Guest users not getting IP address
I am setting up Cisco wireless along with ISE 1.3 for guest wireless. The client is going to use the self-registration portal for guest wireless users. I followed this Cisco doc to configure the self-registration portal:
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configure-ise-00.html
I tested this in my home lab and everything works fine. However, at the client users are not getting IP addresses from the DHCP server. This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address. I have looked what I configured at home and the client and everything looks the same. In the back of my mind, I feel something is missing, but I can't figure out what it is.
Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.
Let me know what information you need and I will post it.
TIA,
Dan
Hello,
Some verifications below :
Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
The scenario is Local Switching or Central Switching ?
Regards
Similar Messages
-
Wireless 2504,user not getting dhcp ip address
Hi i have configured wlc 2504 .in that i have configured two interfaces.one is guest, 2nd is internal user,
the pblm when user try to connect with that contain ssid user not getting ip address,
i have connected only one link between core to wlc on port 1.for guest interface i used port 4.but no physical link.
Please help thisThere are multiple ways how the clients can get their IP-address in a WLC deployment.
From the WLC-FAQ:
How does DHCP work with the WLC?
A. The WLC is designed to act as a DHCP relay agent to the external DHCP server and acts like a DHCP server to the client. This is the sequence of events that occurs:
Generally, WLAN is tied to an interface which is configured with a DHCP server.
When the WLC receives a DHCP request from the client on a WLAN, it relays the request to the DHCP server with its management IP address.
The WLC shows its Virtual IP address, which must be a non-routable address, usually configured as 1.1.1.1, as the DHCP server to the client.
The WLC forwards the DHCP reply from the DHCP server to the wireless client with its Virtual IP address.Note: You can also configure the WLC to act as a DHCP server. For more information on how to configure a WLC as a DHCP server, refer to the Configuring DHCP Scopes section of the document Cisco Wireless LAN Controller Configuration Guide Release 5.1.
If you want more in-depth information you should read "DHCP with the WLC":
http://www.cisco.com/en/US/partner/products/ps6366/products_tech_note09186a0080af5d13.shtml
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Urgent help? for Standalone AP users are not getting ip addresses
Dear friends,
i have Cisco LAP1140 series access points and i wanted to use them as autonomous , so i converted their ios from light weight to autonomous to
c1140-k9w7-tar.124-25d.JA image.
my network senario is
CORE SW + Access SW + Access points
Core SW:
act as a dhcp server for wireless user
for WLAN vlan 16 is configured on it
configured dhcp pool here for vlan 16
Access SW:
access points are cooneted with it
and every switch port assign to vlan 16 that is connected to AP
Standalone Access Points:
connected to access switch and have assigned static management IPs from vlan 16 that i have excluded in DHCP Pool in core switch.
configure only one ssid and broadcast
both radio 5ghz and 4.2 ghz are up
i can ping the gateway from each Access point to core switch
but the users can not get the ip address from the ssid that is configured on APs.
below is the attached of configuration of the access point
please review the configuration and advise me where i have mistaken and what i have missing in the configuration?
please reply me ASAP because this is very urdent for me and your reply is very important for me
ThanksThanks for your reply Ven
actually i did not check that and it does make sence too may be problem with DHCP Scope
but you know why i did not check because there is an other scope on the core switch for Data users only the difference
of vlan numbers and names
but that data vlan users are getting ip addresses and connect normally to internet.
did you view the configuration that i attached with my 1st post?
if no please view it and advise me if i have any missing there.
further i ll check for DHCP in the morning to connect my laptop dirct with switch port to is that getting ip address or no.
Thanks -
Wireless guest users are getting limited connectivity.
Could anyone help please, I have a wireless guest solution consist of :
WLC located internal in the network – all the AP are associated with that WLC-.
Anchor WLC located in the DMZ . the guest SSID are tunneled from the internal WLC to the Anchor WLC, the DHCP service for guest users is on the Anchor WLC.
NAC guest server to authenticate the guest users.
The solution was working properly but now we have a problem that if any one tried to connect to the guest SSID if he is authorized or not , the user will get IP address from the DHCP pool and now as you know most of people has smart phones and they try to get internet access. Now only 5 or 6 people authenticated with NAC gest server and the DHCP pool become full because too many people tried to connect even they do not authenticate.
so if any user trys to cnnect he will not get IP address from the anchor controller and getting limited connectivity.
if I add static IP address on my Laptop , I will be redirected to the authentication page and can access normally.
I am working in big environment 7,000 users so I can’t go with increasing the DHCP pool because the problem will not be solved.
I hope if anyone can help in this case.
Thanks in advance.This is a pitfall and raising the eyebrows.. currently we do not have anyother option other than using a WPA-PSK + WEB AUTH
that is..
PSK will block the users to just grab an IP and sit!! , if the user enters a valid PSK, he will get the IP address and followed by the Web auth process!! this may help u as of now.. or just a work around.. to overcome the IP exhaustion..
Please rasie a PER with your accounts team to raise the severity on this issue if u have the contract n all with us!!
Please dont forget to rate the usefull posts!!
Regards
Surendra -
Guests are not getting IP & webpage
Guests are not getting IP & webpage.
I have a 4400 ( 6.0.199.4 ) WLC configured with a guest wlan using web authentication & DHCP is configured on ASA . & ADSL line is connected to ASA ( for internet)...this was working , from last 2 days it is not working. guest users are not to get the IP address & login web page. Error message is Limitted connectivty.
My observation.
ADSL linterent connetion is working fine & from ASA to switch connection is fine & VLAN is also up.
from WLAN end, all parameter are looks good, nothing changed.please see the log, which I took from WCS ..it look WLC is receving request from client ...i think it is not getting responce from DHCP ...
it make sence ?
ime :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. xid: 0x41839660 (1099142752), secs: 5247, flags: 0
Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. chaddr: d8:2a:7e:d2:d9:92
Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. siaddr: 0.0.0.0, giaddr: 0.0.0.0
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. xid: 0xd4b2de62 (3568492130), secs: 5251, flags: 0
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. chaddr: d8:2a:7e:d2:d9:92
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. siaddr: 0.0.0.0, giaddr: 0.0.0.0
Time :11/24/2011 13:27:17 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1) -
DHCP via Hyper-V VM, Server2012r2 Hyper-V host, clients not getting IP address
You have to authorize a dhcp server as Britv8 says. That's the only way it'll start dishing out leases. That's standard for Windows DHCP server in an AD Domain.
Also there's 0 reason to mention Hyper-V here. The whole point of virtualization is to do hardware level abstraction.I recently encountered this. Setup:
Initial setup of the system was at a different location from its final destination, with different network equipment (switches) between the two. No teaming is involved, however.
Set up the system at its final destination, with DHCP via a Hyper-V VM (Server2012r2), Server2012r2 Hyper-V host, physical clients on the lan were not getting IP address.
The physical server box has a 4-port Intel Gigabit ethernet card.
I moved the setup (Hyper-V Virtual Switch manager) so that the interface for the DHCP server VM was isntead using one of two built-in Broadcom adapters.
While this topic seemed promising,
http://community.spiceworks.com/topic/251317-hyper-v-vm-not-leasing-ip-s-dhcp
unfortunately, "fiddling about" was not what I was looking for as possible solution.
My notes for the resolution:
Hyper-V system running...
This topic first appeared in the Spiceworks Community -
Cisco Flex Connect and users can not get IP Address by WAN
Hello my name is Ivan
I have a wlc 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip.
The request is passing by the wan in this way
Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
perhaps i should use local deploy? The wlc is in the central site.
Can you help me to resolving this issue please? , perhaps any advice?
Regards
Ivan.Thanks Osita
If I configure Central Authentication and I configure central switching I need to create a dynamic interafce for each remote site and each dynamic interface associated with a different VLAN ID, because I can not associate a single interface dynamic to the same VLAN ID, but in my case the client remote in each remote site have the same network segment with the same VLAN ID with the same SSID for guests. My goal is to configure web authentication with the local DHCP server at each remote site, will this work?.Each remote site have its own server dhcp.
If I configure authentication central authentication with central switching with web authenticacion as I set in my scenario?
My issues are the interfaces dynamics, because I have the same network to the customer guest with the same ID VLan in each remote site
Regards -
Wifi clients not getting IP addresses
Hello Experts,
I have a Cisco 1140 AP, and using express setup I have cnofigured a IP address to it. This AP is connected to our public network and is configured with a public ip address. We want the guest users to connect to Wifi and gain access to Internet.
While the users connect to Wifi, I find their laptops getting IP address in series 169.x.x.x due to which they are unable to get to internet.
Can somebody guide to what all configuration required so that laptops would get ip address?
Thanks
ArvindHello George,
I do not have any DHCP server, I want the AP to allocate IP addresses to wifi clients.
Anshul,
Is there any way the AP distribute the IP addresses? I want to have the AP act as an DHCP server and allocate IP address of wifi clients.
If this is not possible in this AP model 1142N, any other Cisco AP model available, which can act as DHCP server?
My requirement basically is:
The AP should allocate IP in the range 192.168.x.x and I would connect the AP to the public network. The wifi clients should be able to get to Internet.
Please suggest any other model in Cisco which should meet my requirement.
Thanks
Arvind -
Cisco ISE 1.2, Clients not getting IP address in closed mode
Hello, I am running closed mode on my switchports. I have an issue where some clients come in in the morning, try to login, and will not get network access. I see that this is because they do not get an IP address. I am using MAB for authentication currently. They appear to MAB correctly and get Authorized in ISE, but they do not get an IP. Therefore, they also do not get the DACL of permit ANY. It's like the port gets de-authenticated during the night. Usually when the machine is rebooted it will come up with an IP address. Here is my switchport config...
switchport access vlan 32
switchport mode access
switchport voice vlan 64
logging event link-status
authentication event fail action next-method
authentication event server dead action authorize vlan 32
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 600
authentication timer reauthenticate 7200
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout quiet-period 300
dot1x timeout tx-period 10
dot1x timeout ratelimit-period 300
dot1x timeout held-period 300
service-policy input QoS-Input-Policy
service-policy output QoS-Host-Port-Output-Policy
endThanks, here is the requested output of an Unauthorized client. I had to configure authentication open so they could still get access...
SJ5051IDF1#show authen sess int g2/20 d
Interface: GigabitEthernet2/20
MAC Address: d4be.d94f.ab92
IPv6 Address: Unknown
IPv4 Address: 10.42.32.109
User-Name: D4-BE-D9-4F-AB-92
Status: Unauthorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A2A000B000034E367D4B998
Acct Session ID: Unknown
Handle: 0x21000508
Current Policy: POLICY_Gi2/20
Local Policies:
Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Security Policy: Should Secure
Security Status: Link Unsecure
Method status list:
Method State
mab Authc Success
SJ5051IDF1#
SJ5051IDF1#
SJ5051IDF1#show ip access int g2/20
SJ5051IDF1#
SJ5051IDF1#
SJ5051IDF1#show access-list int g2/20
^
% Invalid input detected at '^' marker.
SJ5051IDF1#show access-list ?
<1-2799> ACL number
WORD ACL name
ipc Show access-list config download info
rate-limit Show rate-limit access lists
| Output modifiers
<cr>
SJ5051IDF1#show access-list g2/20
SJ5051IDF1#
SJ5051IDF1#
SJ5051IDF1# -
One user not getting Workflow Notifications Mail
Hi
We are using Oracle11i (11.5.10.2) on windows 2000 server.
One of our user complaining that he is not getting any workflow notification mail to his maild id.
How can we fix and troubleshoot this issue?
Thanks
OHHi,
Is the issue with this specific user?
Can you find any errors in the Workflow log file?
Please see if any of these documents is applicable.
Note: 743567.1 - Email Notifications are not Sent, and Mailer Log File Shows Error "Replyto Must Be a Valid Email Address"
Note: 423405.1 - Not Receiving Workflow Email Notifications
Regards,
Hussein -
Wireless Router 877W users cannot get ip address from DHCP
Users can connect to wireless but they cant get ip address what can be the problem ?
Thanks
no aaa new-model
resource policy
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.239.1 192.168.239.50
ip dhcp pool users
network 192.168.239.0 255.255.255.0
default-router 192.168.239.1
dns-server 4.2.2.2
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
encryption vlan 1 key 1 size 40bit 0 1234567890 transmit-key
encryption vlan 1 mode wep mandatory
ssid wirele
vlan 1
authentication open
guest-mode
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.239.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxx password xxx
crypto map MerkezVPN
interface Dialer0
no ip address
interface BVI1
no ip address
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1go into config t and add "bridge 1 route ip" and see what you get....
-
Guest user not working at all (Mavericks Ver.10.9.4)
I am currently using a 2011 MacBook Pro running OS X Mavericks Version 10.9.4.
I'm having an annoying problem regarding the guest user, I just can't seem to get it to work. I got to User and Groups in the System Preferences, check the box "Allow guests to log in to this computer" and it doesn't work. I've tried turning it off, restarting my computer, then turning it back on and yet the guest account still doesn't show up in the login page or in the faster user switching menu. It's crazy how there's barely any information on how to fix this. I've searched google and the only results are how to enable guest user or how to get rid of it, nothing pops up on that the guest user is not working so I've come to the Mac community to see if I can get any help here. I have updated everything in my software update by the way.This procedure is a diagnostic test. It makes no changes to your data.
Please triple-click anywhere in the line below on this page to select it:
dscl . -list /Users | grep Guest | pbcopy
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.
Wait for a new line ending in a dollar sign ($) to appear below what you entered.
The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.
The Terminal window doesn't show the output. Please don't copy anything from there.
If any personal information appears in the output, anonymize before posting. -
Airport Extreem Not Getting IP Address
My Airport Extreem BaseStation is communicating with my cable modem and my computers, but is not getting an IP address and connecting to the internet. However, when I plug the ethernet cable straight up to my laptop the laptop gets on the internet. I have two laptops and neither one can get on the internet wirelessly through the Airport Extreem Basestation, but they can both connect when they are physically plugged into the cable modem. Help!!
By "first time user" I was referring to someone who had just taken their Airport Base Station out of the box and was trying to set it up for the very first time.
Perhaps you situation is very similar to Richard's. While in your case, power cycling the Base Station did eventually solve the problem, another solution that has worked for many people with a problematic Base Station after the Airport 4.2 upgrade is to do a hard reset and reconfiguration from scratch of the Base Station. Apparently this is also the solution recommended by Apple's own tech support people in response to a problem like this. -
Users not getting IP from QIP server
Dear Friends,
Need your advice on this issue.
Users of our new site complained of not getting IP dynamically from DHCP server. Static IPs works fine.
The LAN interface of the router is configured with helper IP address of QIP servers.
On the router there exists a DHCP pool configuration, later we removed this config understanding the helper address will
assign the ip address dynamically.
QIP which serves as DHCP is confgured to assign the IPs, but the users complined of not getting IPs including IP phones.
Kindly advice what could be possible chances of this issue.
Thanks in advance
rYsYou cant have both the ip helper-address and a DHCP pool configured on the router. Basically what happens is the client DHCPDISCOVER will pick the first DHCP server that answers it and in this case its the the router. If you want to pass traffic all the way to the DHCP server, you need to disable the DHCP server on the router and leave only the ip helper-address configured so it can relay the broadcast to the defined DHCP server.
It sounds like you have this current topology for your DHCP server that is working:
Client ------------>DHCPDISCOVER ---> Router(DHCP Server)
<------------DHCPOFFER
------------>DHCPREQUEST
<------------DHCPACK
You want to configure your QIP DHCP Server to respond to DHCPDISCOVER, you will need to remove the DHCP pool from the router and add "ip helper-address x.x.x.x" where x.x.x.x is your DHCP server ip.
If that still does not work, you will need to check the configuration on your DHCP server to ensure its not mis-configured. QIP is not a cisco product but you should be able to view debugs on that application to identify if the DHCP server is sending an offer or dropping the request. Most likely your scopes are mis-configured on the server. -
I also got trouble getting networking to work on my laptop. It has one Gigabit LAN and one wireless network interface.
I cannot get my Linux guests, I tried CentOS 6.4, Ubuntu 13.10 and Debian 6, to get a DHCP offer from my DHCP server on my physical LAN. Manual configuration using static IP addresses works, but I need DHCP for my laptop.
I tried a Windows 8.1 Pro 64bit guest and the Windows Phone SDK 8.0 and both connected fine to the internet.
Here is what I tried:
With the ethernet cable disconnected I was connected to my wireless network or LAN with WPA2 personal authentication. On this physical LAN there was a DHCP server.
I created an internal Hyper-V switch and then I created a bridge between this switch and my wireless interface. I always used this switch as the single network connection for my VMs.
I am using Windows 8.1 Professional 64bit.
Why are only Linux guests affected and is there a solution? Thank you.Hi faustbusserl,
"I cannot get my Linux guests, I tried CentOS 6.4, Ubuntu 13.10 and Debian 6, to get a DHCP offer from my DHCP server on my physical LAN. Manual configuration using static IP addresses works, but I need DHCP for my laptop."
Does it mean that you have created an external virtual switch for Linux guests and they can not get IP from DHCP ?
Did you try to use legacy network card for the linux VM to get IP from DHCP .
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
Trying PhoneGap in Dreamweaver CS5.5
I have been trying out PhoneGap in Dreamweaver CS5.5. I've written up my experiences here: http://www.itwriting.com/blog/4261-hands-on-building-a-phonegap-app-with-dreamweaver-5-5.h tml http://www.itwriting.com/blog/4284-building-a-phonegap-app-for-i
-
CPU not showing up in System Profiler
Hi, I have a 4 year old Dual 2.5 GHz G5 which I think has had a CPU failure (B CPU). The system profiler states that I only have one, not two CPU's. Is it a case of using a repair CD to reset the lost CPU or is it dead? Any ideas anyone? Thanks in ad
-
hi! i have downlowded Java mail API from sun site.how to proceed now.I have already installed JDK on my machine.
-
Downloaded thunderbird 31 now my e-mail doesn't work. what's wrong?
I downloaded Thunderbird 31 on 10/16/14 and the next day my e-mail did not work. So what is wrong?
-
So what's the potential downside to cache clearing?
I am surprisingly ignorant about this, given that I've been using Macs steadily since 1986 and have actually done a little low-level consulting. I have a ridiculous amount of space being eaten up by cache files on my SSD, almost 7 gigs. I know cachin