HREAP, Local Switched WLAN and DHCP Address required

Similar Messages

• HREAP - Local switching

  Hi All,
  I have a working WLC with several HREAP AP's all Woking as they should, my question is what happens to dhcp requests when an AP is configured for HREAP local switching with no VLan support enabled ( connected to an access port not a trunk)? The local VLan has a dhcp helper address configured for an external DHCP server When a wireless client connects does all the traffic get dropped directly onto the local VLAN (in my case VLAN 10) or does any traffic transverse through the controller? I ask this because on the advanced setting page of the WLAN I have ticked DHCP REQ, how does the controller determine if the wireless client has a valid IP if the DHCP request is being supplied by the local VLAN.
  I was under the impression that the control and data planes are separated?
  Thanks in advance for any replies.
  Sent from Cisco Technical Support iPhone App

  You are correct, it gets dumpped on your vlan 10. As for your very specific question, thats a great question and I dont know that I have the anwser. Perhaps someone else like Steve, Leo or Scott can reply if they tested it.
  Im going to take a stab in the dark and say perhaps the ap makes sure it sees a dhcp req packet come in before it allows the client to get into the run state.
  OR, its doesnt work.
  OR, if that check box is marked, perhaps the ap relays some type of response back to the WCL ...
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

• WLAN and DHCP with WLC controller

  Hi,
  I've a question about how works dhcp for wifi clients.
  On the WLAN edit I've seen that my option are:
  1) DHCP override-> i insert the dhcp server address here
  2) without DHCP override -> the WLAN will use the DHCP server configured under the management interface
  Based upon these informations: why I can configure DHCP server also in other interfaces and not only in the "management" interface ?
  If I configure 2 DHCP servers on a "user interface" ( without the "override" option in WLAN ) my clients will use these DHCP or the DHCP on the "management" interface ?
  Many thanks in advance
  Luigi

  from the on-line help it seems different ;-/
  =====
  DHCP Server (Override)
  When selected, you can enter the IP address of your DHCP server. This is a required field for some WLAN configurations. There are three valid configurations:
  DHCP Server Override ON, a valid DHCP Server IP address, and DHCP Address Assignment Required: Requires all WLAN clients to obtain an IP address from the DHCP Server.
  DHCP Server Override ON, a valid DHCP Server IP address, and DHCP Address Assignment Not Required: Allows all WLAN clients to obtain an IP address from the DHCP Server or use a static IP address.
  DHCP Server Override OFF: Forces all WLAN clients to use the DHCP setting in the Management Interface, not the static address.
  ===========
  It seems that i can Use external DHCP server, putting the address :
  - in the box that appair when i flag the "override" option
  - or in the management interface
  I think documentation is not so clean
  many thanks
  Luigi

• Centrally Switched and Flex Local Switched WLAN - same SSID

  Hi All
  I am currently working on a WLAN migration from lightweight to autonomous and would like advice on whether the following scenario is possible.
  We've deployed an 8500HA pair at the customer's central HQ with the plan that SSIDs at the central HQ will centrally switch with SSIDs at branch sites locally switching.  AP and Flex groups have been configured for the HQ and branch sites.  There is a legacy SSID at HQ that will need to break out locally so a flex group is required for HQ.
  My original plan was to do this with one WLAN Profile per SSID, configured to locally switch.  The HQ AP group will map WLAN to the relevant IP interface with the SSID omitted from the HQ Flex Group so that the SSID will centrally switch.  The branch AP groups will be configured with the SSIDs required for branch and Flex groups will be configured to break out the SSIDs  into the relevant local VLAN.
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  Configured as above a client debug gives the below which seems to suggest that it isn't possible, unless I've configured something incorrectly...
  *apfMsConnTask_5: Oct 03 15:48:51.012: c0:18:85:48:c0:5d Central switch is FALSE
  My alternative option is to create a second WLAN profile for each SSID with the same SSID name but centrally switched and then apply that accordingly in the AP groups.
  If someone can verify the above I'd be very grateful.
  Many thanks in advance
  Mark

  Hi Mark
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  When you configure an SSID for local switching, it is only applicable if AP in Flexconnnect mode. So as long as your HQ APs are in Local mode then all those users traffic will be central switch for the given SSID. At branch those AP are in Flex mode, they will locally switched.
  Pls do not forget to rate our responses if that is useful to you
  HTH
  Rasika

• Guest anchor WLAN and DHCP

  hi,
  I am trying to setup a guest WLAN using a local controller and  a controller in my DMZ using the mobility-anchor configuration.
  Ideally I'd like to use an external DHCP server in my DMZ, but for now, I'd be happy getting the local DHCP server on the DMZ controller working.
  Local Controller config
  Configured mobility-groups, verified mobility group is working
  Created WLAN called "guest" - assigned it to the management interface.
  Have tried the following with regards to DHCP on this WLAN.
       Set it to "override" and specified the DMZ controller's mangement interface
       Set DHCP to "assignment required" and specified the DMZ controller's management interface for the DHCP server for the local controller's management      interface
       Left DHCP server blank on the local controller's management interface
  Setup the DMZ controller as the mobility anchor for the "guest" WLAN
  DMZ controller config
  Configured mobility-groups, verified mobility group is working
  Created WLAN called "guest"
  Created a dynamic interface called "guest" associated to the "guest" WLAN
  Setup mobility anchor for the "guest" interface,  mobility-anchor = local controller
  Created an internal DHCP server scope and enabled it
  Have tried the following with regards to DHCP on the "guest" WLAN
       Set DHCP to "assignment required" and specified the IP address of the controllers management interface as the DHCP server on the "guest"      dynamic interface
       Set DHCP to "assignment required" and specified the IP address of the  controllers "guest" dynamic interface as the DHCP server on the "guest"       dynamic interface
       Set DHCP to "override" and specified the DMZ controller's management interface IP
       Set DHCP to "override" and specified the DMZ controller's "guest" interface IP
  After all this,  my client still cannot get an IP address via DHCP.  I verfiied the client is associating to the AP.
  Any help would be appreciated.
  Thanks
  Lee

  on the DMZ controller, what is the output of a debug client < mac address of the client>  You may also want to capture debug mobility handoff enable, from both WLC.
  For the guest, the DHCP is going to come from the DMZ controller, so there is no real need to configure anything on the internal WLC.  One thing of note, the WLAN config on both the DMZ and Internal must match exactly with the exception of the linked interface, otherwise you will not anchor.
  while runnign the debug, show dhcp proxy, for the WLC to be the DHCP server, proxy needs to be enabled.

• HREAP local switching works perfectly BUT central switching fails when WLC is down. Doesnt fallback to local switching.

  Hi All,
  I am currently using as 4402 with 6.0.196 image. The APs that i am using is the 1130.
  I have configure HREAP for Local switching, it works very well. I am even able to do 802.1x
  Authentication after registering with ACS. Currently I am usng only 1 SSID. That SSID is mapped
  to vlan 10 and my AP is on native Vlan 1.All the proper trunks and routing has been enabled.
  The issue i have is that when I am trying to create a central switched WLAN that fallbacks to local
  switching once the controller is down. The only diffrerence I made was to remove the "tick"/checkbox option
  for "local Switching" on the WLAN page.
  It is able to work if the controller is up, I am even able to get the IP network where the controller resides. However when
  i tested by disconnecting the controller, The client is unable to authenticate or send traffic anymore. I've tried using WPA-PSK
  and also WPA-PEAP-MSChapv2. Both fails miserably.
  Does this mean that I need to create 2 WLANs? One for Local Switching and the other for Central Switching on the HREAP mode
  APs.Cant i do it with just a single WLAN?
  Thank you.
  Warmest regards,
  Azzafir Ariff Patel.

  For h-reap, if your doing centrally switch due to using EAP for authentication and the ap looses connectivity to the WLC, then those users should be able to stay associated, but new users will not authenticate.  WPA/WPA2-psk local switching should work even if the ap looses connectivity to the WLC since the h-reap ap will do the authentication.  Here is a link you probobly already seen:
  http://www.cisco.mn/en/US/products/ps6087/products_tech_note09186a0080736123.shtml#topic2

• HREAP local switching with web auth

  Hello All,
  Does web authentication work perfectly fine while locally switching the SSID on Hreap mode APs with older WLC firmwares - 7.0.98.218.
  I see it is supported in 7.0.116.0 onwards. Does it work on older versions? Has anyone tested and faced any issues?
  Thanks
  Jeen

  It worked as far back as 4.0 from what I remember
  Steve
  Sent from Cisco Technical Support iPhone App

• Linksys E2500 Rounter and DHCP Addressing

  Recently Bought a new Linksys E2500 Router to replace my D-Link router and move to Wireless N Speeds.  Was having problems with the D-Link and the Client Machines getting a 192.168.203.x DHCP Address (never did figure this out).  No idea where this address was coming from and the Client Machine Wireless Connection to the D-Link was getting spotty at best.  Client Machines include a Sony Laptop with a Aethos(sp?) network card, a Dell M4600 with Intel(R) 82579LM Gigabit Network Card, a MAC Book (not sure about the Network Card) , a couple of Workstations (HP and Home Built) and Samsung and Panasonic Network TV's.  I am once again seeing this 192.168.203.x Network address being "given" to the client machines every once in a while.  Some of them are actually wired and some are wireless, either of which can get this IP Address Subnet.  Why?  Where is this coming from?  I could see this happening to the wireless clients possibly from another wireless network and crossing over, maybe (which is one of the reasons I replaced the Router).  The Wired Clients getting this address I just don't understand how.  The problem went away for about 2 weeks after I replaced the D-Link with the new Linksys Router, but now seems to have resurfaced.  Is this somehow coming from the Time-Warner Motorolla Modem for the Cable Internet?  How do I fix this?  How can I figure out where this is coming from?   I've tried using Wireshark to isolate what is going on, but can't figure out the right parameters to isolate the issue.
  Thanks,
  Loren

  On a computer, which gets the wrong IP address, open a command prompt window, enter "ipconfig /all" and post the full output.
  How did you connect the E2500 to your modem? Which port did you use?
  Which public IP address do you see on the status page of the E2500?

• Guest WLAN and IP Address Exhaustion

  Does anybody know of a way to stop a DHCP Server from doling out IP addresses (and subsequently exhausting the DHCP Scope) prior to performing L3 Web Auth to the WLC?
  The problem arises when Students come into School with their iPhones and such like with the WLAN turned on which exhausts the current Guest WLAN DHCP Scope.  Subsequently when a valid Guest User comes along they are unable to obtain an IP.
  Many Thanks

  Hi,
  This is the challenge that we have with the Guest wireless access!! However, we can use WPA/WPA2-PSK along with the WEB-AUTH, SO that thew clients who provide the right PSK will only be able to grab the IP..
  Regards
  Surendra

• Resolving local domain name and nameserver address

  Hi,
  Is there any way to get the local domain name (on Windows it would be NT domain name and on Unix based platform it is DNS server's domain name) and local DNS server address ?
  Thanks,
  Rohit

  import java.net.*;
  try
     InetAddress ip = InetAddress.getLocalHost();
     String fqdn = InetAddress.getCanonicalHostName();
     int firstDot = fqdn.indexOf(".");
     String domain = fqdn.substring(firstDot+1);
     System.out.println("domain: "+domain);
  catch(Exception ex)
     ex.printStackTrace();
  }

• HREAP - local switching & central authentication

  Should I trunk the port to the AP or not
  I have a WLC 5508 in the head office and have AP's in the remote office. I do not want traffic in the remote office to traverse the wan back to the WLC. I want the users at the remote office to use the local subnet at the remote site.
  Should I then trunk the AP port on the switch to the AP as I have multiple ssid's with different subnets?

  Thanks I thought that but was getting conflicting information on it.
  We also provide a guest access to remote sites that is tunnelled back to the wlc and then on to the DMZ. I guess this is not an issue when the Corporate access is configured for local break out?

• WRT 610N and DHCP Address table

  I have a wired PC, network printer and several wireless clients attached to my WRT610N. When I boot the wired PC(Vista), it no longers display in the DHCP client table. All other clients display. Also, I loose connection to my Airport Express. I do get an IP and the Internet is live. The only way to get back on the client table and see the Airport Express is to run ipconfig /release and ipconfig /renew. Running the latest firmware. Any ideas?

  I would suggest you to reset and re-configure your wireless router...Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Also make sure that your computer is set to obtain IP automatically, disable any firewalls, security softwares on the computer before trying to access the setup page...Now re-configure your router...See if this resolves your concern...

• DHCP Address Required option in WLC

  I cant seem to find the sytex for this option in the CLI ... am i missing something?

  gstefanick wrote:I cant seem to find the sytex for this option in the CLI ... am i missing something?Yeah.  A break!  Gee whiz George, it's New Year's Eve!  Grab a beer (or whatever is your poison) and chill-lax. 

• Local Switching, mDNS Snooping and Chromecast

  Hello everyone,
  we have a Cisco WiFi setup at our company constisting of one WLC (2504) and 5 access points, 4 of which are in the main office and one at a remote location (connected via an IPsec tunnel). The remote AP is configured to FlexConnect mode, and we have set up a staff WLAN using 802.1X auth and local switching. So far, everything works perfect.
  However, we now want to support Chromecast devices in our wireless network. I have setup a new WLAN with WPA2-PSK authentication for those devices, added the "Googlecast" entries to the mDNS profile and activated mDNS Snooping on this WLAN. This appears to be working as well, at least I can see the corresponding entries in the mDNS -> Domain Names tab (Chromecast switched from multicast/SSDP to mDNS recently).
  However, clients in the staff WLAN are not able to see the devices. My guess is that I would need to also activate mDNS snooping on the staff WLAN, but of course this is not possible because of local switching being enabled.
  I tried to create two different AP groups, one for the local APs and another for the remote one. Then I duplicated the staff WLAN, with the idea of deploying one copy on the local AP group with local switching disabled and mDNS snooping enabled and the other copy on the remote AP group, enabling local switching and disabling mDNS snooping. My idea was that this would allow the employees at the local office to use the Chromecast devices, but unfortunately it's not possible to configure two WLANs with the same SSID and L2 security, even if they're not on the same AP / AP group.
  Another solution would just be to create a separate WLAN for the remote AP, but that would require to push another profile and inevitably result in confused employees when they first visit the remote branch.
  Is there any way to make our Chromecasts work while still using the same WLAN for both locations? Any pointers are greatly appreciated.

  I'm not 100%sure about the details and why that works this way. But u can create two SSID as long as u use an ID higher than 16. So start at 17 and it works, maybe that has something to do with the default group they will not belong to..
  comming back to your 2504...I see no way to use an ID above 16 because that's the max it supports.
  So, please have a look at that Guide for Chromcast, as I run through i see that it hase maybe nothing to do with mDNS..
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html
  Br,
  Sebastian
  pls. rate if helpful

• I have a 3rd party "TPLink ADSL wireless" router controlling DHCP , Now require Airport Basestation and Timecapule to merely join the existing network. I know this was a work around once posted, but can't find it again? Help....

  I have a 3rd party "TPLink ADSL wireless" router controlling Internet and DHCP , Now require my (Airport Basestation and Timecapule) to merely join the existing network. I know this can be done but it was a bit of a work around the automatic setup. The autmatic setup only offers (Create new/WDS/Extend) Does anyone know how to do it, or can point me to the post.
  Many thanks

  Unfortunately, I need to connect both devices (Extreme and Timecapsule) via wireless. The ADSL router is not conveniently located to allow me to cable them directly. They are both being used to drive a bank of non networkable printers and external harddrives via the USB ports on each.
  My frustration with myself is I had it setup, but failed to record for future, the trick in how to unhide the "join network option". I then had a failed firmware update from Apple and then needed to reset the routers and bang the settings were gone.
  The Security setting is not an issue I know those I am using WPA2 personal.
  I would be grateful for the wireless setup if you have it handy...
  Thanks do much