DHCP Vendor ID

Hi,
How I can changed the DHCP option Vendor ID?
With Linux I should changed it with /etc/dhcp3/dhclient.conf file.
What about Darwin ?
Thx
Message was edited by: ancrou
Message was edited by: ancrou

I don't know the specific tag you need, but the DHCP server is managed within bootpd and /etc/bootpd.plist - an XML file containing all the BOOTP/DHCP/NetBoot configuration data.

Similar Messages

DHCP Vendor Class of Server2003

Hi all,
1. There are two clients with different Vendor ID (send via DHCP DISCOVER option 60), for example, client A's option 60 is AAA, B's is BBB.
2. I had created two Vendor Classes on a Windows Server2003. They match the Vendor ID of client A and B.
3. I had created two options (for example, option 150) under the tow Vendor Classes, and added them in a same DHCP scope. I wanna client A and B can get different option 150 message from DHCP server.
4. After my settings, DHCP server would send different respondence to identifying clients. However, it responds via option 43, not option 150 (which is I set) .
What can I do if I want DHCP server to respond via option 150 that I set?
Thanks for your reply.

Hi,
Sorry for my late reply.
Does the problem persist?
PLease refer to the link below to know how to configure vendor class
http://support.microsoft.com/kb/240247
Best Regards
Quan Gu

Setting options in DHCP client ...

Hi everyone, ...
Im having problems connecting to my corporate intranet DHCP network and investigating I realize the DHCP server requires a fixed DHCP Option 60 (vendor-class-identifier) with the value "MSFT 5.0".
Please, How can I configure this option in my osx DHCP client?
Regards,
Raul.

So you Mac is supporting Windows 2000 or older Microsoft operating systems? That is what Microsoft DHCP Vendor and User Classes. The 10.6.x system shouldn't need and changing.

What are the endpoints attributes collected by NAC Profiler through SNMP and DHCP?

Hi Everyone,
Please help on this.
I want to know what are the endpoints attributes collected by NAC Profiler to discover and profile the endpoints.through SNMP protocol and DHCP protocol.
Also if anybody can explain a simple used case on this.
Please guide me on this.
Thanks in advance.
Thanks,
Abuzar.

Hi,
SNMP
=====
NetMap queries network devices via SNMP for:
System information
Interface information
Bridge information
802.1X information (PAE MIB)
Routing/IP information
CDP MIB Information
This information is used to Build and maintain a model of the network topology and endpoint discovery.
NetMap uses SNMP Get, GetNext and GetBulk (when available) requests to query the SNMP agents running on the network infrastructure devices to gather specific Management Information Base (MIB) objects about their status based on device type (Layer 2 or Layer 3).
In addition to polling each network device for all MIB data at a regular interval, NetMap may also be commanded to poll port-specific information when the NAC Profiler system is notified that an endpoint has joined or left the network via SNMP traps sent by devices at the network edge, switches typically.
Upon receipt and verification of a link state (link up, link down) or MAC notification trap, NetTrap will notify the NAC Profiler Server that a change has occurred on the network edge (endpoint joined or left a network port). If the trapping device is in the NAC Profiler configuration, the NetMap component module assigned to poll the device that sent the trap will be commanded by the Server module to initiate a poll of the device's port information to determine the change to the endpoint topology that resulted in the trap being sent by the network device.
The information gathered by NetMap is processed by the Server accordingly to update the network topology, noting the endpoint joining or leaving a port. Note that NetMap SNMP polling of network devices resulting from a trap is localized to the port specified in the trap. This is unlike the regular polling that occurs at the frequency specified for each device type (L2 and L3) which gathers all SNMP information from the device used by the NAC Profiler system.
DHCP:
=====
The NetWatch module listens for traffic including DHCP traffic.
The module will collect all the DHCP information on the traffic collected, like mac address, ip address, DHCP Vendor Class Identifier in DHCP request, host name in DHCP request, requested specified options in DHCP request (option 55) and full list of DHCP options supported by the DHCP client as specified in the DHCP request.
All the endpointe data can then be used to map endpoints with profiles.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Option code 66 and 67 in DHCP

Hi Everybody,
I am configuring DHCP for the option codes 66(TFTP server) and 67(Boot file), But when I snoop the DHCP requests, I am not sure if DHCP client is getting these options are not. Below is the snoop ouput. Can you please tell me whether client is getting these options or not.
DHCP: ----- (Options) field options -----
DHCP:
DHCP: Message type = DHCPREQUEST
DHCP: Requested IP Address = 10.0.6.70
DHCP: IP Address Lease Time = -1 seconds
DHCP: Maximum DHCP Message Size = 1472 bytes
DHCP: Client Class Identifier = "SUNW.Sun-Fire-V240"
DHCP: Requested Options:
DHCP: 1 (Subnet Mask)
DHCP: 3 (Router)
DHCP: 6 (DNS Servers)
DHCP: 12 (Client Hostname)
DHCP: 15 (DNS Domain Name)
DHCP: 28 (Broadcast Address)
DHCP: 43 (Vendor Specific Options)
DHCP: 66 (TFTP Server Name)
DHCP: 67 (Option BootFile Name)
DHCP: ----- (Options) field options -----
DHCP:
DHCP: Message type = DHCPACK
DHCP: DHCP Server Identifier = 10.0.6.2
DHCP: NIS Domainname = atrcus588.athtem.eei.ericsson.se
DHCP: NIS Servers at = 10.0.6.2
DHCP: DNS Domain Name = athtem.eei.ericsson.se
DHCP: Broadcast Address = 10.0.6.127
DHCP: Subnet Mask = 255.255.255.192
DHCP: Router at = 10.0.6.65
DHCP: IP Address Lease Time = -1 seconds
DHCP: Client Hostname = atrcus629
DHCP: Vendor-specific Options (157 total octets):
DHCP: (07) 35 octets "/platform/sun4u/kernel/sparcv9/unix"
DHCP: (12) 26 octets "/jumpstart/solaris10_image"
DHCP: (11) 13 octets "masterservice"
DHCP: (10) 04 octets 0x0A 0x00 0x06 0x02 (unprintable)
DHCP: (04) 48 octets "/jumpstart/solaris10_image/Solaris_10/Tools/Boot"
DHCP: (03) 13 octets "masterservice"
DHCP: (02) 04 octets 0x0A 0x00 0x06 0x02 (unprintable)
DHCP: Boot File Name = 010003BA875A61
0: 0010 dbdd e3b5 0014 4f71 2d92 0800 4500 ........Oq-...E.
16: 0218 d8eb 4000 ff11 0000 0a00 0602 0a00 ..\330.@...........
32: 0641 0043 0043 0204 0000 0201 0600 46bd .A.C.C........F.
48: 589f 0000 0000 0000 0000 0a00 0646 0a00 X............F..
64: 0602 0a00 0641 0003 ba87 5a61 0000 0000 .....A....Za....
80: 0000 0000 0000 0000 0000 0000 0000 0000 ................
96: 0000 0000 0000 0000 0000 0000 0000 0000 ................
112: 0000 0000 0000 0000 0000 0000 0000 0000 ................
128: 0000 0000 0000 0000 0000 0000 0000 0000 ................
144: 0000 0000 0000 3031 3030 3033 4241 3837 ......010003BA87
160: 3541 3631 0000 0000 0000 0000 0000 0000 5A61............
176: 0000 0000 0000 0000 0000 0000 0000 0000 ................
192: 0000 0000 0000 0000 0000 0000 0000 0000 ................
208: 0000 0000 0000 0000 0000 0000 0000 0000 ................
224: 0000 0000 0000 0000 0000 0000 0000 0000 ................
240: 0000 0000 0000 0000 0000 0000 0000 0000 ................
256: 0000 0000 0000 0000 0000 0000 0000 0000 ................
272: 0000 0000 0000 6382 5363 3501 0536 040a ......c.Sc5..6..
288: 0006 0228 2061 7472 6375 7335 3838 2e61 ...( atrcus588.a
304: 7468 7465 6d2e 6565 692e 6572 6963 7373 thtem.eei.ericss
320: 6f6e 2e73 6529 040a 0006 020f 1661 7468 on.se).......ath
336: 7465 6d2e 6565 692e 6572 6963 7373 6f6e tem.eei.ericsson
352: 2e73 651c 040a 0006 7f01 04ff ffff c003 .se.............
368: 040a 0006 4133 04ff ffff ff0c 0961 7472 ....A3.......atr
384: 6375 7336 3239 2b9d 0723 2f70 6c61 7466 cus629+\235.#/platf
400: 6f72 6d2f 7375 6e34 752f 6b65 726e 656c orm/sun4u/kernel
416: 2f73 7061 7263 7639 2f75 6e69 780c 1a2f /sparcv9/unix../
432: 6a75 6d70 7374 6172 742f 736f 6c61 7269 jumpstart/solari
448: 7331 305f 696d 6167 650b 0d6d 6173 7465 s10_image..maste
464: 7273 6572 7669 6365 0a04 0a00 0602 0430 rservice.......0
480: 2f6a 756d 7073 7461 7274 2f73 6f6c 6172 /jumpstart/solar
496: 6973 3130 5f69 6d61 6765 2f53 6f6c 6172 is10_image/Solar
512: 6973 5f31 302f 546f 6f6c 732f 426f 6f74 is_10/Tools/Boot
528: 030d 6d61 7374 6572 7365 7276 6963 6502 ..masterservice.
544: 040a 0006 02ff ......
Thanks Inadvance,
Yogendra.

Hi Everybody,
I am configuring DHCP for the option codes 66(TFTP server) and 67(Boot file), But when I snoop the DHCP requests, I am not sure if DHCP client is getting these options are not. Below is the snoop ouput. Can you please tell me whether client is getting these options or not.
DHCP: ----- (Options) field options -----
DHCP:
DHCP: Message type = DHCPREQUEST
DHCP: Requested IP Address = 10.0.6.70
DHCP: IP Address Lease Time = -1 seconds
DHCP: Maximum DHCP Message Size = 1472 bytes
DHCP: Client Class Identifier = "SUNW.Sun-Fire-V240"
DHCP: Requested Options:
DHCP: 1 (Subnet Mask)
DHCP: 3 (Router)
DHCP: 6 (DNS Servers)
DHCP: 12 (Client Hostname)
DHCP: 15 (DNS Domain Name)
DHCP: 28 (Broadcast Address)
DHCP: 43 (Vendor Specific Options)
DHCP: 66 (TFTP Server Name)
DHCP: 67 (Option BootFile Name)
DHCP: ----- (Options) field options -----
DHCP:
DHCP: Message type = DHCPACK
DHCP: DHCP Server Identifier = 10.0.6.2
DHCP: NIS Domainname = atrcus588.athtem.eei.ericsson.se
DHCP: NIS Servers at = 10.0.6.2
DHCP: DNS Domain Name = athtem.eei.ericsson.se
DHCP: Broadcast Address = 10.0.6.127
DHCP: Subnet Mask = 255.255.255.192
DHCP: Router at = 10.0.6.65
DHCP: IP Address Lease Time = -1 seconds
DHCP: Client Hostname = atrcus629
DHCP: Vendor-specific Options (157 total octets):
DHCP: (07) 35 octets "/platform/sun4u/kernel/sparcv9/unix"
DHCP: (12) 26 octets "/jumpstart/solaris10_image"
DHCP: (11) 13 octets "masterservice"
DHCP: (10) 04 octets 0x0A 0x00 0x06 0x02 (unprintable)
DHCP: (04) 48 octets "/jumpstart/solaris10_image/Solaris_10/Tools/Boot"
DHCP: (03) 13 octets "masterservice"
DHCP: (02) 04 octets 0x0A 0x00 0x06 0x02 (unprintable)
DHCP: Boot File Name = 010003BA875A61
0: 0010 dbdd e3b5 0014 4f71 2d92 0800 4500 ........Oq-...E.
16: 0218 d8eb 4000 ff11 0000 0a00 0602 0a00 ..\330.@...........
32: 0641 0043 0043 0204 0000 0201 0600 46bd .A.C.C........F.
48: 589f 0000 0000 0000 0000 0a00 0646 0a00 X............F..
64: 0602 0a00 0641 0003 ba87 5a61 0000 0000 .....A....Za....
80: 0000 0000 0000 0000 0000 0000 0000 0000 ................
96: 0000 0000 0000 0000 0000 0000 0000 0000 ................
112: 0000 0000 0000 0000 0000 0000 0000 0000 ................
128: 0000 0000 0000 0000 0000 0000 0000 0000 ................
144: 0000 0000 0000 3031 3030 3033 4241 3837 ......010003BA87
160: 3541 3631 0000 0000 0000 0000 0000 0000 5A61............
176: 0000 0000 0000 0000 0000 0000 0000 0000 ................
192: 0000 0000 0000 0000 0000 0000 0000 0000 ................
208: 0000 0000 0000 0000 0000 0000 0000 0000 ................
224: 0000 0000 0000 0000 0000 0000 0000 0000 ................
240: 0000 0000 0000 0000 0000 0000 0000 0000 ................
256: 0000 0000 0000 0000 0000 0000 0000 0000 ................
272: 0000 0000 0000 6382 5363 3501 0536 040a ......c.Sc5..6..
288: 0006 0228 2061 7472 6375 7335 3838 2e61 ...( atrcus588.a
304: 7468 7465 6d2e 6565 692e 6572 6963 7373 thtem.eei.ericss
320: 6f6e 2e73 6529 040a 0006 020f 1661 7468 on.se).......ath
336: 7465 6d2e 6565 692e 6572 6963 7373 6f6e tem.eei.ericsson
352: 2e73 651c 040a 0006 7f01 04ff ffff c003 .se.............
368: 040a 0006 4133 04ff ffff ff0c 0961 7472 ....A3.......atr
384: 6375 7336 3239 2b9d 0723 2f70 6c61 7466 cus629+\235.#/platf
400: 6f72 6d2f 7375 6e34 752f 6b65 726e 656c orm/sun4u/kernel
416: 2f73 7061 7263 7639 2f75 6e69 780c 1a2f /sparcv9/unix../
432: 6a75 6d70 7374 6172 742f 736f 6c61 7269 jumpstart/solari
448: 7331 305f 696d 6167 650b 0d6d 6173 7465 s10_image..maste
464: 7273 6572 7669 6365 0a04 0a00 0602 0430 rservice.......0
480: 2f6a 756d 7073 7461 7274 2f73 6f6c 6172 /jumpstart/solar
496: 6973 3130 5f69 6d61 6765 2f53 6f6c 6172 is10_image/Solar
512: 6973 5f31 302f 546f 6f6c 732f 426f 6f74 is_10/Tools/Boot
528: 030d 6d61 7374 6572 7365 7276 6963 6502 ..masterservice.
544: 040a 0006 02ff ......
Thanks Inadvance,
Yogendra.

How to configure netboot across vlans/DHCP when already a windows bootp server in the mix?

Hi All,
We just moved to multiple VLAN's for our Mac's in a mostly WIndows environment. DHCP option 66 points to a Windows Deployment Server & option 67 to the WDS file.
I've tried "sudo bless –netboot –server bsdp://10.2.0.1" on a client but get "Netboot scheme bspd not supported on EFI systems".
I can get changes to the DHCP scopes if needed -except for the boot server, so I was thinking using something like using DHCP Vendor Class Identifier to specify a different bootp server but have no clues how...
Any ideas?
Cheers
Steve

You might check out the "How to boot across subnets" page at <http://afp548.com/mactips/>. It has a bunch of info.

Lync HP 4120 Sign in problems with Lync Server 2013

Hi, this is my second request for help, this with more information...
I`ll ready install the follow infrastructure: (I change the name of my organization for contoso)
Lync Server 2013 Installation with Enterprise mode with 1 front end : Pool: lync.contoso.com Front End: lyncfe01.contoso.com Back End: lyncsql01.contoso.com
I`ll ready install a PKI infrastructure with two tiers, the root offline and the subordnate ac.contoso.com
This with the defailt algorithm configuration RSA SHA1
My phones are HP 4120
In the Front End Server i configured the SCHANNEL registers:
EnableSessionTicket in 2
Send..etc in 0
Ok, the installation is ok, services are OK, Client login trough PC its OK, PSTN Configuration... (I can make a phonecall with the lync client of Office 365)
Commnd Checks:
When i run the command Test-CsPhoneBootstrap -PhoneOrExt 12345 -PIN 123456 -TargetFqdn lync.contoso.com
The result is:
Target Fqdn : lync.contoso.com
Target Uri : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
Result : Success
Latency : 00:00:09.0559615
Error Message :
Diagnosis :
When i run the command Test-CsPhoneBootstrap -PhoneOrExt 12345 -PIN 123456 for
check the DHCP the result is:
Target Fqdn : lync.contoso.com
Target Uri : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
Result : Success
Latency : 00:00:09.0559615
Error Message :
Diagnosis :
When i run the follow command
PS C:\Users\Administrator> $cred = Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\Administrator> Test-CsClientAuth -TargetFqdn lync.contoso.com -UserSipAddress "sip:[email protected]" -UserCredential $cred
I got this:
Target Fqdn : lync.contoso.com
Target Uri : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
Result : Success
Latency : 00:00:00.3431783
Error Message :
Diagnosis :
But.. when i use the same command but i remove the -targetFqdn for check the Dhcp i got this:
VERBOSE: Workflow Instance Id 'bca95636-af7b-4b0a-b43d-dba259294b2d', started.
VERBOSE: Command line executed is 'Test-CsClientAuth -UserSipAddress "sip:[email protected]" -UserCredential $cred
-Verbose'.
Target Fqdn :
Target Uri :
Result : Failure
Latency : 00:00:00
Error Message : 10060, A connection attempt failed because the connected party did not properly respond after a period
of time, or established connection failed because connected host has failed to respond 194.90.8.20:5061
Inner Exception:A connection attempt failed because the connected party did not properly respond after
a period of time, or established connection failed because connected host has failed to respond
194.90.8.20:5061
Diagnosis :
VERBOSE: Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow' started.
Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow' completed in '5.62E-05' seconds.
Target web service Url not provided. Will have to extract it from authentication challenge.
An exception 'Unable to establish a connection.' occurred during Workflow
Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow execution.
Exception Call Stack: at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()
at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)
at Microsoft.Rtc.SyntheticTransactions.Activities.GetSTSUriActivity.InternalExecute(ActivityExecutionContext
executionContext)
at Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Execute(ActivityExecutionContext
executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
at System.Workflow.Runtime.Scheduler.Run()
at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
at Microsoft.Rtc.Internal.Sip.TcpTransport.OnConnected(Object arg)
'GetSTSUri' activity started.
Starting STS Uri Discovery...
ERROR getting STS Uri.
'UnRegister' activity started.
'UnRegister' activity completed in '3.12E-05' seconds.
VERBOSE: Workflow Instance ID 'bca95636-af7b-4b0a-b43d-dba259294b2d' completed.
VERBOSE: Workflow run-time (sec): 126.0548512.
The Real Problem is that my Lync HP 4120 Phone can't make a sign in, not from USB cable loging, nor with PIN authentification
When I try to make a login with the USB cable, I set the user and password and the phone says "Connecting to Lync".. "Downloading a certificate" ... "Installing certificate"... "Downloading Certificate"...
"Installing Certificate".. forever
When I try to make a login with PIN Authentification, the phone first displays the following:
Account used is not authorized, Please Contact your support team and then shows this:
An Account matching this phone number cannot be found. Please contact your support team.
The Pin authentification is enable
In the Lync Server Enable Kerberos Authentification, Enable Integrated Windows Authentification and Enable Certificate Authentification are enable
This is the configuration from DHCP
Starting Discovery ...
Sending Packet (Size: 284, Network Adapter: xx.xx.xx.xx, Attempt Type: Broadcast only)
--Begin Packet--
DHCP: INFORM (xid=130EA7FA)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 319727610
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = Xx.xx.xx.xx
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = FC15B4###--End Packet--
Received Packet
Sender:xx.xx.xx.xx:67, Size:363
--Begin Packet--
DHCP: ACK (xid=130EA7FA)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 319727610
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = xx.xx.xx.xx
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = FC15B4100289
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) XX.XX.XX.XX
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 17) enc:0 lync.contoso.com (00046C796E6306756E69736F6E026D7800)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 86) MS-UC-Clienthttpslync.contoso.com443%/CertProv/CertProvisioningService.svcÜNAP (010C4D532D55432D436C69656E7402056874747073030E6C796E632E756E69736F6E2E6D78040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663DC034E4150)
DHCP: End of this option field
--End Packet--
Result: Success
DHCP Server : xx.xx.x.xx.
SIP Server FQDN : lync.contoso.com
Certificate Provisioning Service URL : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
thanks for all, hope somebody can help me with this problem.. i am going crazy...

Hi, i connected the Lync Phone to another switch and i update the firmware to the newest firmware and i got the same problem..
The lync phone download the certificate but cant install it and the still the same error with the SIP login
An Account matching this phone number cannot be found. Please contact your support team.

Polycom CX 600 - Certificate web service cannot be found

Hi All,
I know, there are some same issues in the forum, bot those are not helpful for me. My problem is the same, via network cable (using just DHCP) the Polycom CX 600 Lync Phone are not able to sign in (however 1 month ago it was), returning the error message:
'Certificate web service cannot be found.'
I've double checked the DHCP options and all of them are OK! We are not using Windows DHCP, but the options are right, the 43 option containing the proper hexa value, the sub-options are also valid. From the DHCP log I can verify that the device got the
options, but the phone still not able to sign in.
From the browser I cannot open the device, by it's IP, just with FTP:\\'IP'. There I could find a .clg1 log file, but it not containing useful information for me.
This is the link of the log file: http://speedy.sh/XAgMT/system.clg1
If I run the DHCPUtil.exe -emulateclient on my workstation, I got the following:
Starting Discovery ...
Result: Failure = -2147014848
Or... sometimes it has a result:
Starting Discovery ...
Sending Packet (Size: 288, Network Adapter: 57.56.69.138, Attempt Type: Broadcas
t + Unicast)
--Begin Packet--
DHCP: INFORM (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = E0DB55DE###--End Packet--
Received Packet
Sender:57.20.120.85:67, Size:408
--Begin Packet--
DHCP: ACK (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 57.56.69.131
DHCP: Client HW Address (chaddr) = E0DB55DE8993
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 57.20.120.85
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 18) enc:0 lync2013.dlh.de (00086C79
6E633230313303646C6802646500)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 130) ☺♀MS-UC-Client☻♣https♥☼lync201
3.dlh☻E6465040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536
572766963652E737663] (010C4D532D55432D436C69656E7402056874747073030F6C796E633230
31332E646C6802453634363530343033333433343333303532353246343336353732373435303732
36463736324634333635373237343530373236463736363937333639364636453639364536373533
36353732373636393633363532453733373636335D)
DHCP: End of this option field
--End Packet--
Received Packet
Sender:57.20.120.85:67, Size:408
--Begin Packet--
DHCP: ACK (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 57.56.69.130
DHCP: Client HW Address (chaddr) = E0DB55DE8993
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 57.20.120.85
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 18) enc:0 lync2013.dlh.de (00086C79
6E633230313303646C6802646500)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 130) ☺♀MS-UC-Client☻♣https♥☼lync201
3.dlh☻E6465040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536
572766963652E737663] (010C4D532D55432D436C69656E7402056874747073030F6C796E633230
31332E646C6802453634363530343033333433343333303532353246343336353732373435303732
36463736324634333635373237343530373236463736363937333639364636453639364536373533
36353732373636393633363532453733373636335D)
DHCP: End of this option field
--End Packet--
Received Packet
Sender:57.20.120.100:67, Size:408
--Begin Packet--
DHCP: ACK (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = E0DB55DE8993
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 57.20.120.100
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 18) enc:0 lync2013.dlh.de (00086C79
6E633230313303646C6802646500)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 130) ☺♀MS-UC-Client☻♣https♥☼lync201
3.dlh☻E6465040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536
572766963652E737663] (010C4D532D55432D436C69656E7402056874747073030F6C796E633230
31332E646C6802453634363530343033333433343333303532353246343336353732373435303732
36463736324634333635373237343530373236463736363937333639364636453639364536373533
36353732373636393633363532453733373636335D)
DHCP: End of this option field
--End Packet--
Received Packet
Sender:57.20.120.100:67, Size:408
--Begin Packet--
DHCP: ACK (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 57.56.69.131
DHCP: Client HW Address (chaddr) = E0DB55DE8993
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 57.20.120.100
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 18) enc:0 lync2013.dlh.de (00086C79
6E633230313303646C6802646500)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 130) ☺♀MS-UC-Client☻♣https♥☼lync201
3.dlh☻E6465040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536
572766963652E737663] (010C4D532D55432D436C69656E7402056874747073030F6C796E633230
31332E646C6802453634363530343033333433343333303532353246343336353732373435303732
36463736324634333635373237343530373236463736363937333639364636453639364536373533
36353732373636393633363532453733373636335D)
DHCP: End of this option field
--End Packet--
Received Packet
Sender:57.20.120.100:67, Size:408
--Begin Packet--
DHCP: ACK (xid=5C1E8177)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 1545503095
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 57.56.69.138
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 57.56.69.130
DHCP: Client HW Address (chaddr) = E0DB55DE8993
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 57.20.120.100
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 18) enc:0 lync2013.dlh.de (00086C79
6E633230313303646C6802646500)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 130) ☺♀MS-UC-Client☻♣https♥☼lync201
3.dlh☻E6465040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536
572766963652E737663] (010C4D532D55432D436C69656E7402056874747073030F6C796E633230
31332E646C6802453634363530343033333433343333303532353246343336353732373435303732
36463736324634333635373237343530373236463736363937333639364636453639364536373533
36353732373636393633363532453733373636335D)
DHCP: End of this option field
--End Packet--
Result: Failure = 1
I don't know what is that Failure = 1
Has anybody an idea???
Many thanks,
Tamás

Hi,
The DHCP options are good.
Finally, I was able to run the test-csphonebootsrap cmdlet, and I got the following error:
Result : Failure
Latency : 00:00:01.2179659
Error Message : No response received for getting root certificate chain.
Inner Exception:The remote server returned an unexpected respon
se: (417) Expectation Failed.
Inner Exception:The remote server returned an error: (417) Expe
ctation Failed.
Diagnosis :
Inner Diagnosis:Mime-Version : 1.0
X-Squid-Error : ERR_INVALID_REQ 0
Vary : Accept-Language
Content-Language : en
X-Cache : MISS from proxy.lsy.bud.dlh.de
X-Cache-Lookup : NONE from proxy.lsy.bud.dlh.de:3128
Connection : close
Content-Length : 3944
Content-Type : text/html
Date : Thu, 09 Jan 2014 13:24:47 GMT
Server : squid/3.1.10
Via : 1.0 proxy.lsy.bud.dlh.de (squid/3.1.10)
VERBOSE: Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
started.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
completed in '0.0001508' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP
Registrar Discovery.
An exception 'No response received for getting root certificate chain.'
occurred during Workflow
Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow
execution.
Exception Call Stack: at
Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetRootCertChains()
at
Microsoft.Rtc.SyntheticTransactions.Activities.GetRootCertChainsActivity.Intern
alExecute(ActivityExecutionContext executionContext)
at
Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Ex
ecute(ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity,
ActivityExecutionContext executionContext)
at
System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRunti
me workflowCoreRuntime)
at System.Workflow.Runtime.Scheduler.Run()
Server stack trace:
at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(
HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory,
WebException responseException, ChannelBinding channelBinding)
at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChanne
lRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message,
TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean
oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan
timeout)
at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessa
ge methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at RootCertChainService.GetRootCertChains(GetRootCertChainsRequest request)
at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetRootCertChains()
'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 10.150.7.33.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 57.20.120.85.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : lyncpool.dlh.de.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 - lyncpool.dlh.de.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 -
/CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url :
https://lyncpool.dlh.de:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.2179659' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url : http://lyncpool.dlh.de/CertProv/CertProvisioningService.svc
Could not download certificate chain from web service.
CHECK:
- Web service Url is valid and the web services are functional.
'UnRegister' activity started.
'UnRegister' activity completed in '3.78E-05' seconds.
VERBOSE: Workflow Instance ID 'a9313cfa-b82c-4bd2-9df6-81acca1bcbbc' completed.
VERBOSE: Workflow run-time (sec): 1.5083016.
It looks like the telephone are not able to download the root CA, but the webservice is available and reachable via port 80 and 443 too.... So, what is the reason? Why the Polycom CX600 is not able to download the root CA??

Clients not able to join more 256 nos

Hi
We have using wireless controller CISCO 2125 with 8 nos LWAP 1252, including AP's getting the IP from windows DHCPserver (172.29.70.0/23), when clients reaches 256 nos in controller , then further not able to join in wireless network.
DHCP vendor class or user class will solve this issue. pl guide me .
thanks
Karthik

Well, it's totally expected then as it's the maximum amount of clients supported by the 2125.
If you have that amount of client you should look into having more APs and a more powerful WLC. That limit is not just there for marketing purpose. It looks like your network is under-powered compared to its real usage.
Regards,
Nicolas
===
Don't forget to rate answers that you find useful

Lync phone (Polycom CX600 / HP 4120) - can't sign in

Hi,
We have Lync server 2010 deployed.
I've prepared infrastructure for for Lync Phone edition by next steps:
Added options to DHCP:
PS C:\Program Files\Common Files\Microsoft Lync Server 2010> .\DHCPUtil.exe -emulateclient
Starting Discovery ...
Sending Packet (Size: 288, Network Adapter: 10.20.1.91, Attempt Type: Broadcast only)
--Begin Packet--
DHCP: INFORM (xid=AB7EB7A6)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 2877208486
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 10.20.1.91
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = 005056B85D34
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP INFORM
DHCP: Server Identifier( 54) = (Length: 0) 0.0.0.0
DHCP: Client Identifier( 61) = (Length: 7) ☺ (01005056B85D34)
DHCP: SIP Server( 120) = (Length: 0) enc:0 ()
DHCP: Host Name( 12) = (Length: 14) SRV-LYNC-FEP01
DHCP: Vendor Identifier( 60) = (Length: 12) MS-UC-Client
DHCP: Param Req List( 55) = (Length: 2) 120 43
DHCP: Vendor Info( 43) = (Length: 0) ()
DHCP: End of this option field
--End Packet--
Received Packet
Sender:10.20.1.100:67, Size:366
--Begin Packet--
DHCP: ACK (xid=AB7EB7A6)
DHCP: Op Code (op) = 1
DHCP: Hardware Type (htype) = 6
DHCP: Hops (hops) = 0
DHCP: Transaction ID (xid) = 2877208486
DHCP: Seconds (secs) = 0
DHCP: Flags (flags) = 0000
DHCP: Client IP Address (ciaddr) = 10.20.1.91
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client HW Address (chaddr) = 005056B85D34
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = 99.130.83.99
DHCP: Option Field
DHCP: DHCP MESSAGE TYPE( 53) = (Length: 1) DHCP ACK
DHCP: Server Identifier( 54) = (Length: 4) 10.20.1.100
DHCP: Client Identifier( 61) = (Length: 0) ()
DHCP: SIP Server( 120) = (Length: 24) enc:0 pool-main.scnsoft.com (0009706F6F6C2D6D61696E0773636E736F66740363
6F6D00)
DHCP: Host Name( 12) = (Length: 0)
DHCP: Vendor Identifier( 60) = (Length: 0)
DHCP: Param Req List( 55) = (Length: 0) 0 0
DHCP: Vendor Info( 43) = (Length: 88) ☺♀MS-UC-Client☻♣https♥§pool-main.scnsoft.com♦♥443♣%/CertProv/CertProvis
ioningService.svc (010C4D532D55432D436C69656E74020568747470730315706F6F6C2D6D61696E2E73636E736F66742E636F6D0403343433052
52F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663)
DHCP: End of this option field
--End Packet--
Result: Success
DHCP Server : 10.20.1.100
SIP Server FQDN : pool-main.scnsoft.com
Certificate Provisioning Service URL : https://pool-main.scnsoft.com:443/CertProv/CertProvisioningService.svc
Also Test-CsPhoneBootstrap succeed.
Test-CsPhoneBootstrap -PhoneOrExt 7007 -PIN xxxxxxxx
TargetUri : https://pool-main.scnsoft.com:443/CertProv/CertProvisioningService.svc
TargetFqdn : pool-main.scnsoft.com
Result : Success
Latency : 00:00:02.0099177
Error :
Diagnosis :
But when i try to connect using USB - it just writing "Connecting to Lync Server"
If I try to use number and pin - I 've got message:
An account matching this phone number cannot be found.
Can some one give and advice how to solve this?

Hi,
Please add the parameters to run Test-CsPhoneBootstrap just like this:
Have you tried to run cmdlet Test-CsPhoneBootstrap -PhoneOrExt
8001 -PIN 12345
Please try to Validate Options 43 & 120 as described in Jeff's blog:
http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information
found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
The issue maybe also related to DHCP. If you use Windows DHCP servers, please try to check if the status of Lync Server DHCP feature is disabled.(Get-CsRegistrarConfiguration –EnableDHCPServer)
Kent Huang
TechNet Community Support

ASR 9001 BNG IPoE problems

Hi,
I have read and try these guides
https://supportforums.cisco.com/docs/DOC-23170
https://supportforums.cisco.com/docs/DOC-19702
https://supportforums.cisco.com/docs/DOC-19726
But have some problems , here is my config ( almost same like the guides )
radius-server host xxx.xxx.xxx.46 auth-port 1812 acct-port 1813!aaa server radius dynamic-author port 3799 client yyy.yyy.yyy.102 vrf default ! client xxx.xxx.xxx.46 vrf default !aaa attribute format MY_AUTH mac-address! aaa attribute format NAS_PORT_FORMAT circuit-id plus remote-id separator .!!aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU type 32aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUUaaa radius attribute nas-port-id format NAS_PORT_FORMATaaa group server radius RADIUS_GR server xxx.xxx.xxx.46 auth-port 1812 acct-port 1813 source-interface Loopback0!aaa authorization network default group RADIUS_GRaaa accounting subscriber default group RADIUS_GRaaa authorization subscriber AUTH_GR group RADIUS_GRaaa authorization subscriber default group RADIUS_GRaaa authorization subscriber RADIUS_GR group RADIUS_GRaaa authentication subscriber default group RADIUS_GRaaa accounting update periodic 10dhcp ipv4 profile IP_DEFAULT proxy class IP_DEFAULT   helper-address vrf default yyy.yyy.yyy.102 giaddr zzz.zzz.zzz.1 ! helper-address vrf default yyy.yyy.yyy.102 giaddr zzz.zzz.zzz.1 relay information option relay information policy keep relay information option allow-untrusted !   interface Bundle-Ether100.361 proxy profile IP_DEFAULT!ipv4 access-list PERM_ALL 10 permit ipv4 any any 20 permit icmp any any 30 permit ipv4 any any!interface Bundle-Ether100 bundle load-balancing hash dst-ip!!interface Bundle-Ether100.361 ipv4 point-to-point ipv4 unnumbered Loopback100 service-policy type control subscriber IP_PM encapsulation dot1q 361 ipsubscriber ipv4 l2-connected initiator dhcp !!interface Loopback0 ipv4 address ccc.ccc.ccc.174 255.255.255.255!interface Loopback100 description 4dhcp ipv4 address zzz.zzz.zzz.1 255.255.255.0!interface TenGigE0/0/2/0 bundle id 100 mode on!interface TenGigE0/0/2/1!dynamic-template type ipsubscriber IPSUB_TPL ipv4 unnumbered Loopback100 ipv4 access-group PERM_ALL ingress ipv4 access-group PERM_ALL egress !class-map type control subscriber match-any DHCP match protocol dhcpv4 end-class-map!policy-map type control subscriber IP_PM event session-start match-first class type control subscriber DHCP do-until-failure   5 activate dynamic-template IPSUB_TPL   10 authorize aaa list AUTH_GR format MY_AUTH password cisco ! ! end-policy-map!
Without service-policy type control subscriber IP_PM on the interface , CPE gets ip address and all works.
The radius server is configured always to autothenticate with access-accept but there are errors
Total Deadtime: 0s Last Deadtime: 0s
Timeout: 5 sec, Retransmit limit: 3
Quarantined: No
Authentication:
    468 requests, 1 pending, 154 retransmits
    0 accepts, 0 rejects, 0 challenges
    204 timeouts, 417 bad responses, 417 bad authenticators
    0 unknown types, 417 dropped, 0 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0
    Maximum Throttled Access Transactions: 0
The most strange issue is this
000c.42a8.71e2 0.0.0.0         INIT       57         BE100.361            default    0x0
and
RP/0/RSP0/CPU0:Sep 23 17:08:03.507 : dhcpd[1077]: DHCPD ERROR: TP2468: rib route delete failed, null ifhandle or IPv4 address
Here is the subscriber session info
RP/0/RSP0/CPU0:ASR9001#show subscriber session all
Mon Sep 23 17:08:46.995 EET
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End
Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
IP:DHCP      No                       CN        -
RP/0/RSP0/CPU0:ASR9001#show subscriber session all detail
Mon Sep 23 17:08:48.394 EET
Interface:                None
Circuit ID:               000401690107
Remote ID:                0006001ebd7b2f00
Type:                     IP: DHCP-trigger
IPv4 State:               Up Pending, Mon Sep 23 17:08:32 2013
Mac Address:              000c.42a8.71e2
Account-Session Id:       000001e0
Nas-Port:                 67114640
User name:                unknown
Outer VLAN ID:            361
Subscriber Label:         0x0000005f
Created:                  Mon Sep 23 17:08:32 2013
State:                    Connecting
Authentication:           unauthenticated
Access-interface:         Bundle-Ether100.361
Policy Executed:
policy-map type control subscriber IP_PM
event Session-Start match-first [at Mon Sep 23 17:08:32 2013]
    class type control subscriber DHCP do-until-failure [Succeeded]
      5 activate dynamic-template IPSUB_TPL [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
Pending Callbacks:
Waiting for Authorization to complete
Waiting for Authentication response from AAA

Hi Alex, i have downgrade my router to 4.3.4, in this version there are no DHCPv4 Server option. how do i get the dhcp server in my router ?
I have try to connect my demo client, the result is my router doesn't recieved Accept-Access from my Radius and also the routing system still send radius packet from interface physical instead loopback0.
Access-Request from Router to Radius # 7 09:45:02.753 : radiusd[315]: RADIUS: Send Access-Request to 202.xxx.xxx.60:1645 id 24, len 254 7 09:45:02.754 : radiusd[315]: RADIUS: authenticator FC 30 00 B2 EB 76 ED 27 - 82 51 DF 8C F2 45 AA 6F 7 09:45:02.754 : radiusd[315]: RADIUS: Vendor,Cisco        [26]    41      7 09:45:02.754 : radiusd[315]: RADIUS:   Cisco AVpair        [1]    35      client-mac-address=000f.b0d1.a219 7 09:45:02.754 : radiusd[315]: RADIUS: Vendor,Cisco        [26]    34      7 09:45:02.754 : radiusd[315]: RADIUS:   Cisco AVpair        [1]    28      dhcp-vendor-class=MSFT 5.0 7 09:45:02.754 : radiusd[315]: RADIUS: Acct-Session-Id     [44]    10      0400000a 7 09:45:02.754 : radiusd[315]: RADIUS: NAS-Port-Id         [87]    13      130/8/0/905 7 09:45:02.754 : radiusd[315]: RADIUS: Vendor,Cisco        [26]    19      7 09:45:02.754 : radiusd[315]: RADIUS:   cisco-nas-port      [2]    13      130/8/0/905 7 09:45:02.754 : radiusd[315]: RADIUS: User-Name           [1]     16      000f.b0d1.a219 7 09:45:02.754 : radiusd[315]: RADIUS: Service-Type        [6]     6       Outbound[5] 7 09:45:02.754 : radiusd[315]: RADIUS: User-Password       [2]     18      *       7 09:45:02.754 : radiusd[315]: RADIUS: Vendor,Cisco        [26]    33      7 09:45:02.754 : radiusd[315]: RADIUS:   Cisco AVpair        [1]    27      parent-if-handle=67111360 7 09:45:02.754 : radiusd[315]: RADIUS: NAS-Port-Type       [61]    6       IPOEOVLAN[40] 7 09:45:02.754 : radiusd[315]: RADIUS: Event-Timestamp     [55]    6       1389062702 7 09:45:02.754 : radiusd[315]: RADIUS: Nas-Identifier      [32]    26      HOSTNAME-BNG 7 09:45:02.754 : radiusd[315]: RADIUS: NAS-IP-Address      [4]     6      210.xxx.yyy.2Access-Request from Radius which got from Router #*** Received from 210.xxx.yyy.2 port 51185 ....Code:       Access-RequestIdentifier: 31Authentic: *<134><174><25><251>a<140><17><170><255>S<191><205>;T<153>Attributes: cisco-avpair = "client-mac-address=000f.b0d1.a219" cisco-avpair = "dhcp-vendor-class=MSFT 5.0" Acct-Session-Id = "0400000b" NAS-Port-Id = "130/8/0/905" Cisco-NAS-Port = "130/8/0/905" User-Name = "000f.b0d1.a219" Service-Type = 5 User-Password = <251><10>h<203><11><203><151><132>i<29><222>@<251>t7<166> cisco-avpair = "parent-if-handle=67111360" NAS-Port-Type = 40 Event-Timestamp = 1389062760 NAS-Identifier = "HOSTNAME-BNG" NAS-IP-Address = 210.xxx.yyy.2##Accept-Access from Radius to Router ##Tue Jan 7 09:42:53 2014: DEBUG: Handling with Radius::AuthFILE: Tue Jan 7 09:42:53 2014: DEBUG: Radius::AuthFILE looks for match with 000f.b0d1.a219 [000f.b0d1.a219]Tue Jan 7 09:42:53 2014: DEBUG: Radius::AuthFILE ACCEPT: : 000f.b0d1.a219 [000f.b0d1.a219]Tue Jan 7 09:42:53 2014: DEBUG: AuthBy FILE result: ACCEPT, Tue Jan 7 09:42:53 2014: DEBUG: Access accepted for 000f.b0d1.a219Tue Jan 7 09:42:53 2014: DEBUG: Packet dump:*** Sending to 210.xxx.yyy.2 port 51185 ....Code:       Access-AcceptIdentifier: 31Authentic: $U<226><252>4<219><171><228><226>q^<28><135>?<143><175>Attributes:## BUT The Router never recieved Access-Accept Packet from the Radius ##== Current Configuration After Downgrade to 4.3.4 ==radius source-interface Loopback0 vrf defaultradius-server host 202.158.58.60 auth-port 1645 acct-port 1646 key 7 radius-server timeout 10aaa attribute format NAS_PORT_FORMAT circuit-id plus remote-id separator #!aaa attribute format USERNAME_FORMAT mac-addressaaa group server radius radiator server 202.xx.xx.60 auth-port 1645 acct-port 1646 source-interface Loopback0!aaa accounting subscriber default group radiatoraaa authorization subscriber default group radiatoraaa authorization subscriber author_grp group radiatoraaa authentication subscriber default group radiatoraaa accounting update periodic 5dhcp ipv4 profile DHCPv4 proxy helper-address vrf default 202.xxx.1.34 giaddr 101.aaa.bbb.1 relay information option relay information policy keep relay information option allow-untrusted interface GigabitEthernet0/0/0/0.905 proxy profile DHCPv4interface Loopback0 ipv4 address 202.ccc.ddd.233 255.255.255.255interface Loopback2000 ipv4 address 101.aaa.bbb.1 255.255.255.0interface GigabitEthernet0/0/0/0.905 ipv4 point-to-point ipv4 unnumbered Loopback2000 service-policy type control subscriber IP_PM encapsulation dot1q 905 ipsubscriber ipv4 l2-connected initiator dhcp initiator unclassified-source dynamic-template type ipsubscriber IPSUB_TPL ipv4 unnumbered Loopback2000 !!class-map type control subscriber match-any IP_SUB match protocol dhcpv4 dhcpv6 end-class-map!policy-map type control subscriber IP_PM event session-start match-first class type control subscriber IP_SUB do-all   10 activate dynamic-template IPSUB_TPL   20 authorize aaa list author_grp format USERNAME_FORMAT password iosxr ! ! event account-logon match-first class type control subscriber IP_SUB do-all   10 authenticate aaa list default ! ! end-policy-map#Radius Status#show radius Tue Jan 7 09:56:52.137 GMTGlobal dead time: 0 minute(s)Number of Servers:1Server: 202.xx.xx.60/1645/1646 is UP Total Deadtime: 0s Last Deadtime: 0s Timeout: 10 sec, Retransmit limit: 3 Quarantined: No Authentication:    11 requests, 1 pending, 31 retransmits    0 accepts, 0 rejects, 0 challenges    41 timeouts, 0 bad responses, 0 bad authenticators    0 unknown types, 0 dropped, 0 ms latest rtt    Throttled: 0 transactions, 0 timeout, 0 failures    Estimated Throttled Access Transactions: 0     Maximum Throttled Access Transactions: 0     Automated TEST Stats:        0 requests, 0 timeouts, 0 response, 0 pending Accounting:    0 requests, 0 pending, 0 retransmits    0 responses, 0 timeouts, 0 bad responses    0 bad authenticators, 0 unknown types, 0 dropped    0 ms latest rtt    Throttled: 0 transactions, 0 timeout, 0 failures    Estimated Throttled Accounting Transactions: 0     Maximum Throttled Accounting Transactions: 0    Automated TEST Stats:        0 requests, 0 timeouts, 0 response, 0 pending

802.1x / Avaya IP phone

Would like to know this kind of setup it is possible. Avaya IP phone connect to Catalyst 4500 switch and the switch port is configure with 802.1x authentication , the PC is attached to Avaya IP phone. Does it cause IP phone force to authenticate ?
Regards

If they are Cisco IP Phones (or IP Phones that support Voice VLAN discovery via CDP - I know the Mitel ones do) or you manually hard-code the Voice VLAN Tag on the IP Phone.
If the Avaya IP Phones discover the Voice VLAN Tag by DHCP Vendor Options obtained initially from leasing an IP address in the Access VLAN then you might struggle.
It may be possible to use the 802.1x Guest VLAN function and secure the Guest VLAN so you can only access DHCP (and possibly a boot server to obtain configuration information).
HTH
Andy

Issues using 887 when authenticating with MER on a Fibre connection

Hello All
I've been battling for a week now to get the config correct for Cisco 887VA.
I understand Sky use MER to authenticate, however, in order to create the PPP connection, I am using PPPoE without passing any authentication, other than the username|password through option 61 (and vendor information on option 60).
I have Wiresharked the provided Sky router SR102 to obtain DHCP option 60 and 61 information and have entered these as hex values in the dialer interface.
I have also spoofed the SR102 MAC address on the dialer interface.
I have created a sub interface on e0, using dot1q to tag traffic to VLAN 101
I can indeed see traffic on interface e0.101 but the dialer receives NO ip address.
I can also see the modem is connected and in sync.
Am I correct in assuming the e0.101 interface is equivalent to the WAN connection on a seperate modem?
Config is below - please ignore local IPs, etc
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ******-ADSL
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 *********
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
memory-size iomem 10
clock timezone BST 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1112313640
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1112313640
revocation-check none
rsakeypair TP-self-signed-1112313640
crypto pki certificate chain TP-self-signed-1112313640
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip source-route
ip cef
ip domain name vdsl.******.net
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
archive
log config
hidekeys
username admin privilege 15 secret 5 *********
controller VDSL 0
no ip ftp passive
ip ssh authentication-retries 5
ip ssh version 2
interface Ethernet0
no ip address
interface Ethernet0.101
encapsulation dot1Q 101
pppoe-client dial-pool-number 1
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 1.1.1.1 255.255.0.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
interface Dialer1
mac-address ****.****.**38
mtu 1492
ip dhcp client request classless-static-route
ip dhcp client client-id hex <<HEX STRING>>
ip dhcp client class-id hex <<HEX STRING>>
ip address dhcp
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
ip route-cache policy
dialer pool 1
dialer-group 1
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
router ospf 1
router-id 1.1.0.1
network 1.1.0.1 0.0.0.0 area 0
default-information originate
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip flow-cache timeout inactive 10
ip flow-cache timeout active 5
ip flow-export version 9
ip flow-export destination 1.1.1.1 9991
ip flow-export destination 1.1.1.1 9991
ip nat inside source list NATACL interface Dialer1 overload
ip access-list standard NATACL
permit 1.0.0.0 0.255.255.255
logging esm config
access-list 1 permit 1.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
control-plane
banner motd ^CCCCCCCCC
*****************AUTHORISED USERS ONLY*****************
^C
line con 0
password 7 ***************
line aux 0
password 7 ***************
line vty 0 4
session-timeout 10
exec-timeout 0 0
timeout login response 300
transport input ssh
scheduler max-task-time 5000
end
Many thanks

Chris,
Just wondering if you managed to get anywhere with this, or just gave up? I'm a Sky Fibre user, sadly using the bundled "Sky Hub" (aptly named, as I consider "Layer 1 Network Hubs" to be just as gash as this ), and have battled with the MER DHCP-based authentication before.
Previously, I was experimenting using a Cisco Linksys E2400 (or E4200, I forget) running Tomato USB Firmware and was getting frustrated with the hex settings.
I notice in your configs you posted the following strings, which look like they are trying to send the DHCP Vendor ID/Options that MER needs:
ip dhcp client client-id hex <<HEX STRING>>
ip dhcp client class-id hex <<HEX STRING>>
For your specified <<HEX STRING>> were you also appending the necessary "0x3d" (61) to your custom-generated User+Pass hex (i.e. full string reads "0x3d<<USER+PASS HEX>>")?
Sources as below, but curious if this could fix it?
Sources
http://www.skyuser.co.uk/forum/technical-discussion/46464-skys-mer-why-does-not-work-other-routers-22.html
https://www.cm9.net/skypass/index.cgi

Help with Multiple VLANS and IP Phone Setup.

Although i have a 3com, I have a cisco IP Phone. I have the IP Phone connected to the 3com swithport using a hybrid port. It's a tagged member of vlan3 (voice net) and an untagged member of vlan1(native data)
The ip phone gets the right DHCP address for vlan3 ( 10.x.x.x ) but the laptop connected to the ip phone gets the IP for vlan 3 as well.
I want the laptop to get the IP of the native vlan ( 192.168.x.x)
what would the port setup need to be ? does it need to be a trunk ? i have the PVID of the port set to vlan3, this allows the IP phone to get its vlan3 DHCP address.
any help would be greatly appreciated.
The 3com OS is very similar to the latest of CISCO IOS'.
so explain wtih syntax and i'm sure the 3com can relate.

Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
switchport voice vlan 100
This results in the same configuration as:
interface FastEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 100
With the exception of CDP packets being sent advertising the Voice VLAN.
With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
HTH
Andy

Need help configuring multiple VLANs and SSIDs

Hi,
We bought a Cisco SGE2000P 24Port switch and 10 WAP4410N access points. Our intent is to provide a secure network to our LAN, and a guest network to the Internet.
We are thinking 3 VLANs would be best for this: VLAN 100 connected to the LAN, VLAN 1000 for the Internet Router and Filter, and VLAN 1100 for the Guest Wireless access.
We have the switch configured for all three of these, and 1 initial access point configured for the VLANS, too.
We have not yet moved the current Internet connection to VLAN 1000 because we aren't sure how to setup routing between VLANS.
Here are some specifics on how the traffic needs to route:
1. We have the DHCP server, which is the PDC, handling both scopes for the LAN and Guest VLAN.
2. The web filter in VLAN 1100 needs to authenticate with the DHCP server as there are different filter rules based on authenticated user. Any users coming from VLAN 1100 will have a default filter rule without requiring any authentication.
3. Certain traffic coming in from the Internet needs to be able to get to VLAN 100. The router has a built-in firewall that handles NAT and port forwarding, so as long as traffic can be forwarded to VLAN 100 we should be good.
4. Traffic on VLAN 1100 (guest Wireless network) should only be allowed to go to Internet (VLAN 1000).
Right now I have the VLANs configured and the ports assigned to the Access Points are set for TAGGED and on VLAN 100 and VLAN 1100.
The SGE2000P has the following IP addresses assigned to the VLANS:
10.7.3.252 - VLAN 100
10.7.40.254 - VLAN 1000
192.168.254.254 - VLAN 1100
Has anyone been able to setup a similar configuration? We have scoured the Internet for documentation but it seems to be very difficult to find!
Thank you!
Gary Smith

Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
switchport voice vlan 100
This results in the same configuration as:
interface FastEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 100
With the exception of CDP packets being sent advertising the Voice VLAN.
With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
HTH
Andy

DHCP Vendor ID

Similar Messages

Maybe you are looking for