and now working fine.   :)

  • Aironet 1130AG is not contacting DHCP Server

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin-top:0in;
    mso-para-margin-right:0in;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0in;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    The Aironet will not hand out an IP address, I have set another DHCP server and no luck, the laptops get an error message Limited or no connectivity, I'm using LDAP and cert for authentication, is there some setting that needs to turned on to pass DHCP traffic?

    give us the show tech from the AP whenn clients are failing...
    If runninng lightweight please give us more details.
    security type, eap method, server, association table.. etc...

  • DHCP server does not assign IP addresses SG500 firmware 1.3.5

    good day collegues
    has any of you come across the following issue:
    my switch (after upgrading to the newest firmware 1.3.5) does not assign IP addresses to some of the hosts.
    after a couple of hours I managed (do not even how) to force my switch to assign IP addresses only to some of the hosts.
    still some of them cannot get the IP address and remain with "funny" IP address like i.e. 169.254.100.100
    additional info
    1. if I boot my switch with the previous version of firmware (1.3.0.6) everything is OK. all my hosts get correct IP addresess
    2. the hosts which do not get IP address were perviously entered in stat host table - now removed, ARP cleared, etc, everything many many times rebooted.
    I ran out of ideas, could you pleae give me some hints ?
    the config below:
    config-file-header
    SG500
    v1.3.5.58 / R750_NIK_1_35_647_358
    CLI v1.0
    set system mode router queues-mode 4
    file SSD indicator encrypted
    ssd-control-start
    ssd config
    ssd file passphrase control unrestricted
    no ssd file integrity control
    ssd-control-end zzz
    no spanning-tree
    vlan database
    vlan 11,13-14
    exit
    voice vlan oui-table add 0001e3 Siemens_AG_phone________
    voice vlan oui-table add 00036b Cisco_phone_____________
    voice vlan oui-table add 00096e Avaya___________________
    voice vlan oui-table add 000fe2 H3C_Aolynk______________
    voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
    voice vlan oui-table add 00d01e Pingtel_phone___________
    voice vlan oui-table add 00e075 Polycom/Veritel_phone___
    voice vlan oui-table add 00e0bb 3Com_phone______________
    no ip dhcp snooping verify
    ip dhcp snooping information option allowed-untrusted
    ip dhcp snooping vlan 11
    ip dhcp snooping vlan 13
    ip dhcp snooping vlan 14
    ip arp inspection logging interval infinite
    green-ethernet energy-detect
    no eee enable
    arp timeout 1
    ip dhcp server
    ip dhcp pool host q409
    address 10.10.11.2 255.255.255.0 client-identifier 01:00:08:9b:ac:8f:92
    default-router 10.10.11.254
    dns-server 10.10.10.1
    exit
    ip dhcp pool host PCH-100
    address 10.10.11.10 255.255.255.0 client-identifier 01:00:06:dc:41:ef:ef
    default-router 10.10.11.254
    dns-server 10.10.10.1
    exit
    ip dhcp pool host q209
    address 10.10.13.3 255.255.255.0 client-identifier 01:00:08:9b:ac:72:ba
    client-name q209
    default-router 10.10.13.254
    dns-server 8.8.8.8
    exit
    exit
    ip dhcp pool network HOME
    address low 10.10.11.1 high 10.10.11.254 255.255.255.0
    lease infinite
    default-router 10.10.11.254
    dns-server 10.10.10.1
    exit
    ip dhcp pool network GUESTS
    address low 10.10.14.1 high 10.10.14.254 255.255.255.0
    lease infinite
    netbios-node-type b-node
    default-router 10.10.14.254
    dns-server 10.10.10.1 62.233.233.233
    exit
    ip dhcp relay address 10.10.10.1
    ip dhcp relay address 10.10.11.254
    ip dhcp relay address 10.10.13.254
    ip dhcp relay address 10.10.14.254
    no boot host auto-config
    no qos
    qos advanced-mode trust dscp
    qos wrr-queue wrtd
    exit
    hostname SG500
    line telnet
    exec-timeout 0
    exit
    logging buffered debugging
    no logging file
    aaa authentication login Telnet local
    aaa authentication enable Telnet enable
    aaa authentication dot1x default none
    line telnet
    login authentication Telnet
    enable authentication Telnet
    password 999 encrypted
    exit
    no passwords complexity enable
    passwords aging 0
    username 999 password encrypted 999 privilege 15
    ip http timeout-policy 0 http-only
    clock timezone " " 1
    clock summer-time web recurring eu
    clock source sntp
    clock source browser
    sntp unicast client enable
    clock dhcp timezone
    ip domain name 999
    ip name-server  10.10.10.1 62.233.233.233 8.8.8.8
    ip host 999 10.10.13.3
    ip telnet server
    no service mirror-configuration
    no security-suite deny syn-fin
    security-suite syn protection mode disabled
    interface vlan 1
    ip address 10.10.10.254 255.255.255.0
    no ip address dhcp
    interface vlan 11
    name HOME
    ip address 10.10.11.254 255.255.255.0
    ip dhcp relay enable
    interface vlan 13
    name DMZ
    ip address 10.10.13.254 255.255.255.0
    ip dhcp relay enable
    interface vlan 14
    name GUESTS
    ip address 10.10.14.254 255.255.255.0
    ip dhcp relay enable
    interface gigabitethernet1/10
    description "(99) QNAP 409"
    switchport trunk native vlan 11
    exit
    macro auto disabled
    macro auto processing type host enabled
    macro auto processing type ip_phone disabled
    macro auto processing type ip_phone_desktop disabled
    macro auto processing type router enabled
    mac address-table aging-time 10
    ip default-gateway 10.10.10.1
    snmp-server set  999 permit

    Hi Andbor, please make a backup config of your file, factory reset the switch.
    After this, manually configure a DHCP scope without any other configuration.
    Just something simple like this
    ip dhcp pool network GUESTS
    address low 10.10.14.1 high 10.10.14.254 255.255.255.0
    lease infinite
    netbios-node-type b-node
    default-router 10.10.14.254
    dns-server 10.10.10.1 62.233.233.233
    Verify your machine receive IP address with no other configuration.
    In some ways, I'm afraid some of your connections black listed due to the arp inspection.
    -Tom
    Please mark answered for helpful posts

  • How get the RVS4000's DHCP server to assign another IP address other than its own as the default gateway to its DHCP clients?

    Hi,
    I have a RVS4000 router with DHCP enabled and in router mode. 
    The LAN is 192.168.2.x.  The RVS4000 static IP address is 192.168.2.8
    The router is not the RVS4000 and is at 192.168.2.1
    The RVS4000 dhcp is assigning it's clients a default gateway of 192.168.2.8 instead of what I want 192.168.2.1.
    How can I get the RVS4000's DHCP server to assign another IP address other than its own as the default gateway to its DHCP clients?
    Thanks

    Hi Gail, you cannot do this. The router, as the DHCP server will only assign a default gateway of what IP interface the DHCP server runs on. If you have the default IP, the gateway is 192.168.1.1. If you create a second vlan, by default it would be 192.168.2.1.
    There are not configuration options for the built-in DHCP server. If you'd like to expand this functionality, you would need an external dhcp server.
    -Tom
    Please mark answered for helpful posts

  • DHCP Server Daemon for Aironet

    Hi,
    does Cisco Aironet acts as a DHCP server for the wireless client?
    Thanks.

    Nope...Cisco Access Points can't work as a DHCP server for the wireless clients..Tejal

  • On a DHCP server with BOOTP enabled. How can I determine what addresses were assigned using BOOTP

    We are in the process of migrating our 2008 R2 DHCP servers to Server 2012.  We're doing this in order to configure DHCP failover to a remote site.  We can't do this if BOOTP is enabled on the scope.  Before I start disabling BOOTP on all
    of our scopes, I would like to find out what is using BOOTP.  Is there a way to search all scopes in the DHCP database to find all addresses assigned using BOOTP.  Powershell, netsh?

    Hi,
    Show BOOTP table:
    1. Open DHCP console, expand the DHCP server.
    2. Right click IPv4, and select Properties.
    3. Switch to General tab, select the checkbox Show the BOOTP tab folder.
    After saving the change, you will see BOOTP folder in the left column. Details information you may reference the link:
    http://technet.microsoft.com/en-us/library/cc781370(v=WS.10).aspx
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points

    Hi Guys,
    I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
    The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
    I go through some references:
    3.5  RADIUS-Based VLAN Access Control
    As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
    There are two different ways to implement RADIUS-based VLAN access control features:
    1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
    2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
    extract from: Wireless Virtual LAN Deployment Guide
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
    ==============================================================
    Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
    ==============================================================
    Controller: Wireless Domain Services Configuration
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
    Any help on this issue is appreicated.
    Thanks.

    I'm not sure if the Autonomous APs have the option for AAA Override.  On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
    I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override".  I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
    Hope this helps

  • 1941w - Need help with IP address assigning, and relay wireless to a DHCP server.

    Hope someone can point me in the right direction -
    Basically have a Win08 R2 DHCP server, and a 1941w router.
    I've got the internet, got the lan clients getting DHCP ok (with ip helper-address set on the 0/0 internal interface).
    Also have the SSID, and wireless clients can connect - but no IPs are being handed out, also not sure if I understand or did the bridging correctly or assigned IPs to the vlan or bvi1 correctly.
    for ex:
    DHCP server IP:
    10.10.2.4
    Router Ethernet internal interface 0/0 IP:
    10.10.2.1
    with helper-address 10.10.2.4 (lan clients are resolving IPs correctly from the DHCP server)
    Vlan1 IP address:
    10.10.3.1
    Does this interface need the helper-address as well? (10.10.2.4)?
    wlan-ap 0 IP address:
    unnumbered
    interface BVI1 IP address (static):
    10.10.2.2
    am i totally off? not even sure if i have the vlan bridged to the 0/0 adapter or not correctly - but as I said, i can get a wireless client to connect with the SSID.
    would appreciate any advice/pointers, thanks

    of course - here is the router config:
    =======================================================
    Using 5591 out of 262136 bytes
    version 15.1
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname router
    boot-start-marker
    boot-end-marker
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200
    logging console critical
    enable secret 5 $1$JWwK$.04.NFg7tQ82UTy68/hyv.
    no aaa new-model
    service-module wlan-ap 0 bootimage autonomous
    no ipv6 cef
    no ip source-route
    ip cef
    no ip bootp server
    ip name-server 10.10.2.4
    multilink bundle-name authenticated
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-975501586
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-975501586
    revocation-check none
    rsakeypair TP-self-signed-975501586
    crypto pki certificate chain TP-self-signed-975501586
    certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
    license udi pid CISCO1941W-A/K9 sn FTX155085QG
    hw-module ism 0
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    interface Embedded-Service-Engine0/0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    shutdown
    interface GigabitEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$FW_INSIDE$
    ip address 10.10.2.1 255.255.255.0
    ip helper-address 10.10.2.4
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly in
    duplex auto
    speed auto
    no mop enabled
    interface wlan-ap0
    description Service module interface to manage the embedded AP
    ip unnumbered GigabitEthernet0/0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    arp timeout 0
    no mop enabled
    no mop sysid
    interface GigabitEthernet0/1
    description $ES_WAN$$FW_OUTSIDE$
    ip address dhcp client-id GigabitEthernet0/1
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    no mop enabled
    interface Wlan-GigabitEthernet0/0
    description Internal switch interface connecting to the embedded AP
    no ip address
    interface Vlan1
    ip address 10.10.3.1 255.255.255.0
    ip helper-address 10.10.2.4
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface GigabitEthernet0/1 overload
    logging trap debugging
    access-list 1 remark INSIDE_IF=GigabitEthernet0/0
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.10.2.0 0.0.0.255
    no cdp run
    control-plane
    line con 0
    login local
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line 67
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    login local
    transport input telnet ssh
    scheduler allocate 20000 1000
    end
    =======================================================
    and the ap config:
    =======================================================
    Using 2067 out of 32768 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap
    enable secret 5 $1$xKDT$GdLGeA6h.H9LKL9l3dPmj.
    no aaa new-model
    dot11 syslog
    dot11 ssid WIFI1
       vlan 1
       authentication open
       authentication key-management wpa
       mbssid guest-mode
       wpa-psk ascii 7 044B1E030D2D43632A
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers aes-ccm
    broadcast-key vlan 1 change 30
    ssid WIFI1
    antenna gain 0
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers aes-ccm
    broadcast-key vlan 1 change 30
    ssid WIFI1
    antenna gain 0
    dfs band 3 block
    channel dfs
    station-role root
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    interface GigabitEthernet0
    description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
    no ip address
    no ip route-cache
    interface GigabitEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.10.2.2 255.255.255.0
    no ip route-cache
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    line con 0
    no activation-character
    line vty 0 4
    login local
    end
    ============================================

  • DHCP Server in the Aironet 1520

    Hi Everyone,
    I have a 1250 AP connected to an Switch Cisco 3750. We have a SSID(vlan 1 - native) which get an IP Adress from our DHCP Server(located in a Windows 2003 server).
    I added a new SSID in VLAN 2 and I would like no to use the DHCP Server but to make the AP get an IP Address from the pool I created in the own AP (ip dhcp pool Guest) but everytime I try to connect the new vlan, it doesnt get an ip address.
    Follow the settings of the AP. Any help, it would be very appreciate.
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname BETA
    enable secret 5 $1$65KK$cvnK849DOoWzq8QiMA9On.
    no aaa new-model
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.150.4.1
    ip dhcp pool Guest
    network 10.150.4.0 255.255.255.0
    default-router 10.150.1.1
    dns-server 10.150.1.48
    domain-name xxx
    dot11 ssid GUEST
    vlan 2
    authentication open
    mbssid guest-mode
    dot11 ssid INTERNAL
    vlan 1
    authentication open
    mbssid guest-mode
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 1 key 1 size 128bit 7 BD4BDA5C243413C59A1115891509 transmit-key
    encryption vlan 1 mode wep mandatory
    encryption vlan 2 key 1 size 128bit 7 BD4BDA5C243413C59A1115891509 transmit-key
    encryption vlan 2 mode wep mandatory
    ssid GUEST
    ssid INTERNAL
    mbssid
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.2
    encapsulation dot1Q 2
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    encryption key 1 size 128bit 7 FC38FBE1CFEC896823254FB402C4 transmit-key
    encryption mode wep mandatory
    antenna gain 4
    no dfs band block
    channel width 40-below
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface GigabitEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0.2
    encapsulation dot1Q 2
    no ip route-cache
    bridge-group 2
    no bridge-group 2 source-learning
    bridge-group 2 spanning-disabled
    interface BVI1
    ip address 10.150.1.122 255.255.0.0
    no ip route-cache
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    snmp-server community Public RO
    bridge 1 route ip

    Stephen,
    I changed the scope of my new range because it was overlapping with vlan 1 native. Well, I set the ip address of interface vlan 2 on my switch l3 3750 to 10.152.0.1 and set the ip helper-address to 10.150.1.122(ip address of the AP where is the DHCP pool). My laptop coulnt get the ip address.
    Remenber I enabled "ip routing" on 3750 switch. Follow the config. The AP is connected in the Gi 1/0/16 port.
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname BR-SW-02
    no aaa new-model
    clock timezone UTC -3
    switch 1 provision ws-c3750g-24t
    system mtu routing 1500
    ip subnet-zero
    ip routing
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface GigabitEthernet1/0/16
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2
    switchport mode trunk
    interface Vlan1
    ip address 10.150.1.102 255.255.0.0
    interface Vlan2
    ip address 10.152.0.1 255.255.0.0
    ip helper-address 10.150.1.122
    ip default-gateway 10.150.1.1
    ip classless
    ip http server

  • Remote access VPN with ASA 5510 using DHCP server

    Hi,
    Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
    I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
    ASA Version 8.2(5)
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 10.6.0.12 255.255.254.0
    ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
    route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
    crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map dyn1 1 set transform-set FirstSet
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto map mymap interface inside
    crypto isakmp enable inside
    crypto isakmp policy 1
      authentication pre-share
      encryption 3des
      hash sha
      group 2
      lifetime 43200
    vpn-addr-assign aaa
    vpn-addr-assign dhcp
    group-policy testgroup internal
    group-policy testgroup attributes
    dhcp-network-scope 10.6.192.1
    ipsec-udp enable
    ipsec-udp-port 10000
    username testlay password *********** encrypted
    tunnel-group testgroup type remote-access
    tunnel-group testgroup general-attributes
    default-group-policy testgroup
    dhcp-server 10.6.20.3
    tunnel-group testgroup ipsec-attributes
    pre-shared-key *****
    I got following output when I test connect to ASA with Cisco VPN client 5.0
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
    4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
    [OK]
    kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
    Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
    Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
    Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
    Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
    Regards,
    Lay

    For RADIUS you need a aaa-server-definition:
    aaa-server NPS-RADIUS protocol radius
    aaa-server NPS-RADIUS (inside) host 10.10.18.12
      key *****   
      authentication-port 1812
      accounting-port 1813
    and tell your tunnel-group to ask that server:
    tunnel-group VPN general-attributes
      authentication-server-group NPS-RADIUS LOCAL
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • DHCP Setup across multiple VLANs on RV325 - DHCP Server only working on VLAN 1

    I have multiple VLAN subnets defined on my RV325 - when I try and utilize a DHCP Server on each VLAN, it only seems to be issuing IP Addresses to clients on VLAN ID 1.  When I first set this up months ago, I thought I had tested it providing IP Addresses via the other subnets.  Now that I am trying to do so, it isn't working "as expected".  Example - I am using VLAN 25 as the GuestWireless subnet utilizing a separate 802.11n WAP that is set to Bridge connections to the IP Address of the VLAN interface.  Devices are able to connect to the WAP, but end up with a self-assigned IP Address 169.x.x.x address.  There has to be an easy fix to this, but I seem to be "stuck" figuring out what it is…pointers/redirects appreciated.  Thanks!

    Thanks - I've already reviewed that information before I posted.  I've been working with DHCP since the mid-90's, so I'm comfortable with the settings/configuration I need to leverage to make this work via other means using various Network-based OSes.
    I'm wondering if there are other options in configuring this device that can impact the ability to dynamically serve IP addresses on a VLAN/subnet-by-VLAN/subnet basis.
    As I did more testing, I discovered when I reserved an IP Address via the IP & MAC Binding option within the DHCP Settings, those devices would receive their static reservations and work as expected, so the problem seems to be leveraging the DHCP Pool for devices connecting to VLANs other that VLAN 1.
    Any ideas as to why the DHCP Pool's are "non-functioning" for the other VLANs is greatly appreciated...
    Each VLAN is setup with a separate DHCP Server configuration as shown below:
    VLAN ID = 1 (Default, Inter VLAN Routing = Enabled, LAN1-6 = Untagged, LAN7=Tagged, LAN8=Excluded, LAN9-14 Untagged)
    Device IP Address = 172.16.xxx.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 172.16.xxx.100
    Range End = 172.16.xxx.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    Correctly serving IP Addresses via DHCP (both static and dynamic) to Wired devices & Wireless devices connecting through WAP (set to Bridge)
    VLAN ID = 25 (GuestWireless, Inter VLAN Routing = Disabled, LAN1-LAN7 = Excluded, LAN8 = Untagged, LAN9-14 = Excluded)
    Device IP Address = 172.16.yyy.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 172.16.yyy.100
    Range End = 172.16.yyy.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP (set to Bridge)
    Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.
    VLAN ID = 100 (Voice, Inter VLAN Routing = Disabled, LAN1-6 Excluded, LAN7 = Untagged, LAN8-14 = Excluded)
    Device IP Address = 192.168.zzz.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 192.168.zzz.100
    Range End = 192.168.zzz.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP set to Bridge
    Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.

Maybe you are looking for

  • IDOC-XI-FILE Scenario: Error in ABAP Mapping

    Dear All, I am working on IDOC-XI-Flat FIle scenario in which I am using ABAP Mapping as per document "How To Convert an IDoc-XML structure to a flat file and vice versa in XI 3.0". I created one customized Idoc for this. The Idoc is reacing XI but i

  • How can I get the system date in mm/dd/yyyy,

    how can I get the system date in mm/dd/yyyy, i need to compare system date with some other date,continuosly using threads,can U plz help me. With Some code Thanks In advnace Mahiiii

  • Drag and drop in Apple Mail

    I just upgraded to OS X 10.9.1. When I started the Mail program, I was told that the mail database was being upgraded. Now I can no longer drag and drop e-mail messages between Mail folders like I could before. Is anyone else experiencing this same i

  • Error : No Cenvat amount to be posted ... urgent

    Dear Experts, I have captured the excise invoice during GR and part 1 entries have been updated. However, while posting excise invoice when I simulate cenvat in j1iex for import purchase orders I get an error 'No cenvat amount to be posted and no cen

  • Doubleclick in another item

    I have a Block which is based on a Table. I have two Items. The first item is the "NAME" and the other Item is the "Title". And I have an Control-Block which have an Item "TITLE2". The item "Title" is deactivated. Now I want if I doubleclick in the "