DHCP Server Implementation

Hi All,
We have planned to implement the DHCP Server therefore here I am looking for the best practice which we can do. we have almost 25 branches across the country and its under in one cloud and single
domain.
Is this better to keep a DHCP server in Head Quarters only or need to keep in each region. (Like central, eastern and western region)
If we install DHCP server in each region, can we configure same scope in all DHCP server or need to configure the scope based on region.
If we configure the same scope in all the DHCP server, is there any chance for IP conflict.
Thanks,
Faisal

In my opinion you have not mentioned the most important thing to be considered. How are the branches connected? How is Active Directory configured? Are you using AD sites?
Do you have at least one server at each branch? Do you have a DC in each branch or only one in each region?
I would think that how this is all configured would be the basis on which your DHCP strategy was based.
Bill

Similar Messages

Microsoft DHCP Server - Option 43 Setup

I have the scope configured properly as far as the 241 Option with Option 43 and the VCI in it for both the 1130 and 1200 series AP's. However, how do you make this work if your subnet has both 1200 and 1130's in it? Basically if I have two 241 options set, the 1130 comes in first allowing hte 1130's to associate, but not the 1200's. If I remove the 1130 Option 241, the 1200's associate. Basically, how do I get both to work from the scope correctly?
Thanks,
Raun

Hi Raun,
Here is some additional info;
This section contains a DHCP Option 43 configuration example on a Windows 2003 Enterprise DHCP server for use with lightweight access points. For other DHCP server implementations, consult the DHCP server documentation for configuring DHCP Option 43. In Option 43, you should use the IP address of the controller management interface.
****Note DHCP Option 43 is limited to one access point type per DHCP pool. You must configure a separate DHCP pool for each access point type.****
From this doc;
http://www.cisco.com/en/US/docs/wireless/access_point/1200/installation/guide/120h_g.html
DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml#t1
Hope this helps!
Rob

NAC implementation wi thout DHCP Server

Dear Experts,
Is it possible to deploy NAC without having DHCP server in the network? We have some 300-400 users in the campus and want to enable NAC for them.
As per my understanding Cisco NAC cannot be deployed without DHCP server in the network, however it is not documented anywhere on the site. Currently all users' machines are configured with static IP.
We want to do user authentication, AV remediation and Patch deployment through NAC. Is it possible to deploy NAC without DHCP server??
Thanks in advance.
nayan

Hi,
Here is the basic flow of clean access for both inband and out of band: (http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_white_paper0900aecd802bdc42.html)
Figure 1. Laptop Attempts to Access the Internal Network
1. When the laptop first accesses the network, the Cisco Clean Access Server determines that the computer's MAC address is not in the list of certified devices, and that laptop is placed into an unauthenticated role. While in this role, only User Datagram Protocol (UDP) Port 53 (Domain Name System [DNS]) and Dynamic Host Control Protocol (DHCP) traffic (via DHCP and VLAN passthrough) is allowed.
2. The laptop gets an IP address from the DHCP server, but cannot get past the Clean Access Server acting as an IP filter.
3. The laptop user opens a browser and is redirected to an SSL-based Web login page where she enters her credentials, which in turn map her into the "employee" role.
4. As an "employee," she is asked to download the Clean Access Agent.
5. The Clean Access Agent performs the posture assessment and forwards the results to the Clean Access Server to make the network admissions decision.
Tarik Admani
*Please rate helpful posts*

Clients Not seeing DHCP server at branch office or not accepting ip offers (NO LOG REPORTS KIND OF IN THE DARK)

Hi there i am having an issue that has popped up recently i have a DC at a branch office that is connected to the main office DC via a Persistent Demand Dial connection in RRAS. Everything was working properly according to me until i found out that the Network
Admin who manages the branch office network failed to notify me that client machines weren't getting IP addresses from the DHCP server. This server was recently installed and wasn't fully implemented till about a week ago when i configured the Demand Dial
connection in RRAS up until that point it just had a regular old VPN connection to the main office while we worked out the kinks with a few things. the things ive tried so far to get DHCP working are as followed
1.Rebooted the branch office server (MULTIPLE TIMES)
2. Uninstalled the DHCP Role and re-installed it....To my surprise 1 client managed to get a ip on its lan adapter after DHCP was re-installed but nothing else
3. Disconnected the connection between the main office DC and the Branch office DC as i figured the main office DC DHCP server might be interfering with the branch office DC DHCP Server but nothing happened
4. Unauthorized and Reauthorized the main office DHCP server and the branch office DHCP server nothing changed
5. sifted through multiple log files on both servers and found noting in fact DHCP logs are empty on both servers
6. restored backups of the DHCP servers from when they were working
7. came here cause im out of ideas and im pulling my hair out
here are the current statistics from the problem server
Start Time: 7/12/2014 2:02:10PM
Up Time: 1Hours, 18 Minutes, 41 Seconds
Discovers: 90
Offers: 90
Requests: 2
Acks: 13
Nacks: 0
Declines: 0
Releases: 0
Total Scopes: 1
Total Addresses 253
In Use 2 (0%)
Available: 251 (99%)
Id like to add that RRAS was getting IP addresses from the problem server up until the point i uninstalled the role and re-installed it
heres is a ipconfig /all from the problem server
Windows IP Configuration
Host Name . . . . . . . . . . . . : MNB-DC
Primary Dns Suffix . . . . . . . : VTEACR.LOCAL
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : VTEACR.LOCAL
PPP adapter Remote Router:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Remote Router
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.141.70.25(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.141.70.10
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-16-35-AB-D3-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d9e:daa4:34dd:db44%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.141.80.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::226:5aff:feb7:5b3c%10
10.141.80.1
DNS Servers . . . . . . . . . . . : ::1
10.141.80.102
NetBIOS over Tcpip. . . . . . . . : Enabled
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.238.243(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{427DF66B-3B30-40B1-B67E-B5587465C
394}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.ziricom.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{BE201060-A9B9-404A-8361-F8FFB82F5
6F6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.ziricom.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
if anymore information is needed please let me know i have full access to everything on the network so its not a problem and i am able to remotely access the branch office DC and all computer and switches at any time of the day
Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

Hi,
Does this issue occur on one client or multiple?
Please check this article:
http://technet.microsoft.com/en-us/library/cc757164(v=ws.10).aspx#BKMK_5
Regards.
Vivian Wang

DHCP Server with the strange MAC address at the same time. This MAC address is HEX IP address!

Server version: Windows server 2008 R2 Ent.
Structure of DHCP scopes: Two DHCP server 50% to 50% all allocation for per scopes.
Question: Sometimes the DHCP server
allocate the IP address at the same time to the a strange MAC address per IP address, the type is "DHCP/BOOT", it cause DHCP scopes out of space at some time point. We need clear up them manually.
I found strange MAC address in HEX is the IP address which the server allocated.
Someone meet the issues before, any solution for this ?
Thanks !
Client IP Address
Name
Lease Expiration
Type
Unique ID
10.199.190.0
10.199.190.0
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e3000
10.199.190.46
10.199.190.46
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e343600
10.199.190.59
10.199.190.59
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e353900
10.199.190.69
10.199.190.69
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e363900
10.199.190.74
10.199.190.74
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e373400
10.199.190.90
10.199.190.90
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e393000
10.199.190.101
10.199.190.101
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31303100
10.199.190.104
10.199.190.104
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31303400
10.199.190.110
10.199.190.110
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31313000
10.199.190.114
10.199.190.114
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31313400
10.199.190.117
10.199.190.117
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31313700
10.199.190.121
10.199.190.121
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31323100
10.199.190.138
10.199.190.138
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31333800
10.199.190.144
10.199.190.144
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31343400
10.199.190.153
10.199.190.153
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31353300
10.199.190.156
10.199.190.156
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31353600
10.199.190.157
10.199.190.157
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31353700
10.199.190.163
10.199.190.163
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31363300
10.199.190.165
10.199.190.165
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31363500
10.199.190.168
10.199.190.168
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31363800
10.199.190.169
10.199.190.169
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31363900
10.199.190.174
10.199.190.174
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31373400
10.199.190.177
10.199.190.177
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31373700
10.199.190.184
10.199.190.184
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31383400
10.199.190.188
10.199.190.188
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31383800
10.199.190.189
10.199.190.189
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31383900
10.199.190.192
10.199.190.192
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31393200
10.199.190.197
10.199.190.197
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e31393700
10.199.190.201
10.199.190.201
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32303100
10.199.190.202
10.199.190.202
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32303200
10.199.190.209
10.199.190.209
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32303900
10.199.190.210
10.199.190.210
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313000
10.199.190.211
10.199.190.211
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313100
10.199.190.212
10.199.190.212
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313200
10.199.190.213
10.199.190.213
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313300
10.199.190.216
10.199.190.216
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313600
10.199.190.219
10.199.190.219
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32313900
10.199.190.222
10.199.190.222
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32323200
10.199.190.225
10.199.190.225
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32323500
10.199.190.226
10.199.190.226
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32323600
10.199.190.229
10.199.190.229
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32323900
10.199.190.233
10.199.190.233
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32333300
10.199.190.235
10.199.190.235
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32333500
10.199.190.238
10.199.190.238
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32333800
10.199.190.240
10.199.190.240
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32343000
10.199.190.242
10.199.190.242
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32343200
10.199.190.243
10.199.190.243
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32343300
10.199.190.246
10.199.190.246
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32343600
10.199.190.249
10.199.190.249
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32343900
10.199.190.251
10.199.190.251
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32353100
10.199.190.252
10.199.190.252
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32353200
10.199.190.255
10.199.190.255
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139302e32353500
10.199.191.1
10.199.191.1
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e3100
10.199.191.2
10.199.191.2
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e3200
10.199.191.5
10.199.191.5
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e3500
10.199.191.6
10.199.191.6
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e3600
10.199.191.8
10.199.191.8
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e3800
10.199.191.13
10.199.191.13
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313300
10.199.191.14
10.199.191.14
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313400
10.199.191.15
10.199.191.15
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313500
10.199.191.16
10.199.191.16
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313600
10.199.191.17
10.199.191.17
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313700
10.199.191.18
10.199.191.18
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313800
10.199.191.19
10.199.191.19
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e313900
10.199.191.20
10.199.191.20
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323000
10.199.191.21
10.199.191.21
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323100
10.199.191.22
10.199.191.22
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323200
10.199.191.23
10.199.191.23
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323300
10.199.191.24
10.199.191.24
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323400
10.199.191.27
10.199.191.27
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323700
10.199.191.29
10.199.191.29
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e323900
10.199.191.30
10.199.191.30
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333000
10.199.191.31
10.199.191.31
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333100
10.199.191.32
10.199.191.32
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333200
10.199.191.33
10.199.191.33
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333300
10.199.191.34
10.199.191.34
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333400
10.199.191.37
10.199.191.37
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333700
10.199.191.38
10.199.191.38
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333800
10.199.191.39
10.199.191.39
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e333900
10.199.191.42
10.199.191.42
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e343200
10.199.191.44
10.199.191.44
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e343400
10.199.191.49
10.199.191.49
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e343900
10.199.191.52
10.199.191.52
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e353200
10.199.191.54
10.199.191.54
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e353400
10.199.191.56
10.199.191.56
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e353600
10.199.191.61
10.199.191.61
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e363100
10.199.191.62
10.199.191.62
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e363200
10.199.191.64
10.199.191.64
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e363400
10.199.191.65
10.199.191.65
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e363500
10.199.191.66
10.199.191.66
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e363600
10.199.191.70
10.199.191.70
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e373000
10.199.191.72
10.199.191.72
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e373200
10.199.191.73
10.199.191.73
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e373300
10.199.191.79
10.199.191.79
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e373900
10.199.191.80
10.199.191.80
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383000
10.199.191.81
10.199.191.81
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383100
10.199.191.82
10.199.191.82
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383200
10.199.191.83
10.199.191.83
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383300
10.199.191.84
10.199.191.84
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383400
10.199.191.86
10.199.191.86
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e383600
10.199.191.90
10.199.191.90
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393000
10.199.191.91
10.199.191.91
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393100
10.199.191.92
10.199.191.92
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393200
10.199.191.93
10.199.191.93
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393300
10.199.191.97
10.199.191.97
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393700
10.199.191.98
10.199.191.98
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393800
10.199.191.99
10.199.191.99
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e393900
10.199.191.101
10.199.191.101
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31303100
10.199.191.102
10.199.191.102
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31303200
10.199.191.105
10.199.191.105
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31303500
10.199.191.106
10.199.191.106
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31303600
10.199.191.108
10.199.191.108
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31303800
10.199.191.112
10.199.191.112
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31313200
10.199.191.115
10.199.191.115
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31313500
10.199.191.116
10.199.191.116
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31313600
10.199.191.117
10.199.191.117
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31313700
10.199.191.119
10.199.191.119
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31313900
10.199.191.120
10.199.191.120
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31323000
10.199.191.121
10.199.191.121
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31323100
10.199.191.125
10.199.191.125
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31323500
10.199.191.133
10.199.191.133
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31333300
10.199.191.146
10.199.191.146
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31343600
10.199.191.158
10.199.191.158
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31353800
10.199.191.162
10.199.191.162
2014/8/5 10:07
DHCP/BOOTP
31302e3139392e3139312e31363200

Hi,
According your description, this may be caused by virus or malicious client.
Please try to perform a network capture on your DHCP server. Then find the device which send these malicious discover messages.
To download Network Monitor, please click the link below,
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
To prevent this issue, you may implement NAP Enforcement for DHCP.
Here is a checklist of configuring NAP Enforcement for DHCP,
Checklist: Configure NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc772356(v=WS.10).aspx
Hope this helps.
Steven Lee
TechNet Community Support

Java DHCP Server, is it possible?

I have looked at Jason Goldschmidt JDHCP api, available at:
http://www.dhcp.org/jdhcp (offline as of this posting)
or
http://www.opennms.org/cgi-bin/cvsweb.cgi/jdhcp/
He seems to have the right idea for the basics. I would like to know if it is possible to create a 100% java DHCP server. I have started one, so far it can pick up broadcasts and is limited to giving out 1 ip... What would the technical limitation of Java be in terms of implementing a Java DHCP server, if any?
Thanks
Jeremy

performance i guess. they aren't any really. the reply
above talks about how you can't pin. ok but so what
you could get around this easily enough. you could
just try to open a socket on any old port. if it times
out the ip is available.Yes, I agree, I am not concened about not being able to ping, I was planning on in the program which I am working, it will also keep track of clients who haved "leased" an IP, for example.. some sort of QOS tracking.
anyway with java sockets you can do just about
anything you want. the most difficult thing is
learning the protocol for the service you want to
implement.Agreed, I am not very familar with DHCP/BOOTp and am catching up on my reading right now, I just got "The DHCP Handbook"... seems to be THE book on DHCP... Those API's I think will make it significalty easier.
my first suggestion to you would be to build a fake
tracing server so you can see the messaging in action.
to do this put a real DHCP server on machine A, put
your fake server on machine B. then point a client
machine (C) at B. use B to pass the messages back and
forth and trace them as they go along.I have sort of done that already.. What I have is a DHCP Client simulator that shows me what messages are coming in/out.. I also have a packet sniffer to check out what exactly is going on..
anyway the only question i have is why?Ahhhh, why.. we'll the goal of it is have many "decentralized" dhcp servers with one centralized IP lease/session backend database..
Example:
You can have many seperate "dhcp servers" running on different subnets or on completey seperate lan's... on all differrent platforms, win32, linux, mac... However the leases and keeping track of the IP's in use will be handled by a database somewhere central....
Jeremy

DHCP server + IP multipath

hi,
I have configured a solaris 10 box that runs a dhcp server with ha networking using multipathing:
ifconfig dmfe0 thehostname netmask + broadcast + group mygroup -failover deprecated up
ifconfig dmfe0 addif hahostname + broadcast + failover up
ifconfig dmfe1 otherhostname netmask + broadcast + group mygroup -failover deprecated up
The networking if working fine, and setting the failover period to 2500 in /etc/default/mpathd works great - unplug cable from dmfe0 and the host is still available
before using hahostname as a virtual interface, it was bound to dmfe0, and running dhcp was all fine. Now that the IP is on the virtual interface, the DHCP server address that clients see is the IP of "thehostname" (from /etc/hosts). 1st question: is it possible to get the DHCP server to show its IP address as the IP of HAHOSTNAME instead of THEHOSTNAME? I have added "INTERFACES=dmfe0,dmfe1" to /etc/inet/dhcpsrv.conf, not able to bind to virtual interfaces, would like to if possible
In addition to that, since implementing this networking config, dhcp is not running as well. The clients on the network all received dhcp addresses with no problems prior to the HA configuration changes, after changing to this config and restarting (either restarting the dhcp-server service with svcadm or even after a server reboot), some clients are not getting IP addresses. The clients are Windows XP clients, and I had to disable my network card and re-enable it to get it to get an IP address. I get the following error in event viewer (event ID 1001):
"The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server."
after getting an IP, i can renew my IP and there are no problems, but in the event of the primary nic failing (tested by unplugging network cable), i cannot get DHCP addresses again.
the first thing that jumps to mind is it might be an arp issue - should i be binding the same mac address to all cards perhaps? i have set local-mac-address?=true with eeprom.
ideas?

You may want to ask this under Firewall section of this forum.
Regards,
Sawan Gupta

PiX501 firewall as DHCP Server

VSAT Modem ==> Pix 501 as DHCPServer ==> WRT54GS Linksys wireless Router ==> Clients
I am trying to implement the above setup for my wireless network but unfortunately my linksys router is not able to access the internet throught PIX 501. Please advise the solution

HI, [PLS RATE if HELPS]
I agree to Spremkumar comments.
Basic DHCP Services Config in PIX:
Configure the PIX such that users on the inside network that are configure for DHCP receive an IP address, WINS, DNS and default gateway.
PIX1(config)#dhcpd address 192.168.1.100-192.168.1.200
PIX1(config)#dhcpd dns
PIX1(config)#dhcpd domain
PIX1(config)#dhcpd wins
PIX1(config)#dhcpd enable inside
1. Connect a PC/Laptop to the inside Interface via which the IP Address is leased
2. Why do you need a Router between the PIX (as DHCP Server) and Clients
3. Atlast can you check whether the Outside Interface is connected to VSAT Modem and Inside Interface to Wireless Router(if must) or a Client (for a testing)
Please refer sample configuration above for your help and provide more information on your requirement.
PLS RATE if HELPS
Best Regards,
Guru Prasad R

OS X server, DHCP Server and random blocked IPs

Hello !
I use a Mac Mini as a DHCP server for my wireless network. It is connected to internet through a wired modem and gives an IP (through Airport) to the computers that ask for it.
Everything works quite fine... Unless, sometimes, clients obtain an adress but cannot browse the web nor connect to local network. The ip is just "blocked".
If i try to use it on an other computer (manually), it just doens't work.
So, I must change the ip, by changing the DHCP Name of the computer (otherwise, the server always give the same adress), to fix the problem.
What is strange, is that a few time after, the incriminated ip works new ! Until it is down again...
My bootpd config file is the fallowing;
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NetBoot</key>
<dict/>
<key>Subnets</key>
<array>
<dict>
<key>allocate</key>
<true/>
<key>dhcpdomainname</key>
<string>antoine.maille.priv</string>
<key>dhcpdomain_nameserver</key>
<array>
<string>81.253.149.1</string>
<string>80.10.246.3</string>
<string>10.0.0.1</string>
</array>
<key>dhcpldapurl</key>
<array>
<string>ldaps://Mac Mini/</string>
</array>
<key>dhcp_router</key>
<string>10.0.0.1</string>
<key>lease_max</key>
<integer>604800</integer>
<key>leasetimesecs</key>
<string>86400</string>
<key>name</key>
<string>DHCP WiFi</string>
<key>net_address</key>
<string>10.0.0.0</string>
<key>net_mask</key>
<string>255.255.255.0</string>
<key>net_range</key>
<array>
<string>10.0.0.10</string>
<string>10.0.0.100</string>
</array>
<key>selectedportname</key>
<string>en1</string>
<key>uuid</key>
<string>FEB30FD5-3749-480E-9FEB-BD2C20206431</string>
</dict>
</array>
<key>allow</key>
<array/>
<key>bootp_enabled</key>
<true/>
<key>deny</key>
<array/>
<key>detectother_dhcpserver</key>
<true/>
<key>dhcp_enabled</key>
<true/>
<key>oldnetbootenabled</key>
<false/>
<key>relay_enabled</key>
<true/>
<key>relayiplist</key>
<array/>
<key>timeServiceStarted</key>
<string>2008-11-26 22:59:19 +0100</string>
</dict>
</plist>
Do you have any idea of what I should do to fix that problem ?
Thanks !
alex

Brandon Macinnis wrote:
Dnar,
Thanks for the follow up bit about using the smbutil statshares command. I used that and could confirm that I am also able to force it to connect with smb2. Oddly though, in the stat share info it still says "AUTO_NEGOTIATE"
SMB_NEGOTIATE AUTO_NEGOTIATE
SMB_VERSION SMB_2.1
But maybe that just means something else and not the fact that it did not auto negotiate to SMB. I guess for now this will be what I have to do to use smb2.
I think in this case the AUTO_NEGOTIATE merely means it will auto negotiate a connection between SMB1, SMB2, and (from your data) also SMB2.1 this would have nothing to do with auto negotiating between SMB2 and AFP, which from this thread appears broken.
I also would like to thank Brandon for the tip about smbutil statshares, I had been looking for a simple way to tell what version of SMB was being used to test my NAS.
For everyone's benefit, it would appear from the above that whilst Apple advertise Mavericks as using SMB2 they have gone as far as implementing SMB2.1 and merely list it only as SMB2 for simplicity and due to the fact there is not a huge different between SMB2 and SMB2.1
See http://en.wikipedia.org/wiki/Server_Message_Block#SMB_2_and_3

Can I use DHCP snooping and IOS DHCP server on the same switch stack

Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
Thanks

Nope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

Can I use ASA to be a DHCP Server use in WLC wireless Client

I want to use ASA to be a DHCP Server for Wireless Client not it can't.
I check the debug log in WLC, I confirm the WLC have send the request to ASA.
In the ASA, it don't have any hits in the rule when the WLC send the DHCP relay request.
I have try don't use dhcp relay in WLC but don't success. Anybody have the same case with me? And Is the ASA can't support DHCP relay agent to request to get the IP Addr.
P.S. In the Network Design limitation so I can't use WLC to be DHCP Server.
Equipment:
ASA5510
WLC4402
How can I fix it.
Thank you very much

The issue is that the ASA doesn't accept DHCP requests from a relay agent, only broadcast DHCP requests. In the 4.2 version for the controllers there is now an option so you can change the way the controller forwards DHCP requests so that it is sent as a broadcast and not from a relay agent.

Remote access VPN with ASA 5510 using DHCP server

Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode:        True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
Lay

For RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Can you use the Airport Express A1264 as an AP and a DHCP server at the same time?

Can you use the Airport Express A1264 as an Access Point and a DHCP server at the same time?
I would like to use it as a DHCP server and AP at the same time in my LAN (no internet, just local machines through a few switches). I was lead to belive this could be the case from a few networking friends that haven't been friendly enough to help me out setting it up.

I need it to act as a dLink/Cisco/Linksys/etc basic wifi router, in the fact that you can access it via wifi, and it will spit out DHCP addresses (192.168.1.xxx) to everything wired downstream of it.
I want to simultaniously provide a Wifi connection and a LAN connection at the same time
Thanks,
BRad

Can I use my WRT54G as a DHCP server only? I've got 5 dynamic IP's from Time Warner..

Hi everyone, I'm wondering if I can use my WRT54G as a DHCP server only only my network, without having to have any of my PC's plugged into it's router ports? I looked at the settings but I couldn't get it to work.
Here's why: I just got Time Warner Business Class cable internet which comes with 5 dynamic IP's. I want each computer, well 4 of them at least and 1 for the WRT54G, to have a unique IP when accessing the internet, and the other computers (5 more computers) to use the DHCP server in the WRT54G to get a NAT IP for use on the internet.
We play Diablo II on the internet and only 4 computers can be connected through 1 IP, so that limits us in my current configuration.
Current Equipment: One WRT54G, one Netgear GS116 16 port gigabit non-managed switch. One Time Warner Cable modem. Also attached to the network is one HP network printer, a Buffalo LinkStation NAS and a Zensonic Network DVD player.
Current config: Cable modem --> WRT54G --> Netgear switch.
Ideal config: Cable modem --> Netgear switch --> WRT54G.
With my current config, I am not taking advantage of the 5 dynamic IP's, but all the computers connected to the Netgear switch or the WRT54G can connect to the internet and the NAS.
So my ideal config (where I don't have to buy anything and where all the computers can print and access the NAS) is to connect all the computers and devices to the Netgear Switch and somehow force 4 of the computers and the WRT54G to get a dynamic IP from the cable modem, while the other computers and devices use the DHCP server on the WRT54G to get to the internet.
Is this possible?
I called Time Warner Cable and they weren't any help. I called the Linksys sales department and they weren't of much help either.
I suppose that I could purchase a new 8 port switch and attach 4 computers, the cable modem and the WRT54G to it. Then attach the Netgear to the WRT54G to accomodate the printer, NAS, and the other 5 computers. But in that senario, the 4 computers connected to the new switch can't print and can't reach the NAS. And geez, some computers would have to go through 3 devices to reach the internet, which has got to slow them down.
I did read about the Linksys EFG120 which has a DHCP server, but at $400 and only 120 gigs, it doesn't work for me.
I called Time Warner and the cost of more dynamic IP's is prohibitive, I'm already paying $79 a month for this internet and they want another $50 a month for 7 more dynamic IP's and that wouldn't help my NAS or my printer.
The cost of a 16 port gigabit switch with DHCP is an amazing $800 or so, which is out of the question.
Sorry for being so long winded and thanks for reading this far. I'm looking forward to any replies.

That is a hell of a setup. I don't know if it would be easier and cheaper to either buy a real router like a Cisco, get fixed IP addresses and a RV042, or buy 4 network cards for the four of the five computers which need the internet access for gaming.
O.K. First your setup:
1. You wire the modem to the 6-port switch.
2. You connect the remaining 5 ports with the WAN ports of 5 WRTs with DHCP on the WAN interface.
3. You configure each WRT with unique LAN IP addresses in the same subnet, e.g. 192.168.1.1/255.255.255.0, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5.
4. You turn off all DHCP servers except on one, e.g. 192.168.1.1. That router will be the default router and internet connection for any client which gets dynamic LAN addresses (as fallback or guests, I would not configure the NAS or printer with DHCP addresses if you have everything else on static IP addresses). You can certainly disable all DHCP servers if you want, too.
5. Now you connect all WRTs with each other.
5a. You connect port 1 of the 1st WRT with port 1 of the 2nd.
You connect port 2 of the 2nd with port 1 of the 3rd.
Port 2 of the 3rd with port 1 of the 4th.
Port 2 of the 4th with port 1 of the 5th.
(Do not create a loop connecting port 2 of the 5th with port 2 of the 1st!!)
5b. You buy another switch and connect each port 1 of each router with this switch. This has the advantage that you don't have a long cascade between the 1st and the 5th router like in 5a.
6. You connect all devices to the LAN.
6a. If you did 5a, you will probably put each computer to the router which internet connection it uses. The NAS and printer could go anywhere.
6b. If you did 5b, you hopefully bought a 16 or 24 port switch. Then you plug simply everything into that switch. Otherwise you can certainly use the free ports of the WRTs like in 6a.
7. You configure all your devices with static IP addresses. For instance,
IP 192.168.1.11
netmask 255.255.255.0
gateway 192.168.1.1
For the DNS servers I would highly recommend to use the DNS servers of your ISP directly and not use the relay on 192.168.1.1.
The gateway address defines through which router the computer connects to the internet.
8. You may still have to configure port forwardings on the router to the game computer if required for the game.
An interesting alternative to this setup might be to buy 4/5 network cards for the 4/5 computers with direct internet access. Then you use the one network card to connect to your single LAN behind your single WRT. The other network card goes into the switch behind the modem and has direct internet access. You then have to tell Windows which of the network cards has the default gateway for the internet connection (to prevent routing all traffic through the LAN and the WRT to the internet). One game computer would have to be behind the WRT.

Can some one translate these instructions D-Link DI-524: installation as wireless HUB/Bridge General ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED OTHERWISE YOU CAN SEVERELY HINDER OTHER USE

D-Link DI-524: installation as wireless HUB/Bridge
General
ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED
ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
Practical example: D-Link DI-524
The DI-524 is a wireless router.Although the manufacturer doesn't mention this, you can also install this device as a wireless hub.Of course this is not supported by the manufacturer. Therefor you have nowhere to go in case of any problems Plug in the power cord of the DI-524. Do not yet connect the network cable!Search for existing wireless networks with your computer. Connect with the router.This can for example be done like this:
Click the start-button (at the bottom in the left corner of your screen).
Go to control panel
Go to internet connections (you may have to choose classic representation first)
You can now see your wireless network card, among other things. Right-click and 'View available Wireless networks'.
Connect to the router. In most cases the router will be called 'default'.Check your IP-address: you get an IP address from the DI-524
Go to the start-button
Go to 'Run'
Type 'cmd' and press enter
type 'ipconfig' and press enter
your IP address starts with 192.
Surf to your router with your regular browser. For this you need the address and a password, which you can find in the documentation.
In this case the address is 192.168.0.1
Now you must secure the router. For this it is best to use WPA-PSK
Your key is a randomly chosen sentence. Don't make this sentence too short.
Warning: Case sensitive!
You cannot reach the router anymore now.
Go back to your network card via "make connection". Search for your wireless network again and make a new connection
You are asked for a key. Supply this key the way you configured it in your router.
Surf back to the router.
Disable the DHCP server.
!! YOU HAVE TO DISABLE UPnP ON ALL TYPES OF ROUTERS
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
for this, go to Tools, Misc and switch off UPnP
Save these settings.
If you do not have a D-link router, look up in the manual or somewhere else where you can disable UPnP
Now you cannot reach the router anymore again.
It is only from this moment that you can connect the router to the modem.
Important: Use one of the 4 LAN ports. Never use the WAN port!
Go to your network card via the control panel. Right-click and "Repair"
Now you should get an IP-address in the range of 10.nnn.nnn.nnn
If you still don't have 192... you've made an error. The DI-524 still functions as a router and this is not allowed!

There are no Mac based instructions. The router is accessed and adjusted the same way whether you are using a Mac OS X, Windows or Linux. As noted in the other post it is done through your web browser which works the same from any computer. Even a Chrome Book.
akertrav wrote:
Thank you for that what I have been trying to do is extend the range of my wifi witha second dilink router. I was hoping for some mac based directions to achive this rather than the PC based as presented. Thank you for your ireply Paul

DHCP Server Implementation

Similar Messages

Maybe you are looking for