Disable dhcp proxy for PPP VPN (outside DHCP server + NPS)
Hi,
Our VPN setup is to authenticate / authorize via RADIUS to a Microsoft NPS server / Active Directory and use our internal DHCP server to receive its information. We are running a Cisco 2811, with firmware release k9 15.1- 4.M5.
However, we have been having some issues with our setup for a dial-in VPN. We managed to get almost everything working.
The user can dial in and authenticate and it even builds the proper PPTP tunnel. However, the client machine when it sends out a DHCP requests seems to get forced to proxy through the Cisco router. Thus what the DHCP server sees is a encoded MAC address from the cisco all the time and sees the client as being the cisco router not the VPN client/user. This is rather frustrating, as in Active directory DNS tables it will show up as the router having x number of different IP addresses and the end client doesn't show up at all.
I have tried utilizing a bunch of different configuration options to test, all with the same outcome.
Utilizing "ip helper-address <dhcp server>", didn't work to forward correct. Thent trying to turn of all DHCP services, with the global command of "no service dhcp", didn't change any result. Neither did setting a global command of "ip dhcp-server <dhcp server>".
What i am trying to acchive is that the cisco does NOT mess with the dhcp request and just allows it to pass through.
Anyone have any idea?
Here are the parts of the current configuration in respect to this:
no service dhcp
aaa new-model
aaa authentication login CONSOLE local
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
no ip domain lookup
ip domain name <domain>
ip name-server xxx.xxx.xxx.xxx
ip dhcp-server xxx.xxx.xxx.xxx
vpdn enable
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
interface Virtual-Template1
ip unnumbered FastEthernet0/1 <-Internal Interface
no ip proxy-arp
ip nat inside
no ip virtual-reassembly in
peer default ip address dhcp
ppp encrypt mppe auto required
ppp authentication pap chap ms-chap ms-chap-v2
radius-server host xxx.xxx.xxx.xxx
radius-server key <private key>
And the problem that i am seeing when running a debug on dhcp:
*Jan 15 09:01:46.558: DHCP: proxy allocate request
*Jan 15 09:01:46.558: DHCP: new entry. add to queue, interface Virtual-Access5
*Jan 15 09:01:46.558: DHCP: Client socket is opened
*Jan 15 09:01:46.558: DHCP: SDiscover attempt # 1 for entry:
*Jan 15 09:01:46.558: DHCP: SDiscover: sending 284 byte length DHCP packet
*Jan 15 09:01:46.558: DHCP: SDiscover 284 bytes
*Jan 15 09:01:46.562: DHCP: XID MATCH in dhcpc_for_us()
*Jan 15 09:01:46.990: DHCP: Received a BOOTREP pkt
*Jan 15 09:01:46.990: DHCP: offer received from <DHCP SERVER>
*Jan 15 09:01:46.990: DHCP: SRequest attempt # 1 for entry:
*Jan 15 09:01:46.990: DHCP: SRequest- Server ID option: <DHCP SERVER>
*Jan 15 09:01:46.990: DHCP: SRequest- Requested IP addr option: 192.168.10.100
*Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
*Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
*Jan 15 09:01:46.994: DHCP: XID MATCH in dhcpc_for_us()
*Jan 15 09:01:46.994: DHCP: Received a BOOTREP pkt
*Jan 15 09:01:46.994: DHCP: Sending notification of ASSIGNMENT:
*Jan 15 09:01:46.994: Address 0.0.0.0 mask 0.0.0.0
*Jan 15 09:01:46.994: DHCP Proxy Client Pooling: ***Allocated IP address: 192.168.10.100
*Jan 15 09:01:46.994: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:46.998: DHCP: look up prim NBNS for Vi5 from lease any ret: fail
*Jan 15 09:01:46.998: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:46.998: DHCP: look up sec NBNS for Vi5 from lease any ret: fail
*Jan 15 09:01:47.018: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:47.018: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:47.038: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:47.038: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:56.826: DHCP: Interface Virtual-Access5 going down. Releasing: 192.168.10.100
*Jan 15 09:01:56.826: DHCP: start holddown for 192.168.10.100
*Jan 15 09:01:56.826: DHCP: Holddown and T1 remain 1792 sec
As one can see even with the configuration to turn of any proxy or dhcp, the cisco router still try's to interject and proxy the request, aka:
DHCP: proxy allocate request
If anyone has any idea, please let me know
Thanks
S.
Hello Stephen.
How is this behaviour in 7.5? It's weird because in the individual interfaces you might change the value, but it doesn't get accepted. So it still seems that it's a global setting... but then: why showing this item to be changed on each interface?
Kind regards,
Flavio.
Similar Messages
-
Firmware update 7.5.2 is breaking workaround for disabling DHCP server
If you are using the trick described here (http://discussions.apple.com/thread.jspa?threadID=121990) to disable DHCP, you should know that after upgrading to 7.5.3, it will not work anymore. Downgrade to 7.4.2 makes it working again.
If somebody from Apple is reading this (and is interested in feedback, which I doubt, because there's no such option on the Support pages) - would it be possible to add an option to the AirPort configuration which would allow DHCP to be turned off (while NAT stays turned on)? It would be really nice...Hmm, while typing previous message it gave me the following idea (and it worked)
Since i am using a mac mini as a server ( Debian, sorry ) it also has wlan, i set up the server so both are connected (eth0 / wlan0). Default of the dhcp server is to listen to all interfaces and voila DHCP for the wireless devices.
Hope this can help someone, without the need for downgrading your APE. -
AAA Radius Authentication for Remote VPN With ACS Server Across L2L VPN
Hi,
I have an ASA running fine on the network which provide L2L tunnel to remote site and provide Remote VPN for remote access users.
Currently, there is a need for the users to authenticate against an ACS server that located across the L2L VPN tunnel.
The topology is just simple with 2 interfaces on the ASA, inside and outside, and a default route pointing to the ISP IP Address.
I can ping the IP address of the ACS Server (which located at the remote site, IP addr: 10.10.10.56) from the ASA:
ping inside 10.10.10.56
However when I configure the ASA for the AAA group with commands:
aaa-server ACSAuth protocol radius
aaa-server ACSAuth host (inside) 10.10.10.56 key AcsSecret123
Then when I do the show run, here is the result:
aaa-server ACSAuth protocol radius
aaa-server host 10.10.10.56
key AcsSecret123
From what I thought is, with this running config, traffic is not directed to the L2L VPN tunnel
(seems to be directed to the default gateway due to the default route information) which cause failure to do the AAA authentication.
Does anybody ever implement such this thing and whether is it possible? And if yes, how should be the config?
Your help will be really appreciated!
Thanks.
Best Regards,
JoAAA is designed to enable you to dynamically configure the type of authentication and authorization you want on a per-line (per-user) or per-service (for example, IP, IPX, or VPDN) basis. You define the type of authentication and authorization you want by creating method lists, then applying those method lists to specific services or interfaces.
http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/schaaa.html -
I want to disable the DHCP server on HH3 and use l...
Hi, i live in a flat with 5 other people so i have my HH3 connected to a linksys wrt5gl so that i can use the QoS capbilities of the linksys (tomato firmware). The linksys router can also limit bandwidth per ip address IF its also the DHCP server. When i disable the DHCP on the HH3 and enable it on the linksys the internet no longer works on any of the PC's, but if i have the DHCP on the hh3 i cannot limit bandwidth per ip on the linksys.
In the flat before this i managed to set this up fine (wasnt with the HH3- some other router) just need some advice on how to disable DHCP on the HH3 and enable it on the linksys wrt5gl whilst still being able to connect to the net.
Here is how its set up atm:
Phone line>>>HH3 (assighns IP through DHCP)>>>Linksys (data goes through QoS)>>>PC's/laptops/consoles in flat
Here is how i want it set up:
Phone line>>>HH3 (Acts as a modem)>>>Linksys (assighns IP through DHCP to allow bandwidth limiting /data goes through QoS)>>>PC's/laptops/consoles in flat
thanks in advance, sorry if this is hard to understand- im not so good at putting the problem into words
Solved!
Go to Solution.Hi,
Don't know to be honest......but as an idea....you will have to disable DHCP server on the hub, apply a static ip to the Linksys, 192.168.1.100. You'll then need to set up DHCP on the Linksys....start ip 192.168.1.64 end 192.168.1.253, you'll need to add a subnet 255.255.255.0, then the gateway.....192.168.1.254 that's the ip address of the HH and that could be the real problem as normally the default gateway for DHCP on routers is the routers ip address.
So the chandes of it working are slim.....however you dont have to use your HH on your BT broadband you can use another make/model.
One option to use with that router is a Draytek 120 ADSL modem, which does PPOA to PPOE. -
Greetings to all!
I've got an Apple Airport Extreme running as a router to my (large) Office Network.
Recently, I've setup an Active Directory server, which runs with a DHCP server for configuration purposes.
What I'd like to know is if I can *disable* the Airport's DHCP Server, but keep it running as a "Router"/Firewall (if you want to call it that) to my ISP.
As it is now, if I disable DHCP serving, then the Airport also disables its NAT service, regardless of the fact that I've got my own internal DHCP server serving up addresses (with the Airport remaining as the "Router"). I know this is possible as Statically assigned addresses pointing at my AE as a router can access the internet, so its not like DHCP is absolutely required for NAT.
Is there any way to kill the AE's DHCP server, but keep it running as a NAT Gateway to my ISP?
Cheers!No, the DHCP and NAT services are not able to be independently switched on and off. The cheapest way you could do this is to connect the modem to a separate broadband router that can have DHCP switched off and run the Airport express in the Distribute IP Addresses off mode.
-
Disable DHCP Proxy per WLAN - WLC v7.2
I have a DHCP server on a WLAN that does not support Cisco's native proxy mode. I need to use DHCP bridge mode for that WLAN only.
How do I disable DHCP Proxy and switch to DHCP bridge mode for one WLAN ?
ThanksHello Stephen.
How is this behaviour in 7.5? It's weird because in the individual interfaces you might change the value, but it doesn't get accepted. So it still seems that it's a global setting... but then: why showing this item to be changed on each interface?
Kind regards,
Flavio. -
Remote access VPN with ASA 5510 using DHCP server
Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
LayFor RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
ASA as DHCP server for WLC2106 and LAP
Hi,
First off i aplolgize for asking something that seems to have been asked before but i am getting conflicting answers and wanted someone to give a definitive answer.
Setup:
ASA5505 ---------------- WS-C3750G -----------------WLC2106 -------------------------------AIR-LAP1131
(DHCP SERVER) (simple config) (dhcp proxy disabled) (is requesting dhcp from ASA)
ASA5505 - ASA 8.2(1)
WLC2106 - 7.0.98.0 (tried 6.0.99.4 as well)
AIR-LAP1131 - 12.4(23c)JA
Problem:
The ASA5505 is giving addresses to multiple devices, i tested it with the AP plugged directly into the ASA and it worked great. The problem is that the WLC2106 seems to be altering the DHCP requests somehow and thus making the ASA5505 not respond to them. The AP gets an ip address and associates to the WLC if plugged into the 3750, or the ASA directly. Just not when plugged into the WLC2106 ports.
Research:
https://supportforums.cisco.com/message/1268269#1268269
https://supportforums.cisco.com/message/3037259#3037259
https://supportforums.cisco.com/message/1302468#1302468
https://supportforums.cisco.com/message/926529#926529
I have read quite a few posts with people basically saying you cannot use the ASA as the DHCP server with the WLC because of how the WLC relays the requests. BUT: (this is important) There are some documents that say with WLC version 4.2 and above you have the option of turning off dhcp proxy mode to enable bridging mode thus elminating the probem and all DHCP requests get forwarded without modification. Please see here for suggested solution to this issue:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml#topic2
*Interoperability issues can exist between a controller with DHCP proxy enabled and devices acting as both a firewall and DHCP server. This is most likely due to the firewall component of the device as firewalls generally do not respond to proxy requests. To work around this issue, disable DHCP proxy on the controller.
Help please:
I have tried this but maybe im missing something. I have tried with proxy enabled and disabled. Can anyone verify this is supposed to work for me please? I input "config dhcp proxy disable" and verified proxy is now disabled. Yet i do not see any responces from my DHCP server to my AP's requests when going through the WLC. It works fine when plugging the AP into the ASA or 3750. DHCP server is working. Is the above suggested work around not a valid solution? Did i miss something? Do i need specific software versions on my devices? Is this a bug in my software versions?
Any help is greatly appreciated. Let me know if anyone has questions. Thanks,
KyleI do not see any debug output on the ASA5505 when the AP is connected through the WLC. Debug output from WLC2106 below:
(Cisco Controller) >show debug
MAC debugging .............................. disabled
Debug Flags Enabled:
dhcp packet enabled.
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behaviour: disabled bootp-broadcast disabled
(Cisco Controller) >
(Cisco Controller) >*DHCP Socket Task: Nov 16 10:56:39.931: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
*DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP xid: 0x126b (4715), secs: 0, flags: 80
*DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP chaddr: 00:1d:a1:ed:c8:d4
*DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
*DHCP Socket Task: Nov 16 10:56:42.939: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
*DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP xid: 0x126b (4715), secs: 0, flags: 80
*DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP chaddr: 00:1d:a1:ed:c8:d4
*DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
*DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
*DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP xid: 0x126b (4715), secs: 0, flags: 80
*DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP chaddr: 00:1d:a1:ed:c8:d4
*DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
*DHCP Socket Task: Nov 16 10:57:05.034: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
*DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
*DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP xid: 0x126c (4716), secs: 0, flags: 80
*DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP chaddr: 00:1d:a1:ed:c8:d4
*DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated'
It keeps seeing the Discover messages but never gets any responce from the ASA. What does that message mean "dropping REQUEST from STA with invalid mobility state 'Unassociated'" ? I know the STA is the AP but why is it dropping the request?
Here is the debug output from the ASA:
ASA5505lab# show debug
debug dhcpd packet enabled at level 128
debug dhcpd event enabled at level 128
ASA5505lab#
DHCPD: checking for expired leases.
DHCPD: checking for expired leases.
DHCPD: checking for expired leases.
DHCPD: checking for expired leases.
DHCPD: checking for expired leases.
DHCPD: checking for expired leases.
(IT NEVER SEE'S ANY MESSAGES OR SHOWS ME ANY BLOCKED REQUESTS OR ANYTHING)
(Now if i move the AP to the PoE ports directly on the ASA5505 you will see the AP get an IP)
DHCPD: Server msg received, fip=ANY, fport=0 on inside interface
DHCPD: DHCPDISCOVER received from client 0100.1da1.edc8.d4 on interface inside.
DHCPD: Sending DHCPOFFER to client 0100.1da1.edc8.d4 (192.168.143.4).
DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 001d.a1ed.c8d4.
DHCPD: Server msg received, fip=ANY, fport=0 on inside interface
DHCPD: DHCPREQUEST received from client 0100.1da1.edc8.d4.
DHCPD: Sending DHCPACK to client 0100.1da1.edc8.d4 (192.168.143.4).
DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
DHCPD: broadcasting BOOTREPLY to client 001d.a1ed.c8d4.
ASA5505lab#
ASA5505lab# show dhcpd binding
IP address Hardware address Lease expiration Type
192.168.143.4 0100.1da1.edc8.d4 3581 seconds Automatic
192.168.143.5 0063.6973.636f.2d30. 1911 seconds Automatic
3031.662e.3965.6234.
2e35.3034.302d.566c.
31
ASA5505lab#
ASA5505lab#
So the ASA5505 is working when the AP is plugged directly into the ASA or a 3750 on the same network. Only when connected through the WLC i do not see any messages on the ASA. Is there something else i need setup on the WLC2106 besides turning off dhcp proxy?
Thanks, -
D-Link DI-524: installation as wireless HUB/Bridge
General
ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED
ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
Practical example: D-Link DI-524
The DI-524 is a wireless router.Although the manufacturer doesn't mention this, you can also install this device as a wireless hub.Of course this is not supported by the manufacturer. Therefor you have nowhere to go in case of any problems Plug in the power cord of the DI-524. Do not yet connect the network cable!Search for existing wireless networks with your computer. Connect with the router.This can for example be done like this:
Click the start-button (at the bottom in the left corner of your screen).
Go to control panel
Go to internet connections (you may have to choose classic representation first)
You can now see your wireless network card, among other things. Right-click and 'View available Wireless networks'.
Connect to the router. In most cases the router will be called 'default'.Check your IP-address: you get an IP address from the DI-524
Go to the start-button
Go to 'Run'
Type 'cmd' and press enter
type 'ipconfig' and press enter
your IP address starts with 192.
Surf to your router with your regular browser. For this you need the address and a password, which you can find in the documentation.
In this case the address is 192.168.0.1
Now you must secure the router. For this it is best to use WPA-PSK
Your key is a randomly chosen sentence. Don't make this sentence too short.
Warning: Case sensitive!
You cannot reach the router anymore now.
Go back to your network card via "make connection". Search for your wireless network again and make a new connection
You are asked for a key. Supply this key the way you configured it in your router.
Surf back to the router.
Disable the DHCP server.
!! YOU HAVE TO DISABLE UPnP ON ALL TYPES OF ROUTERS
OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
for this, go to Tools, Misc and switch off UPnP
Save these settings.
If you do not have a D-link router, look up in the manual or somewhere else where you can disable UPnP
Now you cannot reach the router anymore again.
It is only from this moment that you can connect the router to the modem.
Important: Use one of the 4 LAN ports. Never use the WAN port!
Go to your network card via the control panel. Right-click and "Repair"
Now you should get an IP-address in the range of 10.nnn.nnn.nnn
If you still don't have 192... you've made an error. The DI-524 still functions as a router and this is not allowed!There are no Mac based instructions. The router is accessed and adjusted the same way whether you are using a Mac OS X, Windows or Linux. As noted in the other post it is done through your web browser which works the same from any computer. Even a Chrome Book.
akertrav wrote:
Thank you for that what I have been trying to do is extend the range of my wifi witha second dilink router. I was hoping for some mac based directions to achive this rather than the PC based as presented. Thank you for your ireply Paul -
VPN no longer working after moving DHCP server to router
I am preparing my SBS 2008 environment for migration to Server 2012 R2 Essentials. I moved the DHCP server to the router (a Netgear R7000 with standard firmware). I am able to access RWW and CompanyWeb via the router from external locations.
With the VPN, however, I can only connect but cannot access any network resource (including file shares). The VPN is supported by the SBS server with RRAS. I didn't change any of the configuration because I didn't think any of it needed to be changed. The
router just needs to get it's reservations from a different DHCP server, right? Anyway, would appreciate if someone can shed some light on what's going on here.
JeHarryHello JeHarry,
I would recommend you to follow the TechNet to migrate SBS 2008 to 2012 R2 Essentials. Don't skip any part.
https://technet.microsoft.com/en-us/library/jj200141.aspx
Troubleshooting VPN Issues on 2012
http://blogs.technet.com/b/sbs/archive/2014/06/11/troubleshooting-common-vpn-issues-on-windows-server-2012-r2-essentials.aspx
Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help. -
Kindly Is it possible to disable DHCP in this product wap4400n ?
Dear Engineers and Technicin,
Good Morning,
Kindly I need support for wap4400n and I did not find it in the user guide and the administration guid.
Is it possible to disable DHCP in this product?
I want the wap4400n Access Point to distribute DHCP from the windows server.
Best regards,
Asad
Refrence:
http://www.cisco.com/en/US/products/ps10052/index.htmlI dunno the product, but I might be this ...
http://www.cisco.com/en/US/docs/wireless/access_point/csbap/wap4410n/administration/guide/WAP4410N_Admin_Guide.pdf
page 25 ...
STEP 1 Click Setup > Basic Setup .
STEP 2 From the IP Settings drop-down menu, select one of the following options:
• Static IP Address—Select this option to assign a static or fixed IP address
to the access point.
• Automatic Configuration—Select this option to automatically configure
the IPv4 network settings of the access point using a DHCP server on your
network. Also select this option to automatically configure the IPv6 network
settings of the access point using an IPv6 RADVD device enabled on your
network.
But i think it is just a brigde, hence your DHCP server is external to the device.
So you have nothing to disable so to speak:
From the Frequently Asked Questions, in the above PDF:
Q. Can the access point act as my DHCP Server?
No. The access point is nothing more than a wireless hub, and as such
cannot be configured to handle DHCP capabilities. -
I cannot disable DHCP on a Cisco Secure ACS. I am consoled into the device and run "set ip", choose "yes" for static IP and enter my IP information. However, after save, network test, etc... DHCP is still enabled and grabs an address on reboot. Anyone seen this or have ideas???
Hi, I had a similar problem on the Appliance (Ver 4.00). After the initial configuration I had to reboot and then re-enter both the IP and hostname. You also have to make sure that when you set up initially that the device is connected to the network. The re-entering the IP address was a TAC recommendation. Hope this helps.
-
DHCP Server - Different Range for Wired and Wireless Network
We have DHCP setup on Windows Server 2012r2 and the range given to us by the main HQ is 10.65.112.1-10.65.112.254 (there are several exclusions under this range)
Now since the range gets exhausted quickly, they provided another one 10.65.122.1-10.65.122.254.
What our branch would love to do is to dedicate the first range for Wired Computers and the other range for Wireless Devices (Phone,Tablets, Mobiles)
Right now we have 2 different scopes setup in DHCP, the second one is disabled. In our network we have 6 access points and also have a CISCO SG300-52 Managed Switch. It has an inbuilt DHCP Server and also has the function for DHCP Relay. But we are not actually using any of its functionality as of now.
So my question is how to have 2 separate ranges for wired and wireless network. People have mentioned vlans but I have no clue on how to get that done.
Is there a simpler way avoding V-LANS or if not, would love to get step by step procedure on how to go about this. Any help will be much appreciated
Regards,
SheldonHi Sheldon, please read this post
https://supportforums.cisco.com/thread/2270049
You will need some modifications though. Steps 1-6 is very relevant. On step 6, you need to pay particular close attention to the "default router". If the SX300 handles your intervlan routing then the default router needs to be the IP of your VLAN. If you have a different device to handle VLAN routing then the default router needs to be that IP address.
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/ -
Disabling DHCP on my Actiontec MI424WR
First off, let me know if what I am trying to do is against Verizon ToS. Thanks. Here is what I am going for. I am trying to set up a home domain (non-internet facing) just for the sake of doing something with my time. I have a server which will host the Active Directory rules as well as all the roles. How my network is set up right now, my FiOS router is acting as the DHCP "server" and assigning private IP addresses to all my devices, however I want my actual box server to handle DHCP. My question is what do I need to disable/enable in the modem/router for my dedicated machine to handle DHCP instead?
FiOS doesn't use modems. The Actiontec is a router, plain and simple. To turn off DHCP, login to the router's admin page and, um, turn off DHCP. It's that simple. It's under the network configuration for the "Network (Home/Office)." You'll find this web page helpful:
http://www.dslreports.com/faq/16077 Good Luck. -
Can WRT600N DHCP server actually be disabled?
I have tried disabling the DHCP server on my WRT600N (with the original firmware 1.01.35 build 5), but it doesn't seem to be disabled. I have another machine on my internal network with a DHCP server which returns itself as the DNS address (and that DNS server in turn resolves my internal domain and defers other requests to the router). On my desktop PC each morning, presumably after it tries to renew the DHCP lease, the PC is unable to resolve internal hostnames, because the WRT600N is listed again as the DHCP server (which sends itself and the service provider DNS addresses as the DNS servers). After this, I verify that the WRT600N still shows the DHCP server as being supposedly disabled. Is this a known bug, and is a firmware fix in the works? Thanks.
I too have the same problem!
I have a stand alone DHCP server on my network. The DHCP server on the WRT600N is disabled in the GUI, but it keeps turning itself on after a few hours and messing up my internal network.
I have tried hard resetting the router to factory defaults (30 Sec reset switch) and also re-flashed the latest firmware a couple of times with a hard reset included.
(Mod note: Edited post for guideline compliance. Thanks!)
Message Edited by JOHNDOE_06 on 12-21-2008 09:22 AM
Maybe you are looking for
-
HT4623 i have the same apple id and password on 2 phones and want one changed
i need to change my apple iphone on one phone how do I do that
-
Help installing Java on Windows XP Embedded (XPe)
I'm trying to deploy an embedded system running Windows XP Embedded. The application we need to run on it is written in Java and i'm having a heck of a time getting Java to work on XPe. Basically i'm building my OS image and then copying my Java Runt
-
Can I use the sub from my Gigaworks 700s with a receiver?
The Sub from this speaker setup with this receiver. Someone said I could purchase a 3.5mm to RCA adapter like this and it MIGHT be possible to connect the 3.5mm to the Subwoofer/Center input on the back of the subwoofer and then try both of the RCA's
-
LSMW-Vendor master data and Vendor Open items Upload
Dear Experts, I need help on the following Do you have any docs with you where I can familiarize myself with the AP upload programs in LSMW? sample template for me to test the upload via LSMW? sample template and the programs used to upload the vend
-
Anyone know a good site that explains how to start writing you own Look and Feel? Been searching for a while and I can't seem to find one.