DHCP subnets removed

Similar Messages

• DHCP subnet settings blasted by 10.7.1 server update?

  I dutifully applied the 10.7.1 update this evening to my Mini Server (July 2011) and restarted.
  Some of the clients on my network were fine but others - those whose DHCP leases expired - had issues getting a new lease.  In fact, when these devices were restarted they could not get an IP address at all.
  After fiddling around it seems that the subnet which was on previously had been set to off by the reboot.  Re-checking the subnet seemed to work but only partially.  Some of the subnet settings had been flushed too.  Specifically, the router, DNS and search domain settings were reset.
  On resetting these settings it all came back to life.
  BTW, After much frustration over the past few weeks I have gone with the 192.168.2.xxx set up as proscribed in the k-base article which had been working fine for me until this update.
  Looking forward to 10.7.3?  I can't imagine all these bugs will be ironed out in the next point release...
  Has any one tried using settings other than the settings in the knowledge base article under 10.7.1? 

  There is a Lion Server Forum where you might be able to get help.
  Regards,
  Colin R.

• Removing DHCP failover removes DNS A records

  We are running a windows 2012 r2 domain with 4 DCs all configured as DNS servers. One of the DCs is also our DHCP server. We configured a second dhcp server in January and joined it in failover mode. It was fine for a couple weeks, but then we got spammed
  with 20291 and 20292 errors. We decided to remove the failover relationship and unauthorize the second dhcp server which we did without any errors. However when we rebooted the original dhcp server, we immediately lost over 30 A records in dns, mostly printers,
  and we found that the dns server ip addresses on the nics of the dhcp server were changed to invalid addresses. Is there anything known that could explain this behavior? Otherwise the server seems to be working fine, and diagnostics (dcdiag, repadmin, event
  log) are not showing any errors.

  Hi,
  Was the second DHCP server also a DC? Which kind of DHCP Failover Modes did you used?
  Based on my experience, a DHCP server can register and update DNS PTR and address A resource records on behalf of its DHCP-enabled clients. I assume the lost A
  records may be due to the IP address of the DNS server was changed. Did you configure a static DNS server in the DNS settings on the DHCP server? I assume that you select "Obtain DNS server address automatically" as if you define a DNS
  server, it won't be changed after reboot.
  In general, it would be better to point the preferred/secondary DNS server to the DC instead of obtaining the DNS server address automatically.
  Besides, for event ID 20291, you can refer to the KB below:
  http://support.microsoft.com/kb/2955135
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Multiple DHCP Subnet through V lan

  Dear All,
  i like to request a help, i am not good in cisco anyone can explain me  it will help for me.
  i am trying to configure muliple dhcp subent through Valn
  1. i create a dhcp server and create 3 subetnet
  a. my network card ip 192.168.50.200 dhcp enabled
  b . configure DHCP scope for 192.168.20.0 and 192.168.30.0
  2. i have sonicwall firewall with router there i create 2 valn .
  3. cisco switch sg300-28p also create valn. ( valn 20 port 3-5) (Vlan 30 port 7-10) create a trunk port for both Vlan port number 2.
  i give conection from sonicwall to switch trunk port 2 and connect laptop to valn 20 port i am getting 192.168.20.0 range ip, if i connect to laptop to Vlan 30 also getting Vlan 30 range IP.( this time Sonicwall DHCP is enabled)
  now come to the point, i need to relase DHCP from my server, so i disable dhcp from Sonicwall. and enable dhcp from server.
  but i am not getting ip address from server to any valn.
  i create a trunk port for DHCP server and connect to there. then also same problem
  please help to configure the best way.

  what you have to do is configure ip helper addresses on your vlans to point to the new server, it was probably pointing to your sonicwall which is why it was working on the sonicwall, but once you changed over to your server, you have to convert it over to your new dhcp server.
  without port forwarding your switches/routers do not know where to send those requests, especially if they are on different vlans.  thats one ceveat to running vlans and switches, it doesnt like flooding out requests to every port.
  it appears to be under:
  ip config - udp relay/ip helper
  that section, add your new dhcp server to that and it should fix it so it sends your dhcp requests to your dhcp server.

• DHCP/Subnets/Static Maps setup question

  We have a unique teaching environment where we would like both employees (with laptops) and clients to be able to plug into any ethernet port in the building or be wireless. My question is, what is the best way to set things up so that employees always get the same ip and have access to the full range of services (file services, LDAP, Internet) but customers only have access to the Internet but not internal services. I have tried using static maps for employees but for some reason, customers sometimes end up getting one of the static maps intended for employees (and I have verified that all the MAC addresses are entered correctly). I am pretty new to Tiger server so any help is greatly appreciated.

  If im not mistaking your DHCP settings are overlapping with the ips you have statically assigned. To fix this reserve say 192.168.1.1-127 for static ips and let dhcp use the remainder.

• Multiple DHCP Subnets for different Interfaces

  Hi All,
  Lets Assume that I have a 1841 single WAN and 2 Fast Ethernet ports.
  I have 2 different Local LANs, one on each FastE.
  Fast 0/0 : LAN 1
  Fast 0/1 : LAN 2
  Lets say i want to assign IP Addresses from the router acting as a DHCP.
  I know how to set it up for single interface.
  Lets say I want for :
  Fast 0/0 - LAN 1 :192.168.1.0/24
  Fast 0/1 - LAN 2 :192.168.2.0/24
  How do i specify on the router what IP Range belongs to which interface ???, so that each interface will give out to its connected LAN the desired IP Addresses ???
  Thanks,
  George

  Hi,
  Its just that you have to configre two pools for DHCP.
  When a request is generated by the PC it will send a DHCP broadcast message with the source IP as 0.0.0.0. When this reaches the interface it will change the source IP address to its own IP address and will send a unicast dhcp request to the DHCP server. This way based on the interface's IP address the request will be matched with one of the defined pool and the client will be assigned the IP address from the respective pool.
  There is a good link which will explain this in detail-
  http://tcpmag.com/qanda/article.asp?EditorialsID=285
  Sushil

• DHCP Removed?

  Has DHCP been removed from OS X Server (Mountain Lion)?  I see a few people complaining that it cannot be configured from the Server.app and there are no new ServerAdmin tools for this version.  Some mention that the help file says it should be enabled in the Server.app but DHCP doesn't show up in the menu.

  This is from the OS X Server: Advanced Administration -
  https://help.apple.com/advancedserveradmin/mac/10.8/
  If you don’t have a DHCP server, you can set up OS X Server’s DHCP service. For information, see this help topic: DHCP setup overview.
  AND:
  Start or stop DHCP service
  You start DHCP service to provide IP addresses to users. You must have at least one subnet created and enabled.
  HideStart or stop DHCP service in Server Admin
  Open Server Admin and connect to the server.
  Click the triangle at the left of the server.The list of services appears.
  From the expanded Servers list, select DHCP.
  Click the Start DHCP or the Stop Now button (below the Servers list).If you start DHCP and the Firewall service is running, a warning appears asking you to verify that all ports used by DHCP are open. Click OK.
  The service runs until you stop it. It restarts when your server is restarted.

• Can't get DHCP server to give out correct subnet IP's.

  Hi all,
  I recently added a VLAN to my SG500X switch.  I have the devices communicating between the VLAN’s (using static IP’s).
  I setup the new DHCP subnet on my Windows 2003 server but I can’t seem to get the DHCP server to hand out IP’s from the new subnet.
  From what I understand, the Windows DHCP server is supposed to detect which VLAN the request is coming from and hand out the correct one.  If I plug a laptop into one of the untagged switch ports for the new VLAN I get an IP address...but it's from the original/primary subnet.
  Do I need to configure anything else on the switch?  It seems to be handing out IP’s on the primary subnet/VLAN just fine.  I just need it to hand the correct one.
  Any suggestions are appreciated.
  Thanks,
  Dan

  Everyone has provided you good info on what to look into so I will just try to give you some background info as this topic threw me for a loop back in the day when I was studying for my CCNA.  It never was really explained how the dhcp server knew which scope to assign from.  It works like this assuming the dhcp server is not inside the broadcast domain of the client.
  1.Client with sends a DHCP request broadcast message
  2.Access switch receives untagged frame from client with destination mac of FF:FF:FF:FF:FF:FF
  3.Access switch encapsulates the packet into a frame that includes the vlan ID that was configured on the access port the client was connected to. Lets say vlan 10
  4.Frame is forwarded out all interfaces in the same vlan or trunk interfaces except where it was received from
  5.Your router receives the frame from the trunk port.  You either have an SVI or subinterface configured on the L3switch/router that is listening for traffic from that vlan.  That SVI/subinterface will have an IP address on it.  lets say 10.0.0.1/24.
  SVI
  int vlan 10
  ip address 10.0.0.1 255.255.255.0
  ip helper-address 192.168.1.50
  Router
  int f0/0.10
  encapsulation dot1q 10
  ip address 10.0.0.1 255.255.255.0
  ip helper-address 192.168.1.50
  6.Here is were the ip helper comes into play.  The router inserts the source IP of the SVI/subinterface for that vlan into the packet and sends it to the dhcp server. So 10.0.0.1 ->192.168.1.50
  7.DHCP server receives and chooses the scope based on the source IP in the packet.  so in my example the dhcp server will look through it's configured scope and would find one for the 10.0.0.0/24 network.
  8. DHCP server sends the dhcp offer to the IP of the SVI/subinterface which then forwards it on to the client.

• How to tell N6.5 DHCP to use a W2k8 for PXE?

  Hello,
  could anyone give me a hint, how to tell my netware DHCP to use a Windows Server 2008 R2 running Acronis with PXE Server?
  Actual Situation:
  Netware 6.5 Sp8 Server with ZENWORKS in Cluster mode
  Netware DHCP Server
  ZEN7 SP1 Imaging
  --> works fine so far, and no problem in other subnets, IP-helper are configured in the switches
  New Situation:
  Netware 6.5 Sp8 Server with ZENWORKS in Cluster mode
  Netware DHCP Server
  Windows Server 2008 R2 running Acronis Snap Deploy with PXE-Server - in future may be a clean Windows Deployment service without Acronis
  --> that would be nice :)
  I found serveral ini-files (dts.ini, pdhcp.ini, tftp.ini) where I configured the new IP-Address of the W2k8 PXE Server.
  Now:
  The Client gets its correct IP-Address from Netware DHCP
  but after that the following messages:
  Auto-select:
  ZENworks Boot
  Boot Server IP: --.--.--.-- (the correct one configured in the ini-files!)
  TFTP.
  PXE-T02:
  PXE-E3C: TFTP Error - Access Violation
  PXE-M0F: Exiting Intel Boot Agent
  Any ideas?
  Thanks a lot.

  Originally Posted by magic31
  You don't have to configure anything specifically in DHCP to work with PXE. Possibly just unconfigure an option that was set for the previos setup; One thing to check (and remove) is option 60 for the PXE Client option, if this is configured with the DHCP subnet options. This option should only be set if both DHCP and PXE services are on the same server (as is probably the case in your situation as I'm guessing both DHCP as also PXE get loaded in the same cluster resource script).
  For subnets serviced outside of the subnet your DHCP server is running in, you will need to configure multiple ip helpers: one that points to the DHCP server and one points to the PXE server so those requests on other subnets get serviced correctly.
  To get things running it's probably easier to try to get this to work on the subnet your DHCP and PXE server are running in (so you are not also having to deal with the ip helper setup just yet). If that works, then expand you configuration to different subnets & ip helpers.
  Hope that helps,
  Willem
  As a ps and for clarification, don't load the PDHCP on any of the NetWare servers... just have the PXE PDHCP service running on the Windows server.
  The PDHCP/PXE service for ZenWorks won't understand/work with the Arconis one and visa versa.
  -Willem

• DHCP - Cannot add text option for VOIP phones in OES Linux

  While working through this, I solved the issue, but decided to post this anyway as it may help others to find these sorts of errors.
  I'm working on migrating from NetWare 6.5sp8 to OES11sp2. Client has Shoretel VOIP phones. Existing NetWare-based DHCP has no problem. Option 156 has been configured to give out the required text information that Shoretel phones require.
  Problem is that I could not get the OES11 DHCP to run with that option. Nor could I migrate the existing option over - the Migration Tool (in OES11) says it successfully migrates DHCP, but I cannot start the dhcpd daemon. Error is that it failed, and in the rc.dhcpd.log file I see an error:
  LDAP Line 26: unknown option dhcp.Shoretel_Boot.
  LDAP Line 26: unexpected end of file
  LDAP: cannot parse dhcpService entry 'cn=newdhcpservice,o=LIBRARY'
  Configuration file errors encountered -- exiting
  If I look in the file (created when LDAP reads DHCP config from eDirectory apparently) dhcp-ldap-startup.log I can see the problem entry at line 26:
  option Shoretel_Boot "FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,L AYER default-lease-time 259200 ;
  This option does NOT show up in the newdhcpservice option when I look at it in ConsoleOne, or DSBROWSE, or DNS/DHCP Management Console.
  This option DOES show up in the DNS/DHCPManagement Console if I look at the DHCP (NetWare) tab and look at Other DHCP Options for some of the configured subnets, but it actually has different text from the above, specifically:
  FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,LAYER2 TAGGING=1,VLANID=9
  Note that it does not have a " character anywhere in the entry. This option is configured as a Global DHCP text option.
  Novell TID 7009464 mentions the issue, though not for Option 156. In that TID there is this:
  "Situation #2
  Migrate a working DHCP server with DHCP options that are of type "Text" to an OES server.
  Load the DHCP server service... it fails to load and gives similar errors to the ones listed above."
  Under resolution the TID says to delete and recreate the dhcp service object without the text option and it will load. That doesn't work for me as I still get an LDAP error pointing to the Shoretel_Boot unknown option. (I dare not try deleting it from the NetWare DHCP config and risk breaking the client's phone system).
  One of the options in the TID to fix this is to re-enter the data using the DNS/DHCP Management Console - but that didn't work.
  Here is the answer:
  First, the log files are misleading. The error message points to not being able to read the newdhcpservice object entry - but the problem was elsewhere. In fact the problem showed up in the logs even when there were no option 156 entries at all in any object inside the newdhcpservice or the newdhcpservice object itself. The problem existed in the NetWare configuration of the object for one of the dhcp subnets.
  Specifically, there was an illegal character in the text entry for option 156 - the # character was in there, like this:
  FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,LAYER# 2TAGGING=1,VLANID=9
  If you look at the error log entry for syntax error you can see that the option 156 text stopped at the # symbol, and then default-lease-time was appended to the end.
  Removing the # symbol got things working.
  Craig Johnson
  (former Novell partner / sysop)

  On 30/08/2014 21:16, phxazcraig wrote:
  > While working through this, I solved the issue, but decided to post this
  > anyway as it may help others to find these sorts of errors.
  >
  > I'm working on migrating from NetWare 6.5sp8 to OES11sp2. Client has
  > Shoretel VOIP phones. Existing NetWare-based DHCP has no problem.
  > Option 156 has been configured to give out the required text information
  > that Shoretel phones require.
  >
  > Problem is that I could not get the OES11 DHCP to run with that option.
  > Nor could I migrate the existing option over - the Migration Tool (in
  > OES11) says it successfully migrates DHCP, but I cannot start the dhcpd
  > daemon. Error is that it failed, and in the rc.dhcpd.log file I see
  > an error:
  >
  > LDAP Line 26: unknown option dhcp.Shoretel_Boot.
  > LDAP Line 26: unexpected end of file
  > LDAP: cannot parse dhcpService entry 'cn=newdhcpservice,o=LIBRARY'
  > Configuration file errors encountered -- exiting
  >
  >
  > If I look in the file (created when LDAP reads DHCP config from
  > eDirectory apparently) dhcp-ldap-startup.log I can see the problem entry
  > at line 26:
  >
  > option Shoretel_Boot
  > "FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,L AYER default-lease-time
  > 259200 ;
  >
  >
  > This option does NOT show up in the newdhcpservice option when I look at
  > it in ConsoleOne, or DSBROWSE, or DNS/DHCP Management Console.
  >
  > This option DOES show up in the DNS/DHCPManagement Console if I look at
  > the DHCP (NetWare) tab and look at Other DHCP Options for some of the
  > configured subnets, but it actually has different text from the above,
  > specifically:
  >
  > FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,LAYER2 TAGGING=1,VLANID=9
  >
  > Note that it does not have a " character anywhere in the entry. This
  > option is configured as a Global DHCP text option.
  >
  > Novell TID 7009464 mentions the issue, though not for Option 156. In
  > that TID there is this:
  > "Situation #2
  > Migrate a working DHCP server with DHCP options that are of type
  > "Text" to an OES server.
  > Load the DHCP server service... it fails to load and gives similar
  > errors to the ones listed above."
  >
  > Under resolution the TID says to delete and recreate the dhcp service
  > object without the text option and it will load. That doesn't work for
  > me as I still get an LDAP error pointing to the Shoretel_Boot unknown
  > option. (I dare not try deleting it from the NetWare DHCP config and
  > risk breaking the client's phone system).
  >
  > One of the options in the TID to fix this is to re-enter the data using
  > the DNS/DHCP Management Console - but that didn't work.
  >
  > Here is the answer:
  > First, the log files are misleading. The error message points to not
  > being able to read the newdhcpservice object entry - but the problem was
  > elsewhere. In fact the problem showed up in the logs even when there
  > were no option 156 entries at all in any object inside the
  > newdhcpservice or the newdhcpservice object itself. The problem
  > existed in the NetWare configuration of the object for one of the dhcp
  > subnets.
  >
  > Specifically, there was an illegal character in the text entry for
  > option 156 - the # character was in there, like this:
  >
  > FTPSERVERS=172.30.43.8,COUNTRY=1,LANGUAGE=1,LAYER# 2TAGGING=1,VLANID=9
  >
  > If you look at the error log entry for syntax error you can see that the
  > option 156 text stopped at the # symbol, and then default-lease-time was
  > appended to the end.
  >
  > Removing the # symbol got things working.
  >
  > Craig Johnson
  > (former Novell partner / sysop)
  Thanks for taking the time to post the above as I'm sure it will help
  someone else in the future.
  Simon
  Novell Knowledge Partner
  If you find this post helpful and are logged into the web interface,
  please show your appreciation and click on the star below. Thanks.

• Natd survives DHCP?

  One of our servers had the DHCP service removed a while ago. However the system log keeps reporting "natd[199]: failed to write packet back (No route to host)", I'd assume because DHCP isn't there anymore. Trying to kill natd took the server offline completely.
  Does anybody know why natd is still running and whether it needs to? What is the best way to remove/disable it?
  Thanks.

  I'd like to continue this thread....
  I have a 10.5.8 Server that has the NAT/DHCP/Firewall hiccup-misconfiguration of the nature....
  Here's the log
  4/27/10 7:50:28 AM natd[317] failed to write packet back (No route to host)
  4/27/10 7:50:28 AM natd[317] failed to write packet back (No route to host)
  4/27/10 7:50:30 AM natd[317] failed to write packet back (Host is down)
  4/27/10 7:50:30 AM natd[317] failed to write packet back (Host is down)
  4/27/10 7:50:34 AM natd[317] failed to write packet back (Host is down)
  4/27/10 7:50:34 AM natd[317] failed to write packet back (Host is down)
  4/27/10 7:50:42 AM natd[317] failed to write packet back (Host is down)
  4/27/10 7:50:42 AM natd[317] failed to write packet back (Host is down)
  4/27/10 8:01:22 AM bootpd[4841] can't open /etc/bootptab
  4/27/10 8:01:22 AM bootpd[4841] server name myLeopardServer.myDomain.com
  4/27/10 8:01:22 AM bootpd[4841] interface en0: ip 10.0.3.100 mask 255.255.255.0
  4/27/10 8:01:22 AM bootpd[4841] interface en1: ip 10.0.4.1 mask 255.255.255.0
  4/27/10 8:01:22 AM bootpd[4841] DHCP REQUEST [en0]: 1,0:1e:c2:d1:e2:c8
  4/27/10 8:01:22 AM bootpd[4841] ACK sent Anybody's iPhone 10.0.3.40 pktsize 318
  4/27/10 8:01:22 AM bootpd[4841] ACK sent Anybody's iPhone 10.0.3.40 pktsize 318
  4/27/10 8:11:54 AM bootpd[4873] can't open /etc/bootptab
  4/27/10 8:11:54 AM bootpd[4873] server name myLeopardServer.myDomain.com
  4/27/10 8:11:54 AM bootpd[4873] interface en0: ip 10.0.3.100 mask 255.255.255.0
  4/27/10 8:11:54 AM bootpd[4873] interface en1: ip 10.0.4.1 mask 255.255.255.0
  4/27/10 8:11:54 AM bootpd[4873] DHCP REQUEST [en0]: 1,0:22:41:75:6a:69 <iPod-touch>
  4/27/10 8:11:54 AM bootpd[4873] ACK sent MyCompany's iPod Touch 10.0.3.4 pktsize 318
  4/27/10 8:11:54 AM bootpd[4873] DHCP DISCOVER [en0]: 1,0:22:41:75:6a:69 <iPod-touch>
  4/27/10 8:11:54 AM bootpd[4873] OFFER sent MyCompany's iPod Touch 10.0.3.4 pktsize 318
  4/27/10 8:11:55 AM bootpd[4873] DHCP REQUEST [en0]: 1,0:22:41:75:6a:69 <iPod-touch>
  4/27/10 8:11:55 AM bootpd[4873] ACK sent MyCompany's iPod Touch 10.0.3.4 pktsize 318
  4/27/10 8:11:55 AM bootpd[4873] ACK sent MyCompany's iPod Touch 10.0.3.4 pktsize 318
  4/27/10 8:11:55 AM bootpd[4873] ACK sent MyCompany's iPod Touch 10.0.3.4 pktsize 318
  4/27/10 8:13:55 AM mDNSResponder[32] DNS Message too short
  4/27/10 8:13:55 AM mDNSResponder[32] DNS Message too short
  4/27/10 8:14:23 AM bootpd[4873] DHCP REQUEST [en0]: 1,0:1e:c2:d1:e2:c8
  4/27/10 8:14:23 AM bootpd[4873] ACK sent Anybody's iPhone 10.0.3.40 pktsize 318
  4/27/10 8:14:23 AM bootpd[4873] ACK sent Anybody's iPhone 10.0.3.40 pktsize 318
  4/27/10 8:20:49 AM natd[317] failed to write packet back (No route to host)
  4/27/10 8:20:49 AM natd[317] failed to write packet back (No route to host)
  4/27/10 8:20:51 AM natd[317] failed to write packet back (Host is down)
  4/27/10 8:20:51 AM natd[317] failed to write packet back (Host is down)
  This pattern repeats and repeats on a newly rebuild 10.5.8 Server. Could this be caused by a Airport Base Station Gateway/DHCP and Leopard Server DHCP fighting on the same subnet? I know this is a silly question but I've had my AirportBaseStation doing port forwarding and serving as the gateway router with a LeopardServer as the target for most of the forwarded traffic.... This server has two interfaces serving as another NAT Gateway for my private IP space on a different subnet.
  Can anyone tell me it that could cause this problem and if so, how can I prove to myself this is the issue? I'd like "proof" because this has been my general setup for this double NATed network for a few years and I think it works.... It has worked pretty well if not perfectly.... I have a fair but not absolute confidence that this works but I can't say that the log entries are not because of DHCP fighting....
  I believe there is a problem but the configuration of something.....

• Offloading DHCP static mapping in 12.3(25)?

  According to the following:
  http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtdhcpsm.html
  ...configuring static addresses via DHCP can be accomplished from a text file found on a tftp server as of IOS 12.3(11)T.
  I'm running 12.3(25) on a 2621, but I don't see the form of the "origin" command described at the above link. The documentation above states that the syntax is:
  origin { dhcp | aaa | ipcp | file <url> }
  ...yet, I only see the following options:
  Router# conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  Router (config)# ip dhcp pool MYPOOL
  Router (dhcp-config)# origin ?
  aaa Subnet is from a AAA server
  dhcp Subnet is from another DHCP server
  ipcp Subnet is from IPCP subnet negotiation
  Router(dhcp-config)#
  The documentation states that this functionality was released with 12.3(11)T. Am I correct in assuming that it is not available in 12.3(25)?

  Hello ,
  software feature navigator tool
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Search by image option lists the features supported in IOS image
  HTH

• Heads Up: Private VLAN Sticky-ARP DHCP Issues

  Here is the scenario:
  Private VLANs are configured on a 6500 Sup720 with SVIs routing for the PVLANs.
  DHCP Snooping and IP ARP Inspection are also configured for the PVLAN subnets.
  A DHCP Server is offering 3 day leases.
  A laptop connects to the network and receives a 3-day lease. The user leaves the office and returns 4 days later. The DHCP server offers a new lease with a different IP address. Furthermore, the previous IP address leased to the laptop has been handed out in a new lease to another host. Both systems receive their DHCP lease but have no network connectivity.
  The problem occurs because, by default, PVLAN SVIs use Sticky-ARP and never age out their ARP cache. Since the laptop has a different IP address to MAC address mapping than recorded in the Sticky-ARP cache, a violation occurs and the switch prevents the new IP address from populating the ARP table on the switch.
  Sticky-ARP is a security feature that prevents one system from stealing another systems IP address.
  Log messages show the following:
  %IP-3-STCKYARPOVR: Attempt to overwrite Sticky ARP entry
  The 6500 PVLAN configuration guide Restrictions and Guidlines section suggests that Sticky-ARP is fundamental to Private-VLANs, and the only work-around for this problem is to create manual arp entries for the new IP address. This is clearly not a viable workaround for this scenario.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/pvlans.htm#wp1090979
  However, the 6500 Command Reference shows that Sticky ARP can be disabled, but makes no reference to PVLANs
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/i1.htm#wp1091738
  There appears to be two sensible solutions to this problem:
  1) Disable Stick-ARP on the 6500 for the PVLANs. Since DHCP Snooping and IP ARP Inspection are configured, sticky-arp can be disabled without relaxing network security. This is assuming the 6500 will accept the command and will not break the existing PVLAN functionality.
  2) Extend the DHCP lease longer, to 45 or 90 days perhaps. This will catch most transient activity and keep the IP address to MAC address relationships the same, wherever possible. The downside here is that DHCP address pools could collect stale entires that would take the lease time to flush, thus reducing the overall available IPs in the pool.
  Has anyone else run into this problem? If so, what was your solution? Did you attempt either option above? I am planning on using solution #1 above, but I wanted to ping the NetPro community with this as I am sure we are not the first customer to run into this. Or are we??
  Regards,
  Brad

  Excellent question.
  Sticky-ARP is NOT intended to be a pain-in-the-butt that should disabled right away, rather, it is a security mechanism that prevents a system from stealing an active IP address on the subnet and causing a lot of problems. Sticky-ARP works best on subnets that have all static IP addressing where there is no expectation that a host would frequently change its IP address.
  Yes, I would recommend keeping Sticky-ARP on subnets with all static IP addresses.
  In DHCP subnets with no static IP addressing, DHCP Snooping and IP ARP Inspection provide the same security coverage that Sticky-ARP does, they prevent a system from claiming an illegitimate IP and MAC address. Furthermore, in DHCP subnets, it is reasonable to expect that a host would change its IP address from time to time when its lease expires.
  Sticky-ARP does not provide any addtional securtity benefits when DHCP Snooping and IP ARP Inspection are active and it only causes problems when a lease expires.
  When Cisco made Stick-ARP the default behavior for Private VLANs, they certain did not have DHCP in mind.
  In Summary, it should be known as a Best Practice that when using Private VLANs on user segments with DHCP that DHCP Snooping and IP ARP Inspection should be enabled and Sticky-ARP be disabled.
  Brad

• Network configuration: fully manual vs. DHCP with manual IP

  Are there any OS X Server services (e.g. AFP, DHCP, DNS, OD, LDAP) that specifically require a server's network settings to be manually configured, or can they all get my with just manual IP and the rest of the configuration supplied by DHCP?

  Oddly enough, I set up a server with DHCP and manual IP and added its IP to a DHCP subnet. But it was also the DHCP server. It did not accept the DHCP-delivered configuration (e.g. it couldn't find the router).
  Is it the case that a DHCP server cannot serve itself with network config information?

• No DHCP lease

  We've had 4 Aironet AP 1131AG wireless access points working for sometime. Now, the users cannot get an IP address and get onto the network.
  The DHCP server is up and running just fine. The WAPs do not give out DHCP leases.
  The only thing that has recently changed is we tried to experiment with adding another SSID to allow for guest access. That has since been removed.

  Dennis
  Your back to basic trouble shooting, cna you ping the DHCP sever from the AP's or vice versa, does the route still exist. was a DHCP helper removed. are the clients authenticating and assoc to with an AP.
  save the config from one AP or use a spare AP to test with with no encrypition and no authentication. in other words back to basics.
  If you are using a WLC same list different device.
  I agree the DNCP server should hand out addresses untill they are gone.
  good luck
  Bill