Guest WLAN and DNS tunneling (IP over DNS with iodine, NSTX, etc)

Similar Messages

• Guest WLAN and a Office WLAN on 1242AG

  Hi All,
  I have managed to add two WLANS, one for the Office Wireless clients(Staff laptops) and another one for Guests. I have bassicaly created two SSIDs, one broadcasting, other one not(Staff one).
  The AP is a 1242AG and is going to connect to a Catalyst 3750 48T, which is connected to Cisco 877. How can I make the DHCP assignments to both Guest WLAN and Staff WLAN and also do I have to create trunk port in the Switch ( I am thinking like this as I got Two VLANs.)
  Does anyone know or got a sample running config ( in a Switch and in a similar AP)...really appriciate it. Time is running out for me!!!
  Reg
  ND

  Hi,
  here is a config example for exactly you are looking for:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.
  HTH,
  Tiago

• Ever since installing on my 64bit Windows 7 install, Firefox has continually gotten more sluggish as time moves on, hangs for 10-15 secs at a time and just gets worse over time with the updates and everything.

  Ever since installing on my 64bit Windows 7 install, Firefox has continually gotten more sluggish as time moves on, hangs for 10-15 secs at a time and just gets worse over time with the updates and everything. It was fast when I first installed, but over the last six mos has slown to a crawl.

  upgrade your browser to Firefox 8 and try
  * getfirefox.com

• Guest WLAN and Web Auth?

  Hi Guys,
  Maybe someone can help me out?
  I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
  "Cisco Wireless Controller" with the exception of having 2 ports.  Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN.  When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page. 
  What I tried so far is..
  add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
  changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
  changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
  I've attached some screenshots of our configuration.

  Troubleshooting Web Authentication
  After you configure web authentication, if the feature does not work as expected, complete these
  troubleshooting steps:
  Check if the client gets an IP address. If not, users can uncheck
  DHCP Required
  on the WLAN and
  give the wireless client a static IP address. This assumes association with the access point. Refer to
  the
  IP addressing issues
  section of
  Troubleshooting Client Issues in the Cisco Unified Wireless
  Network for troubleshooting DHCP related issues
  1.
  On WLC versions earlier than 3.2.150.10, you must manually enter
  https://1.1.1.1/login.html
  in
  order to navigate to the web authentication window.
  The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
  connects to a WLAN configured for web authentication, the client obtains an IP address from the
  DHCP server. The user opens a web browser and enters a website address. The client then performs
  the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
  website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
  authentication login page.
  2.
  Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
  Windows, choose
  Start > Run
  , enter
  CMD
  in order to open a command window, and do a  nslookup
  www.cisco.com" and see if the IP address comes back.
  On Macs/Linux: open a terminal window and do a  nslookup www.cisco.com" and see if the IP
  address comes back.
  If you believe the client is not getting DNS resolution, you can either:
  Enter either the IP address of the URL (for example, http://www.cisco.com is
  http://198.133.219.25)
  ♦
  Try to directly reach the controller's webauth page with
  https:///login.html. Typically this is http://1.1.1.1/login.html.
  ♦
  Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
  be a certificate problem. The controller, by default, uses a self−signed certificate and most web
  browsers warn against using them.
  3.
  For web authentication using customized web page, ensure that the HTML code for the customized
  web page is appropriate.
  You can download a sample Web Authentication script from Cisco Software Downloads. For
  example, for the 4400 controllers, choose
  Products > Wireless > Wireless LAN Controller >
  Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
  LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
  Bundle−1.0.1
  and download the
  webauth_bundle.zip
  file.
  These parameters are added to the URL when the user's Internet browser is redirected to the
  customized login page:
  4.
  ap_mac The MAC address of the access point to which the wireless user is associated.
  ♦
  switch_url The URL of the controller to which the user credentials should be posted.
  ♦
  redirect The URL to which the user is redirected after authentication is successful.
  ♦
  statusCode The status code returned from the controller's web authentication server.
  ♦
  wlan The WLAN SSID to which the wireless user is associated.
  ♦
  These are the available status codes:
  Status Code 1: "You are already logged in. No further action is required on your part."
  ♦
  Status Code 2: "You are not configured to authenticate against web portal. No further action
  is required on your part."
  ♦
  Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
  already logged into the system?"
  ♦
  Status Code 4: "You have been excluded."
  ♦
  Status Code 5: "The User Name and Password combination you have entered is invalid.
  Please try again."
  ♦
  All the files and pictures that need to appear on the Customized web page should be bundled into a
  .tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
  login.html. You receive this error message if you do not include the login.html file:
  Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
  Authentication Configuration Example for more information on how to create a customized web
  authentication window.
  Note:
  Files that are large and files that have long names will result in an extraction error. It is
  recommended that pictures are in .jpg format.
  5.
  Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
  Other browsers may or may not work.
  6.
  Ensure that the
  Scripting
  option is not blocked on the client browser as the customized web page on
  the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
  7.
  Note:
  The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
  messages for the user.
  Note:
  If you browse to an
  https
  site, redirection does not work. Refer to Cisco bug ID CSCar04580
  (registered customers only) for more information.
  If you have a
  host name
  configured for the
  virtual interface
  of the WLC, make sure that the DNS
  resolution is available for the host name of the virtual interface.
  Note:
  Navigate to the
  Controller > Interfaces
  menu from the WLC GUI in order to assign a
  DNS
  hostname
  to the virtual interface.
  8.
  Sometimes the firewall installed on the client computer blocks the web authentication login page.
  Disable the firewall before you try to access the login page. The firewall can be enabled again once
  the web authentication is completed.
  9.
  Topology/solution firewall can be placed between the client and web−auth server, which depends on
  the network. As for each network design/solution implemented, the end user should make sure these
  ports are allowed on the network firewall.
  Protocol
  Port
  HTTP/HTTPS Traffic
  TCP port 80/443
  CAPWAP Data/Control Traffic
  UDP port 5247/5246
  LWAPP Data/Control Traffic
  (before rel 5.0)
  UDP port 12222/12223
  EOIP packets
  IP protocol 97
  Mobility
  UDP port 16666 (non
  secured) UDP port 16667
  (secured IPSEC tunnel)
  10.
  For web authentication to occur, the client should first associate to the appropriate WLAN on the
  WLC. Navigate to the
  Monitor > Clients
  menu on the WLC GUI in order to see if the client is
  associated to the WLC. Check if the client has a valid IP address.
  11.
  Disable the Proxy Settings on the client browser until web authentication is completed.
  12.
  The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
  RADIUS server for this to work. In order to check the status of client authentication, check the
  debugs and log messages from the RADIUS server. You can use the
  debug aaa all
  command on the
  WLC to view the debugs from the RADIUS server.
  13.
  Update the hardware driver on the computer to the latest code from manufacturer's website.
  14.
  Verify settings in the supplicant (program on laptop).
  15.
  When you use the Windows Zero Config supplicant built into Windows:
  Verify user has latest patches installed.
  ♦
  Run debugs on supplicant.
  ♦
  16.
  On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
  > Run > CMD:
  netsh ras set tracing eapol enable
  netsh ras set tracing rastls enable
  In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
  will be located in C:\Windows\tracing.
  17.
  If you still have no login web page, collect and analyze this output from a single client:
  debug client
  debug dhcp message enable
  18.
  debug aaa all enable
  debug dot1x aaa enable
  debug mobility handoff enable
  If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
  Service Request Tool (registered customers only) in order to open a Service Request.
  debug pm ssh−appgw enable
  debug pm ssh−tcp enable
  debug pm rules enable
  debug emweb server enable
  debug pm ssh−engine enable packet

• Wireless guest wlan and secured corporate wlan

  I am implementing an enterprise wireless network for my company. I am planning on setting up one secured corporate wlan for employee and one open guest wlan for the guest/contractor/vendor. Is there a way I can prevent my employee jump from the secured wlan to the guest wlan? Thanks.
  Lee

  Hi stepehen
  LWAPP also defines the tunneling mechanism for data traffic.
  A LAP discovers a controller with the use of LWAPP discovery mechanisms. The LAP sends an LWAPP join request to the controller. The controller sends the LAP an LWAPP join response, which allows the AP to join the controller. When the LAP joins to the controller, the LAP downloads the controller software if the revisions on the LAP and controller do not match. Subsequently, the LAP is completely under the control of the controller. LWAPP secures the control communication between the LAP and the controller by means of a secure key distribution. The secure key distribution requires already provisioned X.509 digital certificates on both the LAP and the controller. Factory-installed certificates are referenced with the term "MIC", which is an acronym for Manufacturing Installed Certificate. Cisco Aironet APs that shipped before July 18, 2005, do not have a MIC. So these APs create a self-signed certificate (SSC) when they are upgraded in order to operate in lightweight mode. Controllers are programmed to accept SSCs for the authentication of specific APs.
  Pls Refer the docu..
  http://cisco.com/en/US/products/ps6306/products_qanda_item09186a00806a4da3.shtml
  Regds
  Saji k.s

• Guest Anchor N+1: Multiple guest WLANs and Mobility List

  Hi Experts,
  We are going to replace two guest anchor controllers WLC4402 sitting in different DMZs with two WLC5508 as N+1 redundant pair in one DMZ.
  I assume each guest anchor controller should support multiple guest WLANs. Is it correct?
  And between these two new anchor WLCs, do they need to add each other to Mobility List?
  Or maybe I should ask first, does it matter if they are in the same mobility group or not?
  Thanks
  Cedar

  N+1 for guest anchors isn't what N+1 was designed for.  N+1 was designed for redundancy for WLC's supporting access points, not mobility anchors.  This solution might work, but I really doubt Cisco will support this setup, but I can be wrong.... you can always talk with your local Cisco SE or open a TAC case and ask.
  Guest anchors should have a different mobility group name from the foreign WLC's.  You do need the foreign to have both guest anchors and the guest anchor to just have the foreign WLC(s).  The redundant guest anchors do not need to have each other in the mobility group list.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Guest WLAN and IP Address Exhaustion

  Does anybody know of a way to stop a DHCP Server from doling out IP addresses (and subsequently exhausting the DHCP Scope) prior to performing L3 Web Auth to the WLC?
  The problem arises when Students come into School with their iPhones and such like with the WLAN turned on which exhausts the current Guest WLAN DHCP Scope.  Subsequently when a valid Guest User comes along they are unable to obtain an IP.
  Many Thanks

  Hi,
  This is the challenge that we have with the Guest wireless access!! However, we can use WPA/WPA2-PSK along with the WEB-AUTH, SO that thew clients who provide the right PSK will only be able to grab the IP..
  Regards
  Surendra

• Guest WLAN and VLAN out of 2811 w WLC module

  Using a WLC 2006 or 4000 series, there is
  no problem getting the traffic on a "guest WLAN" connected to a wired VLAN.
  But, how to do that when one is using
  a 2811 with a WLC module?
  Now the "guest WLAN" connects internally
  to the 2811 "interface wlan-controller 1/0" as a VLAN on a subinterface. I do not want the default GW for that VLAN within the 2811. Instead I just want to get it out at layer 2. Transparent bridging between a subinterface "int wlan-controller1/0.x" and "int fastethernet0/1.x" failed. Any ideas?

  Try these links:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

• So now and then opening firefox the topbar with news, maps, etc is written in a black bar and another time the normal white with blue letters

  the top bar in the openingpage instead of written with blue letters in the white screen, it is black with a lind of white letters.
  sometimes black and sometimes the normal blue letters
  what is going on and lately for the first time my mcafee asked for permission for firefox to go to the internet, has macafee changed things or firefox.

  The new appearance on Google search page has nothing to do with Firefox or McAfee.
  http://forums.mozillazine.org/viewtopic.php?f=7&t=2239295

• Securing Guest Wlan

  I am trying to set up a WLAN with internal users and guest users.
  I have 2 ssid's one visible one hidden, the visible one is for guest use.
  Problem is when I connect to the guest wlan and web auth, I can then ping and telnet to the rest of the corporate network. How do I stop this?

  Hi
  Have you got separate vlans setup ie.
  vlan 10 = users
  vlan 11 = guest
  You would then hand out different IP address ranges for each vlan eg.
  vlan 10 = 192.168.5.0/24
  vlan 11 = 192.168.10.0/24
  Then you can either use a firewall or use access-lists on the vlan interfaces ie. suppose the coporate network was made up of subnets
  192.168.1.0/24
  192.168.2.0/24
  192.168.3.0/24
  Also assume you want to allow your guest users out to the Internet
  access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255
  etc..
  int vlan 11
  ip access-group 101 in
  This would allow guest users on 192.168.10.0 to access the Internet but not coporate LAN.
  HTH
  Jon

• Airtune Over Ethernet  with Time Capsule or Airport Extreme

  Can the previous generation Time Capsule or Airport Extreme bridge an ethernet client to an Airtunes network?
  Current Setup: I have an aluminum iMac wired to my Time Capsule; currently, I use the aluminum as a music server by connecting to several Airport Express clients over the the iMac's built-in Airport for Airtunes support.
  Problem: I have 3-802.11g clients dragging my wifi network. I would like to dedicate the iMac's internal network to the g-clients so I don't have to use compatibility mode for my n-network. However, I will lose Airtunes speaker support when I use internet sharing over the built-in Airport. Airtunes does not appear to support the Time Capsule ethernet client.
  Nodes:
  -AE 802.11g (Airtunes only)
  -AE 802.11n (Airtunes and USB printer)
  -1st gen Time Capsule (Internet gateway, "creating network" 802.11 g/n,
  -iMac 8,1 (Music server via internal wifi, wired TC client)
  -Macbook 4,1 (wifi client)
  -iPhone
  -Canon MP620 (USB to iMac, wifi to Macbook)

  Further to Bob's comments..
  A Gen1 TC will be using marvel wireless chip and your 2008 and 2010 Macbook will use atheros and/or broadcom cards.. Just open your system profiler and look for info on the airport. We find the mixture of wireless chipsets especially older draft N and later N products can give very varied results.
  The very fact you are linking at 270 and not 300mbps shows some reduction from theoretical max speed.. and really to get over 100mbps with any wireless you need perfect setup.. matched wireless chips etc.
  Do a test uploading and downloading a file to the TC to see if the LAN speed is better than internet speed.
  In reality I think you are doing especially well.. we see loads of people complaining about slow internet here who are getting less than 10% of the speed they get direct when routed through the TC. And on most occasions the limit in speed is not really going to affect what you do, as the real links to the internet are not that fast.

• VOIP over broadband - with QoS?

  At the moment we use Cisco 2600 routers with 256k BT kilostream connections to our stations, to provide IT and Cisco VOIP. The kilostream connections cost about ?5k/station/year.
  We want to stream video for the IT, but the kilostream isn't up to it. We also have BT broadband (20:1 contention), to the station, generally between 2-8M, which costs about ?500/station/year. We can do video over that fine.
  My questions are:-
  1) I'd like to get rid of the expensive kilostream and just use broadband. However, we have about 10-25 VOIP phones on each station, and we keep being told that broadband could not support that, the latency is too high, the reliability too low, that it needs QoS and you can't get that with this infrastructure etc etc. Can I use Cisco VOIP over broadband to 2600 routers, would QoS work and what about the quality/reliability? If it is possible, any hints as to how?
  2) As an alternative, I was wondering if I could have both kilostream and broadband connected to the back of my 2600 and have different services going over the two connections (eg voice over kilostream and IT over broadband)? And if so, maybe I could have failover from one to another? Can I do this, and if so, any ideas how?
  I don't know if it helps, but we normally terminate our broadband IPSEC VPNs on our WatchGuard firewall, although we do also have a Microsoft ISA firewall that we could use instead.
  Any help you are able to offer would be very gratefully received.
  Regards
  Eric

  At the moment we use Cisco 2600 routers with 256k BT kilostream connections to our stations, to provide IT and Cisco VOIP. The kilostream connections cost about ?5k/station/year.
  We want to stream video for the IT, but the kilostream isn't up to it. We also have BT broadband (20:1 contention), to the station, generally between 2-8M, which costs about ?500/station/year. We can do video over that fine.
  My questions are:-
  1) I'd like to get rid of the expensive kilostream and just use broadband. However, we have about 10-25 VOIP phones on each station, and we keep being told that broadband could not support that, the latency is too high, the reliability too low, that it needs QoS and you can't get that with this infrastructure etc etc. Can I use Cisco VOIP over broadband to 2600 routers, would QoS work and what about the quality/reliability? If it is possible, any hints as to how?
  2) As an alternative, I was wondering if I could have both kilostream and broadband connected to the back of my 2600 and have different services going over the two connections (eg voice over kilostream and IT over broadband)? And if so, maybe I could have failover from one to another? Can I do this, and if so, any ideas how?
  I don't know if it helps, but we normally terminate our broadband IPSEC VPNs on our WatchGuard firewall, although we do also have a Microsoft ISA firewall that we could use instead.
  Any help you are able to offer would be very gratefully received.
  Regards
  Eric

• Can't see available WLAN Connection on Tecra A5 but ok with Tecra M5

  Hi,
  I have the following problem:
  I have a DLink Wireless Access point (DWL-3200AP) configured in my office.
  On my laptop, I can see my WLAN and I'm able to connect with my Tecra M5.
  I can see the WLAN on the configfree graphic tool.
  Now the problem .... I bougth a Tecra A5 for my boss, everything is working fine ... Radio is active ...
  Wireless card OK ... BUT I can't see the WLAN ... can't find it ...
  I checked everything but I have no idea why ...
  Does someone can help me ?
  Thx
  Math.

  I would suggest checking the router settings.
  In my knowledge many WLan routers support a hiding WLan option.
  In such cases the WLan is not visible and you have to know the name of the WLan to searching it.
  I think you know the name of the WLan therefore I would recommend entering the Wireless Network connection properties and then choosing the Wireless Networks tab.
  There you can Add the preferred networks. You have to enter the WLan name and the encryption.

• DNS Registration for clients with WLAN and LAN adapters

  I have read a number of articles and it seems that there are a number of people who have problems with DNS and workstations with both WLAN and LAN adapters. I haven't however found workable solutions.
  Workstation Connection Objective:
  To enable DNS discovery and Ip connection to client workstations regardless of whether the client is using the WLAN or LAN. Enabling users to use either Wireless or LAN adapter adhoc. ie they dock their laptops at their desks, and undock to take their laptops
  to meetings or consulations with peers. I need to be able to discover and connect to the workstations irrespective of the adapter being used at any time.
  Most people seem to try to control which interface is used on the workstations, ie disable WLAN and only use LAN etc. Trying to disable interfaces isn't going to be feasible and its very inflexible.
  I believe I can ensure that the workstations use the NICs in our preferred order:
  1. LAN
  2. WLAN - Our wireless network isn't as fast as the LAN.
  By setting specific DHCP metric for the WLAN Router to be higher(ie 2) than the LAN(1). When the LAN isn't connected traffic will route via the WLAN adapter and when the LAN adapter is connected, its router metric will be lower and it will be the preferred
  gateway/route.
  But how do I solve the DNS resolution for connection to that asset?
  If I disable DHCP Server updates into DNS and allow secure updates from the client. It would be really good if DNS client behaved in the following manner
  1. The LAN adapter(referred to as primary ie LAN) with the lowest metric(ie 1) registers/auto updates DNS with the ip(both A and PTR). Any other Adapters don't register. - ie the WLAN
  2. The Laptop is undocked and the LAN adapter goes offline, the DNS Client then triggers a registration/auto updates its existing DNS entry with the ip from the next adapter(WLAN) with the next lowest gateway metric(2)...hence replacing the first ip registered.
  3. The laptop is docked again, and DNS Client triggers a registration/auto updates its existing DNS entry with the IP from the primary adapter(LAN), replacing the WLAN ip.
  So there is only ever 1 ipaddress registered for a workstation and it will always be a valid address. Then I don't need to be concerned about whether the user has the wireless turned on and docked.
  Being able to discover and communicate with all our workstations in our sites is crucial requirement....
  This microsoft article says, http://technet.microsoft.com/en-gb/library/cc771255.aspx
  Dynamic updates can be sent for any of the following reasons or events:
      * An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
      * An IP address lease changes or renews with the DHCP server any one of the installed network connections. For example, when the computer is started or if the ipconfig /renew command is used.
      * The ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS.
      * At startup time, when the computer is turned on.
      * A member server is promoted to a domain controller.
  However from what I am reading, both adapters(LAN,WLAN), if configured to update DNS, will register their Ip addresses. Which leads to an invalid DNS entry if the laptop is undocked, as the IP for LAN adapter isn't removed.
  Has anyone solved this problem for their organizations without
  1. Controlling which adapter is used - large management overhead
  2. Only allowing one adapter to register with DNS
      - If using LAN adapter for DNS, then anytime the user is using WLAN, their workstation doesn't have a valid DNS entry. Which also impacts Kerberos.
      - If using the WLAN, then we would have to invest a large amount of money into Wireless to provide the necessary bandwidth
  3. Setting GPO's to configure dns updates every 30mins on clients
      - Inconsistent results...which I think is sometimes a worse problem
  4. Defining separate DNS suffixes for their WLAN networks (I read some people did this)
      - This doesn't remove an invalid DNS entry ie the ip(LAN adapter) DNS entry if the laptop is undocked
      - It also creates problems with kerberos, if the host is registered under a separate DNS suffix from the Active Directory domain name

  Hi,
  From my point of view, DNS can't be so smart.
  As a workaround, please try the steps below,
  Disable the DNS register of wireless adapter
  Put "ipconfig /regiserdns" in a bat file
  Everytime when the wired network is undocked, run the bat file.
  If the wired network is docked, wired adapter will register the DNS record.
  When the wired network is undocked, run the bat file, then the wireless adapter will register the DNS record.
  If the wired network is docked again, wired adapter will register the DNS record automatically.
  Best Regards.
  Steven Lee
  TechNet Community Support

• Communicate with cRIO when IP Address and DNS Name changes over Network Variables

  I am developing a LabVIEW software for an European Project using cRIO-9074 and RT Application Reployment to update all cRIO devices with the last version.
  To communicate with the cRIO devices I have also developed some applications that are outside cRIO on LabVIEW Project that uses Network Variables to Read/Write to the devices.
  When I am developing the software, everything works just fine because the LabVIEW Project knows the IP Address on my cRIO device. However, when I use RTAD to install the software and then my applications outside the LabVIEW Project, the aplications are, not always able to find the device when the IP address changes.
  I have tried to replace the IP Address with the DNS Name but no success. When I change the router that is connected to the cRIO, the DNS Name also changes.
  With this, my question is how can I solve this sistematic problem? Should I change any configuration on MAX, in LabVIEW Project and/or in the applications to be able to always find the cRIO? Is it possible to have a field on the application to insert the IP Address of the device to connect? If yes, how can I do this?
  Best regards,

  Quintino,
  You can programatically open connecitons to Shared Variables.  This allows you to decide at runtime the IP address, lib name and SV name you wish to connect to.  I've attached a vi snippet the demonstrats an Action Engine to handle the connection to a SV named "Parameters".
  I normally store the cRIO_Settings in a .INI file that is easy to modify. 
  Attachments:
  SV Example.png ‏45 KB