Disable dhcp proxy for PPP VPN (outside DHCP server + NPS)

Hi,
Our VPN setup is to authenticate / authorize via RADIUS to a Microsoft NPS server / Active Directory and use our internal DHCP server to receive its information. We are running a Cisco 2811, with firmware release k9 15.1- 4.M5.
However, we have been having some issues with our setup for a dial-in VPN. We managed to get almost everything working.
The user can dial in and authenticate and it even builds the proper PPTP tunnel. However, the client machine when it sends out a DHCP requests seems to get forced to proxy through the Cisco router. Thus what the DHCP server sees is a encoded MAC address from the cisco all the time and sees the client as being the cisco router not the VPN client/user. This is rather frustrating, as in Active directory DNS tables it will show up as the router having x number of different IP addresses and the end client doesn't show up at all.
I have tried utilizing a bunch of different configuration options to test, all with the same outcome.
Utilizing "ip helper-address <dhcp server>", didn't work to forward correct. Thent trying to turn of all DHCP services, with the global command of "no service dhcp", didn't change any result. Neither did setting a global command of "ip dhcp-server <dhcp server>".
What i am trying to acchive is that the cisco does NOT mess with the dhcp request and just allows it to pass through.
Anyone have any idea?
Here are the parts of the current configuration in respect to this:
no service dhcp
aaa new-model
aaa authentication login CONSOLE local
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
no ip domain lookup
ip domain name <domain>
ip name-server xxx.xxx.xxx.xxx
ip dhcp-server xxx.xxx.xxx.xxx
vpdn enable
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
interface Virtual-Template1
ip unnumbered FastEthernet0/1    <-Internal Interface
no ip proxy-arp
ip nat inside
no ip virtual-reassembly in
peer default ip address dhcp
ppp encrypt mppe auto required
ppp authentication pap chap ms-chap ms-chap-v2
radius-server host xxx.xxx.xxx.xxx
radius-server key <private key>
And the problem that i am seeing when running a debug on dhcp:
*Jan 15 09:01:46.558: DHCP: proxy allocate request
*Jan 15 09:01:46.558: DHCP: new entry. add to queue, interface Virtual-Access5
*Jan 15 09:01:46.558: DHCP: Client socket is opened
*Jan 15 09:01:46.558: DHCP: SDiscover attempt # 1 for entry:
*Jan 15 09:01:46.558: DHCP: SDiscover: sending 284 byte length DHCP packet
*Jan 15 09:01:46.558: DHCP: SDiscover 284 bytes
*Jan 15 09:01:46.562: DHCP: XID MATCH in dhcpc_for_us()
*Jan 15 09:01:46.990: DHCP: Received a BOOTREP pkt
*Jan 15 09:01:46.990: DHCP: offer received from <DHCP SERVER>
*Jan 15 09:01:46.990: DHCP: SRequest attempt # 1 for entry:
*Jan 15 09:01:46.990: DHCP: SRequest- Server ID option: <DHCP SERVER>
*Jan 15 09:01:46.990: DHCP: SRequest- Requested IP addr option: 192.168.10.100
*Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
*Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
*Jan 15 09:01:46.994: DHCP: XID MATCH in dhcpc_for_us()
*Jan 15 09:01:46.994: DHCP: Received a BOOTREP pkt
*Jan 15 09:01:46.994: DHCP: Sending notification of ASSIGNMENT:
*Jan 15 09:01:46.994:   Address 0.0.0.0 mask 0.0.0.0
*Jan 15 09:01:46.994: DHCP Proxy Client Pooling: ***Allocated IP address: 192.168.10.100
*Jan 15 09:01:46.994: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:46.998: DHCP: look up prim NBNS for Vi5 from lease any ret: fail
*Jan 15 09:01:46.998: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:46.998: DHCP: look up sec NBNS for Vi5 from lease any ret: fail
*Jan 15 09:01:47.018: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:47.018: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:47.038: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
*Jan 15 09:01:47.038: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
*Jan 15 09:01:56.826: DHCP: Interface Virtual-Access5 going down. Releasing: 192.168.10.100
*Jan 15 09:01:56.826: DHCP: start holddown for 192.168.10.100
*Jan 15 09:01:56.826: DHCP: Holddown and T1 remain 1792 sec
As one can see even with the configuration to turn of any proxy or dhcp, the cisco router still try's to interject and proxy the request, aka:
DHCP: proxy allocate request
If anyone has any idea, please let me know
Thanks
S.

Hello Stephen.
How is this behaviour in 7.5? It's weird because in the individual interfaces you might change the value, but it doesn't get accepted. So it still seems that it's a global setting... but then: why showing this item to be changed on each interface?
Kind regards,
Flavio.

Similar Messages

  • Firmware update 7.5.2 is breaking workaround for disabling DHCP server

    If you are using the trick described here (http://discussions.apple.com/thread.jspa?threadID=121990) to disable DHCP, you should know that after upgrading to 7.5.3, it will not work anymore. Downgrade to 7.4.2 makes it working again.
    If somebody from Apple is reading this (and is interested in feedback, which I doubt, because there's no such option on the Support pages) - would it be possible to add an option to the AirPort configuration which would allow DHCP to be turned off (while NAT stays turned on)? It would be really nice...

    Hmm, while typing previous message it gave me the following idea (and it worked)
    Since i am using a mac mini as a server ( Debian, sorry ) it also has wlan, i set up the server so both are connected (eth0 / wlan0). Default of the dhcp server is to listen to all interfaces and voila DHCP for the wireless devices.
    Hope this can help someone, without the need for downgrading your APE.

  • AAA Radius Authentication for Remote VPN With ACS Server Across L2L VPN

    Hi,
    I have an ASA running fine on the network which provide L2L tunnel to remote site and provide Remote VPN for remote access users.
    Currently, there is a need for the users to authenticate against an ACS server that located across the L2L VPN tunnel.
    The topology is just simple with 2 interfaces on the ASA, inside and outside, and a default route pointing to the ISP IP Address.
    I can ping the IP address of the ACS Server (which located at the remote site, IP addr: 10.10.10.56) from the ASA:
    ping inside 10.10.10.56
    However when I configure the ASA for the AAA group with commands:
    aaa-server ACSAuth protocol radius
    aaa-server ACSAuth host (inside) 10.10.10.56 key AcsSecret123
    Then when I do the show run, here is the result:
    aaa-server ACSAuth protocol radius
    aaa-server host 10.10.10.56
    key AcsSecret123
    From what I thought is, with this running config, traffic is not directed to the L2L VPN tunnel
    (seems to be directed to the default gateway due to the default route information) which cause failure to do the AAA authentication.
    Does anybody ever implement such this thing and whether is it possible? And if yes, how should be the config?
    Your help will be really appreciated!
    Thanks.
    Best Regards,
    Jo

    AAA is designed to enable you to dynamically configure the type of authentication and authorization you want on a per-line (per-user) or per-service (for example, IP, IPX, or VPDN) basis. You define the type of authentication and authorization you want by creating method lists, then applying those method lists to specific services or interfaces.
    http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/schaaa.html

  • I want to disable the DHCP server on HH3 and use l...

    Hi, i live in a flat with 5 other people so i have my HH3 connected to a linksys wrt5gl so that i can use the QoS capbilities of the linksys (tomato firmware). The linksys router can also limit bandwidth per ip address IF its also the DHCP server. When i disable the DHCP on the HH3 and enable it on the linksys the internet no longer works on any of the PC's, but if i have the DHCP on the hh3 i cannot limit bandwidth per ip on the linksys.
    In the flat before this i managed to set this up fine (wasnt with the HH3- some other router) just need some advice on how to disable DHCP on the HH3 and enable it on the linksys wrt5gl whilst still being able to connect to the net.
    Here is how its set up atm:
    Phone line>>>HH3 (assighns IP through DHCP)>>>Linksys (data goes through QoS)>>>PC's/laptops/consoles in flat
    Here is how i want it set up:
    Phone line>>>HH3 (Acts as a modem)>>>Linksys (assighns IP through DHCP to allow bandwidth limiting /data goes through QoS)>>>PC's/laptops/consoles in flat
    thanks in advance, sorry if this is hard to understand- im not so good at putting the problem into words
    Solved!
    Go to Solution.

    Hi,
    Don't know to be honest......but as an idea....you will have to disable DHCP server on the hub, apply a static ip to the Linksys, 192.168.1.100. You'll then need to set up DHCP on the Linksys....start ip 192.168.1.64 end 192.168.1.253, you'll need to add a subnet 255.255.255.0, then the gateway.....192.168.1.254 that's the ip address of the HH and that could be the real problem as normally the default gateway for DHCP on routers is the routers ip address.
    So the chandes of it working are slim.....however you dont have to use your HH on your BT broadband you can use another make/model. 
    One option to use with that router is a Draytek 120 ADSL modem, which does PPOA to PPOE.

  • Airport DHCP Server woes

    Greetings to all!
    I've got an Apple Airport Extreme running as a router to my (large) Office Network.
    Recently, I've setup an Active Directory server, which runs with a DHCP server for configuration purposes.
    What I'd like to know is if I can *disable* the Airport's DHCP Server, but keep it running as a "Router"/Firewall (if you want to call it that) to my ISP.
    As it is now, if I disable DHCP serving, then the Airport also disables its NAT service, regardless of the fact that I've got my own internal DHCP server serving up addresses (with the Airport remaining as the "Router"). I know this is possible as Statically assigned addresses pointing at my AE as a router can access the internet, so its not like DHCP is absolutely required for NAT.
    Is there any way to kill the AE's DHCP server, but keep it running as a NAT Gateway to my ISP?
    Cheers!

    No, the DHCP and NAT services are not able to be independently switched on and off. The cheapest way you could do this is to connect the modem to a separate broadband router that can have DHCP switched off and run the Airport express in the Distribute IP Addresses off mode.

  • Disable DHCP Proxy per WLAN - WLC v7.2

    I have a DHCP server on a WLAN that does not support Cisco's native proxy mode. I need to use DHCP bridge mode for that WLAN only.
    How do I disable DHCP Proxy and switch to DHCP bridge mode for one WLAN ?
    Thanks

    Hello Stephen.
    How is this behaviour in 7.5? It's weird because in the individual interfaces you might change the value, but it doesn't get accepted. So it still seems that it's a global setting... but then: why showing this item to be changed on each interface?
    Kind regards,
    Flavio.

  • Remote access VPN with ASA 5510 using DHCP server

    Hi,
    Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
    I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
    ASA Version 8.2(5)
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 10.6.0.12 255.255.254.0
    ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
    route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
    crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map dyn1 1 set transform-set FirstSet
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto map mymap interface inside
    crypto isakmp enable inside
    crypto isakmp policy 1
      authentication pre-share
      encryption 3des
      hash sha
      group 2
      lifetime 43200
    vpn-addr-assign aaa
    vpn-addr-assign dhcp
    group-policy testgroup internal
    group-policy testgroup attributes
    dhcp-network-scope 10.6.192.1
    ipsec-udp enable
    ipsec-udp-port 10000
    username testlay password *********** encrypted
    tunnel-group testgroup type remote-access
    tunnel-group testgroup general-attributes
    default-group-policy testgroup
    dhcp-server 10.6.20.3
    tunnel-group testgroup ipsec-attributes
    pre-shared-key *****
    I got following output when I test connect to ASA with Cisco VPN client 5.0
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
    4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
    [OK]
    kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
    Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
    Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
    Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
    Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
    Regards,
    Lay

    For RADIUS you need a aaa-server-definition:
    aaa-server NPS-RADIUS protocol radius
    aaa-server NPS-RADIUS (inside) host 10.10.18.12
      key *****   
      authentication-port 1812
      accounting-port 1813
    and tell your tunnel-group to ask that server:
    tunnel-group VPN general-attributes
      authentication-server-group NPS-RADIUS LOCAL
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • ASA as DHCP server for WLC2106 and LAP

    Hi,
    First off i aplolgize for asking something that seems to have been asked before but i am getting conflicting answers and wanted someone to give a definitive answer.
    Setup:
         ASA5505  ---------------- WS-C3750G -----------------WLC2106  -------------------------------AIR-LAP1131
    (DHCP SERVER)           (simple config)          (dhcp proxy disabled)           (is requesting dhcp from ASA)
    ASA5505 - ASA 8.2(1)
    WLC2106 - 7.0.98.0 (tried 6.0.99.4 as well)
    AIR-LAP1131 - 12.4(23c)JA
    Problem:
    The ASA5505 is giving addresses to multiple devices, i tested it with the AP plugged directly into the ASA and it worked great.  The problem is that the WLC2106 seems to be altering the DHCP requests somehow and thus making the ASA5505 not respond to them.  The AP gets an ip address and associates to the WLC if plugged into the 3750, or the ASA directly.  Just not when plugged into the WLC2106 ports.
    Research:
    https://supportforums.cisco.com/message/1268269#1268269
    https://supportforums.cisco.com/message/3037259#3037259
    https://supportforums.cisco.com/message/1302468#1302468
    https://supportforums.cisco.com/message/926529#926529
    I have read quite a few posts with people basically saying you cannot use the ASA as the DHCP server with the WLC because of how the WLC relays the requests.  BUT: (this is important)  There are some documents that say with WLC version 4.2 and above you have the option of turning off dhcp proxy mode to enable bridging mode thus elminating the probem and all DHCP requests get forwarded without modification.  Please see here for suggested solution to this issue:
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml#topic2
    *Interoperability issues can exist between a controller with DHCP proxy enabled and devices acting as both a firewall and DHCP server. This is most likely due to the firewall component of the device as firewalls generally do not respond to proxy requests. To work around this issue, disable DHCP proxy on the controller.
    Help please:
    I have tried this but maybe im missing something.  I have tried with proxy enabled and disabled.  Can anyone verify this is supposed to work for me please?  I input "config dhcp proxy disable" and verified proxy is now disabled.  Yet i do not see any responces from my DHCP server to my AP's requests when going through the WLC.  It works fine when plugging the AP into the ASA or 3750.  DHCP server is working.  Is the above suggested work around not a valid solution?  Did i miss something?  Do i need specific software versions on my devices?  Is this a bug in my software versions?
    Any help is greatly appreciated.  Let me know if anyone has questions.  Thanks,
    Kyle

    I do not see any debug output on the ASA5505 when the AP is connected through the WLC.  Debug output from WLC2106 below:
    (Cisco Controller) >show debug
    MAC debugging .............................. disabled
    Debug Flags Enabled:
      dhcp packet enabled.
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >show dhcp proxy
    DHCP Proxy Behaviour: disabled bootp-broadcast disabled
    (Cisco Controller) >
    (Cisco Controller) >*DHCP Socket Task: Nov 16 10:56:39.931: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
    *DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP   xid: 0x126b (4715), secs: 0, flags: 80
    *DHCP Socket Task: Nov 16 10:56:39.932: 00:1d:a1:ed:c8:d4 DHCP   chaddr: 00:1d:a1:ed:c8:d4
    *DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:39.933: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
    *DHCP Socket Task: Nov 16 10:56:42.939: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
    *DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP   xid: 0x126b (4715), secs: 0, flags: 80
    *DHCP Socket Task: Nov 16 10:56:42.940: 00:1d:a1:ed:c8:d4 DHCP   chaddr: 00:1d:a1:ed:c8:d4
    *DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:42.941: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
    *DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
    *DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Nov 16 10:56:46.938: 00:1d:a1:ed:c8:d4 DHCP   xid: 0x126b (4715), secs: 0, flags: 80
    *DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP   chaddr: 00:1d:a1:ed:c8:d4
    *DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:56:46.939: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated' (0)
    *DHCP Socket Task: Nov 16 10:57:05.034: 00:1d:a1:ed:c8:d4 DHCP received op BOOTREQUEST (1) (len 310,vlan 0, port 8, encap 0xec00)
    *DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP   xid: 0x126c (4716), secs: 0, flags: 80
    *DHCP Socket Task: Nov 16 10:57:05.035: 00:1d:a1:ed:c8:d4 DHCP   chaddr: 00:1d:a1:ed:c8:d4
    *DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Nov 16 10:57:05.036: 00:1d:a1:ed:c8:d4 DHCP dropping REQUEST from STA with invalid mobility state 'Unassociated'
    It keeps seeing the Discover messages but never gets any responce from the ASA.  What does that message mean "dropping REQUEST from STA with invalid mobility state 'Unassociated'" ?  I know the STA is the AP but why is it dropping the request?
    Here is the debug output from the ASA:
    ASA5505lab#  show debug
    debug dhcpd packet enabled at level 128
    debug dhcpd event enabled at level 128
    ASA5505lab#
    DHCPD: checking for expired leases.
    DHCPD: checking for expired leases.
    DHCPD: checking for expired leases.
    DHCPD: checking for expired leases.
    DHCPD: checking for expired leases.
    DHCPD: checking for expired leases.
    (IT NEVER SEE'S ANY MESSAGES OR SHOWS ME ANY BLOCKED REQUESTS OR ANYTHING)
    (Now if i move the AP to the PoE ports directly on the ASA5505 you will see the AP get an IP)
    DHCPD: Server msg received, fip=ANY, fport=0 on inside interface
    DHCPD: DHCPDISCOVER received from client 0100.1da1.edc8.d4 on interface inside.
    DHCPD: Sending DHCPOFFER to client 0100.1da1.edc8.d4 (192.168.143.4).
    DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
    DHCPD: broadcasting BOOTREPLY to client 001d.a1ed.c8d4.
    DHCPD: Server msg received, fip=ANY, fport=0 on inside interface
    DHCPD: DHCPREQUEST received from client 0100.1da1.edc8.d4.
    DHCPD: Sending DHCPACK to client 0100.1da1.edc8.d4 (192.168.143.4).
    DHCPD: Total # of raw options copied to outgoing DHCP message is 0.
    DHCPD: broadcasting BOOTREPLY to client 001d.a1ed.c8d4.
    ASA5505lab#
    ASA5505lab# show dhcpd binding
    IP address       Hardware address        Lease expiration        Type
      192.168.143.4    0100.1da1.edc8.d4            3581 seconds    Automatic
      192.168.143.5  0063.6973.636f.2d30.           1911 seconds    Automatic
                     3031.662e.3965.6234.
                     2e35.3034.302d.566c.
                     31
    ASA5505lab#
    ASA5505lab#
    So the ASA5505 is working when the AP is plugged directly into the ASA or a 3750 on the same network.  Only when connected through the WLC i do not see any messages on the ASA.  Is there something else i need setup on the WLC2106 besides turning off dhcp proxy?
    Thanks,

  • Can some one translate these instructions D-Link DI-524: installation as wireless HUB/Bridge   General  ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED OTHERWISE YOU CAN SEVERELY HINDER OTHER USE

    D-Link DI-524: installation as wireless HUB/Bridge
    General
    ON ALL TYPES OF ROUTERS DHCP SERVER HAS TO BE DISABLED
    ON ALL TYPES OF ROUTERS UPnP ALSO HAS TO BE DISABLED
    OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
    Practical example: D-Link DI-524
    The DI-524 is a wireless router.Although the manufacturer doesn't mention this, you can also install this device as a wireless hub.Of course this is not supported by the manufacturer. Therefor you have nowhere to go in case of any problems Plug in the power cord of the DI-524. Do not yet connect the network cable!Search for existing wireless networks with your computer. Connect with the router.This can for example be done like this:
    Click the start-button (at the bottom in the left corner of your screen).
    Go to control panel
    Go to internet connections (you may have to choose classic representation first)
    You can now see your wireless network card, among other things. Right-click and 'View available Wireless networks'.
    Connect to the router. In most cases the router will be called 'default'.Check your IP-address: you get an IP address from the DI-524
    Go to the start-button
    Go to 'Run'
    Type 'cmd' and press enter
    type 'ipconfig' and press enter
    your IP address starts with 192.
    Surf to your router with your regular browser. For this you need the address and a password, which you can find in the documentation.
    In this case the address is 192.168.0.1
    Now you must secure the router. For this it is best to use WPA-PSK
    Your key is a randomly chosen sentence. Don't make this sentence too short.
    Warning: Case sensitive!
    You cannot reach the router anymore now.
    Go back to your network card via "make connection". Search for your wireless network again and make a new connection
    You are asked for a key. Supply this key the way you configured it in your router.
    Surf back to the router.
    Disable the DHCP server.
    !! YOU HAVE TO DISABLE UPnP ON ALL TYPES OF ROUTERS
    OTHERWISE YOU CAN SEVERELY HINDER OTHER USERS IN YOUR NEIGHBOURHOOD!
    for this, go to Tools, Misc and switch off UPnP
    Save these settings.
    If you do not have a D-link router, look up in the manual or somewhere else where you can disable UPnP
    Now you cannot reach the router anymore again.
    It is only from this moment that you can connect the router to the modem.
    Important: Use one of the 4 LAN ports. Never use the WAN port!
    Go to your network card via the control panel. Right-click and "Repair"
    Now you should get an IP-address in the range of 10.nnn.nnn.nnn
    If you still don't have 192... you've made an error. The DI-524 still functions as a router and this is not allowed!

    There are no Mac based instructions. The router is accessed and adjusted the same way whether you are using a Mac OS X, Windows or Linux. As noted in the other post it is done through your web browser which works the same from any computer. Even a Chrome Book.
    akertrav wrote:
    Thank you for that what I have been trying to do is extend the range of my wifi witha second dilink router. I was hoping for some mac based directions to achive this rather than the PC based as presented. Thank you for your ireply Paul

  • VPN no longer working after moving DHCP server to router

    I am preparing my SBS 2008 environment for migration to Server 2012 R2 Essentials.  I moved the DHCP server to the router (a Netgear R7000 with standard firmware).  I am able to access RWW and CompanyWeb via the router from external locations. 
    With the VPN, however, I can only connect but cannot access any network resource (including file shares).  The VPN is supported by the SBS server with RRAS.  I didn't change any of the configuration because I didn't think any of it needed to be changed.  The
    router just needs to get it's reservations from a different DHCP server, right?  Anyway, would appreciate if someone can shed some light on what's going on here.
    JeHarry

    Hello JeHarry,
    I would recommend you to follow the TechNet to migrate SBS 2008 to 2012 R2 Essentials. Don't skip any part.
    https://technet.microsoft.com/en-us/library/jj200141.aspx
    Troubleshooting VPN Issues on 2012
    http://blogs.technet.com/b/sbs/archive/2014/06/11/troubleshooting-common-vpn-issues-on-windows-server-2012-r2-essentials.aspx
    Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help.

  • Kindly Is it possible to disable DHCP in this product wap4400n ?

    Dear Engineers and Technicin,
    Good Morning,
    Kindly I need support for wap4400n and I did not find it in the user guide and the administration guid.
    Is it possible to disable DHCP in this product?
    I want the wap4400n Access Point to distribute DHCP from the windows server.
    Best regards,
    Asad
    Refrence:
    http://www.cisco.com/en/US/products/ps10052/index.html

    I dunno the product, but I might be this ...
    http://www.cisco.com/en/US/docs/wireless/access_point/csbap/wap4410n/administration/guide/WAP4410N_Admin_Guide.pdf
    page 25 ...
    STEP 1 Click Setup  > Basic Setup .
    STEP  2 From the IP Settings  drop-down menu, select one of the following options:
    • Static IP Address—Select this option to assign a static or fixed IP address
    to the access point.
    • Automatic Configuration—Select this option to automatically configure
    the IPv4 network settings of the access point using a DHCP server on your
    network. Also select this option to automatically configure the IPv6 network
    settings of the access point using an IPv6 RADVD device enabled on your
    network.
    But i think it is just a brigde, hence your DHCP server is external to the device.
    So you have nothing to disable so to speak:
    From the Frequently Asked Questions, in the above PDF:
    Q. Can the access point act as my DHCP Server?
    No. The access point is nothing more than a wireless hub, and as such
    cannot be configured to handle DHCP capabilities.

  • Cannot disable DHCP on ACS

    I cannot disable DHCP on a Cisco Secure ACS. I am consoled into the device and run "set ip", choose "yes" for static IP and enter my IP information. However, after save, network test, etc... DHCP is still enabled and grabs an address on reboot. Anyone seen this or have ideas???

    Hi, I had a similar problem on the Appliance (Ver 4.00). After the initial configuration I had to reboot and then re-enter both the IP and hostname. You also have to make sure that when you set up initially that the device is connected to the network. The re-entering the IP address was a TAC recommendation. Hope this helps.

  • DHCP Server - Different Range for Wired and Wireless Network

    We have DHCP setup on Windows Server 2012r2 and the range given to us by the main HQ is 10.65.112.1-10.65.112.254 (there are several exclusions under this range)
    Now since the range gets exhausted quickly, they provided another one 10.65.122.1-10.65.122.254.
    What our branch would love to do is to dedicate the first range for Wired Computers and the other range for Wireless Devices (Phone,Tablets, Mobiles)
    Right now we have 2 different scopes setup in DHCP, the second one is disabled. In our network we have 6 access points and also have a CISCO SG300-52 Managed Switch. It has an inbuilt DHCP Server and also has the function for DHCP Relay. But we are not actually using any of its functionality as of now.
    So my question is how to have 2 separate ranges for wired and wireless network. People have mentioned vlans but I have no clue on how to get that done.
    Is there a simpler way avoding V-LANS or if not, would love to get step by step procedure on how to go about this. Any help will be much appreciated
    Regards,
    Sheldon

    Hi Sheldon, please read this post
    https://supportforums.cisco.com/thread/2270049
    You will need some modifications though. Steps 1-6 is very relevant. On step 6, you need to pay particular close attention to the "default router". If the SX300 handles your intervlan routing then the default router needs to be the IP of your VLAN. If you have a different device to handle VLAN routing then the default router needs to be that IP address.
    -Tom
    Please mark answered for helpful posts
    http://blogs.cisco.com/smallbusiness/

  • Disabling DHCP on my Actiontec MI424WR

    First off, let me know if what I am trying to do is against Verizon ToS. Thanks. Here is what I am going for. I am trying to set up a home domain (non-internet facing) just for the sake of doing something with my time. I have a server which will host the Active Directory rules as well as all the roles. How my network is set up right now, my FiOS router is acting as the DHCP "server" and assigning private IP addresses to all my devices, however I want my actual box server to handle DHCP. My question is what do I need to disable/enable in the modem/router for my dedicated machine to handle DHCP instead?

    FiOS doesn't use modems. The Actiontec is a router, plain and simple. To turn off DHCP, login to the router's admin page and, um, turn off DHCP.  It's that simple.  It's under the network configuration for the "Network (Home/Office)." You'll find this web page helpful:
    http://www.dslreports.com/faq/16077 Good Luck. 

  • Can WRT600N DHCP server actually be disabled?

    I have tried disabling the DHCP server on my WRT600N (with the original firmware 1.01.35 build 5), but it doesn't seem to be disabled. I have another machine on my internal network with a DHCP server which returns itself as the DNS address (and that DNS server in turn resolves my internal domain and defers other requests to the router). On my desktop PC each morning, presumably after it tries to renew the DHCP lease, the PC is unable to resolve internal hostnames, because the WRT600N is listed again as the DHCP server (which sends itself and the service provider DNS addresses as the DNS servers). After this, I verify that the WRT600N still shows the DHCP server as being supposedly disabled. Is this a known bug, and is a firmware fix in the works? Thanks.

    I too have the same problem!
    I have a stand alone DHCP server on my network. The DHCP server on the WRT600N is disabled in the GUI, but it keeps turning itself on after a few hours and messing up my internal network.
    I have tried hard resetting the router to factory defaults (30 Sec reset switch) and also re-flashed the latest firmware a couple of times with a hard reset included.
    (Mod note: Edited post for guideline compliance. Thanks!)
    Message Edited by JOHNDOE_06 on 12-21-2008 09:22 AM

Maybe you are looking for