ISG-BRAS DHCP Configuration.
Hi ,
We are deploying the ISG-BRAS for one of the SP client. The SP client is going to use ISG as DHCP server for internet clients.
As part of the implementation, I would like to know the suggestions for the below quires.
- How many concurrent session it can handle?. We want to use it for around 30K+ concurrent sessions.
- How many IP Pools will it supports?.We have around 200 small pools of different ranges.
- As we have the redundant setup so what will happen to the sessions and lease, if primary ISG goes down.
- Can we use HSRP virtual IP as a IP Helper IP(for DHCP relay routers) for a redundant solution.
- Static IP handling in ISG based on Remote-Id+Circuit-Id.
Attached the DHCP traffif flow of our implemention.
Regards
-Saji
a)
The error "Unable to manage defined hosts table" (cfg_wiz_invalid_host) appears to be due to permissions - do you have modify permission on /etc/hosts?
b)
It may be worth trying to configure DNS as the name service in dhcpsvc.conf(4) before starting the wizard (I seem to recall having to do this once before). e.g.
HOSTS_RESOURCE=dns
UPDATE_TIMEOUT=30
This may help isolate the problem
Best regards,
Nick Street
Similar Messages
-
How can I use Powershell to "Complete dhcp configuration" ?
I installed the DHCP Server feature with Powershell and now I'm wondering how to "Complete dhcp configuration" also with Powershell?
Here's what I did (example):
Install-WindowsFeature DHCP -IncludeManagementTools
Add-DhcpServerv4Scope -name "Corpnet" -StartRange 10.0.0.100 -EndRange 10.0.0.200
-SubnetMask 255.255.255.0
Set-DhcpServerv4OptionValue -DnsDomain corp.contoso.com -DnsServer 10.0.0.1
Add-DhcpServerInDC -DnsName dc1.corp.contoso.com
"Server Manager |> DHCP" now informs me that "Configuration required for DHCP Server at DC1" and by selecting "More" I can "Complete dhcp configuration". So, how do I complete the task with Powershell?
Thanks!I installed the DHCP Server feature with Powershell and now I'm wondering how to "Complete dhcp configuration" also with Powershell?
Here's what I did (example):
Install-WindowsFeature DHCP -IncludeManagementTools
Add-DhcpServerv4Scope -name "Corpnet" -StartRange 10.0.0.100 -EndRange
10.0.0.200 -SubnetMask 255.255.255.0
Set-DhcpServerv4OptionValue -DnsDomain corp.contoso.com -DnsServer 10.0.0.1
Add-DhcpServerInDC -DnsName dc1.corp.contoso.com
"Server Manager |> DHCP" now informs me that "Configuration required for DHCP Server at DC1" and by selecting "More" I can "Complete dhcp configuration". So, how do I complete the task with Powershell?
Thanks!
For a very belated answer, you need to set a registry value to tell it that the configuration has been completed.
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\ServerManager\Roles\12 -Name ConfigurationState -Value 2;
Restart-Service DHCPServer; -
Windows 2008 DNS & DHCP configuration steps for 11gR2 GI install with GNS
Hi,
I have windows 2008 R2 server with DNS & DHCP services installed. I am planning to install 2 node RAC with GNS option.
The problem is i could not find any document to setup the windows 2008 DNS server for the below steps.
a. Configure GNS VIP : add a name resolution entry in a DNS for the GNS virtual IP address in the forward Lookup file.
gns-server IN A <virtual_IP>
where gns-server is the GNS virtual IP address given during grid installation.
b. Configure the GNS sub-domain delegation: add an entry in the DNS to establish DNS Lookup that directs the DNS resolution of a GNS subdomain to the cluster.
clusterdomain.example.com. NS gns-server.example.com.
where clusterdomain.example.com is the GNS subdomain (provided during grid installation) that you
delegate and gns-server.clustername.com resolves to GNS virtual IP address.
I am aware that this configuration steps has to be taken care by the System administrator. Here is what he tried and the results.
My SA was able to Configure GNS VIP in the DNS and the Nslookup works fine for this.
When he Configures the GNS sub-domain delegation the nslookup fails when trying to resolve the SCAN name.
Any step by step tutorial for this windows 2008 DNS & DHCP configuration for Oracle GNS setup would be highly appreciated.
Thanks,
Ashok Kumar.GHi Guys,
Any help on this request will be very helpful.
Thanks,
Ashok Kumar.G -
Anchor Guest controller and DHCP configuration
I checked the cisco documentation about the DHCP configuration but I´m not 100%sure which DHCP server address I must use.
I used as example the scope 10.240.97.0/24 for our Guest Users. In this range are the DHCP scope and the Guest interface configured. For the management I used as example the range 10.240.96.0/24.Now I configured our Guest WLC and I insert on the Guest interface as Primary DHCP address the Guest interface address. After I applied I got the message I can´t use this DHCP address. Now I checked the cisco and found following description:
“If DHCP services are to be implemented locally on the anchor controller, populate the primary DHCP server field with the management IP address of the controller"
Means it now I must insert as the IP for the Primary DHCP Server on the Guest interface the IP from the management
Interface and the controller will then forward the traffic to the internal DHCP scope on the Guest subnet and wil sent it back ?
( DHCP proxy is on the Guest WLC enabled ) .
Thanks
AlFor Anchor you can use either internal or external dhcp server.
Means it now I must insert as the IP for the Primary DHCP Server on the Guest interface the IP from the management
Interface and the controller will then forward the traffic to the internal DHCP scope on the Guest subnet and wil sent it back ?
Yes. WLC forwards the unicast dhcp req to management ip for guest interface. All cpu generated traffic by default uses management interface as source address i.e., snmp, radius, ping...
Is your question whether you need routing between guest and management interface.
No, routing is not required in this case bcoz the interface residing on WLC's management. Also for proxy it uses the virtual ip address for dhcp instead of actual dhcp ip. And only wireless client can get ip from WLC's internal dhcp server.
If you're using dhcp proxy on wlc and having external dhcp server on different vlan then yes you need routing between the two vlans. -
Can anyone tell me how to change the DHCP configuration options - the same information found in dhclient.conf in linux/unix - under OSX? A corporate client of mine provides wireless internet at all their facilities, but no one with a Mac has ever been able to connect. The wireless connection comes up and is stable, but the Mac never receives an IP address. I am fairly certain they forward DHCP requests to a centralized server that handles multiple LAN segments. I suspect something in the format of the DHCP packet, perhaps one of the many options, is causing their router to drop the Mac's DHCP request packet. I have captured DHCP requests from OSX and Win2K using Ethereal, so I have some idea what options to try changing, but I need to know how to go about it. I've tried adding a dhclient.conf file, but OSX seems to ignore this.
Needless to say, this is not a simple question and I realize I'll be fiddling at low levels. However, I've tried everything there is to try with the control panel, command lines, etc. I generally have no problems getting WiFi to work across Mac and windoze whether at home, in hotel rooms, or at corporate locations, but this one really has me stumped. Any help is appreciated.How are you connecting to the wireless network? Is it a closed network with security, or an open network? There are a lot of different protocols in play with a wireless connection, particularly with Cisco equipment. It's possible Macs don't support one of the protocols where Windows does. There may be extra security such as DHCP client IDs, or using DHCP reservations only. There could be MAC address security setup on the wireless APs.
I would ask one of your PC buddies help you find an unused address. Set that manually and see if everything works. If it does you know you have a DHCP problem. If it doesn't there's a problem with the wireless connection -
ISG Debug - IP configuration missing for radius proxy session initiation
Folks,
We are trying to configure the ISG as a Radius-Proxy for EAP Authentication. I have configured aaa server radius proxy, clients and aaa auth radius-proxy group as per the guide. I have my interface config as follows:
interface TenGigabitEthernet0/2/0.205
encapsulation dot1Q 205
ip vrf forwarding CS
ip address 10.20.0.1 255.255.224.0
ip helper-address global 172.X.X.X
no ip redirects
no ip proxy-arp
ip tcp adjust-mss 1420
service-policy type control DEFAULT_RULES
ip subscriber l2-connected
initiator dhcp
initiator radius-proxy
arp ignore local
When I try to connect a wifi client to an AP, I can see that the AP is forwarding the Access-Request to the ISG but the ISG does not forward it to the AAA. In the ISG debug I see the following message:
RADIUS: IP configuration missing for radius proxy session initiation
Can any one help to identify what is missing here pls?
Thank You in advance!Kiran,
Did you follow this guide? It looks like the interface configuration is there but you didnt include the actual radius configuration does it follow the guide here -
http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/isg_radius_proxy.html#wp1055053
Thanks,
Tarik Admani -
ISG with DHCP Option 82 sessions
Greetings, I'm looking to roll out a GPON deployment using the ISG as our BRAS with DHCP-based sessions but we are experience some problems with session restart. Were using an external DHCP server and RADIUS. Sessions come up fine the first time, but if there is an existing session and the CPE node is rebooted the session get's "stuck". To clear the session we turn off the CPE device, clear the state in the GPON shelf and wait for more than 5 minutes. Doing some debug shows the SG-DPM process thinking there is an existing DHCP lease that seems to clear out after five minutes of "silence". I'd like to get this five minutes down to something in the less than 60 seconds range. Anybody know of any knobs to tweak this?
Dec 2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: input override for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: null input interface from dhcp,returning access interface GigabitEthernet0/3.300
Dec 2 12:49:19.642 EST: SG-DPM: DHCP Offer notification from client, mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: Aborting update. IP address: 10.2.2.162 hasn't changed
Running 12.2 (31) SB19 with the following code snippet:
aaa authorization subscriber-service USER_LOGON group radius
policy-map type control USER
class type control always event session-start
20 authorize aaa list USER_LOGON password blablabla identifier circuit-id
30 service disconnect
interface GigabitEthernet0/3.300
encapsulation dot1Q 300
ip dhcp relay information trusted
ip address 10.1.1.1 255.255.255.224
ip helper-address 10.10.10.10
no cdp enable
service-policy type control USER
ip subscriber l2-connected
initiator dhcpTry...
If the session is still un an unauthenticated state setting the unauthe timer will help:
class type control always event session-start
25 set-timer IP_UNAUTH_TIMER 6
But if the session is authenticated then it is suggested to set a idle timeout value like this:
policy-map type service IDLE_TIME_SERVICE
class type traffic IDLE_TIME
timeout idle 600
class type control always event session-start
24 service-policy type service name IDLE_TIME_SERVICE
Shelley. -
Dear people,
I was glad to see that in 1.0.2.6 some tftpboot issues have been adressed. However I run into a problem.
I setup the Advanced DHCP with the tftp server ip (also tried hostname btw), configured the
DHCP Client Device vs. Configuration File Mapping Table. When I try to tftp boot any device, the devices search for the boot file not on the tftp server (192.168.1.100), but on the RV180 itself (192.168.1.1). I find this very confusing. Could it be that tftp function 66 isn't working as it should be, or could it be something in my local configuration? Are there any limitations I should know about?
Thanx!Hi Samir,
Thanx for the reply.
I used to have a wrt54g as the default gateway in my network, tftpbooting just went fine, all my clients were able to connect to the tftpserver and load the designated files. I swapped the wrt54g with the rv180 (gigabit etc) assuming the information in the datasheet was based on real functionality. Unfortunately tftp on the rv180 was a diisapointment from the start. The first two firmware releases only accepted tabeling with .cfg files. Now, in release nr 3, the webui allows the mapping of other than .cfg files. Gladly I can map .0 and .bin files now. Clients doing tft-booting receive an ipadress and wait for 192.168.1.1 (rv180) to hand them the right files, ofcourse this never happends. I wonder what firmeware version will hold the fix to this problem. it could be that the rv180 has a hidden tftp-server, or maybe tftp-function 66 is just not working. Tftp-function 150 is also a next-server funtion, it is proprietary from Cisco itself. My clients and tftp-server are not familiar with this function, maybe the rv180 has trouble choosing 66 or 150? -
Hi,
we have installed WDS server on windows server 2012. Our DHCP is a CISCO 2911 Router. what do we need to configure on the WDS and DHCP server for the clients to have a PXE boot.
Thanks in advance"If the local DHCP server is not a Microsoft DHCP server, we will have to manually configure the DHCP server to forward the request to the WDS server."
How will the clients ( laptops/desktops) do the PXE boot and pull the image from WDS server ?
"If you have any problem, please configure DHCP option 66 and 67." -- on which device do we need to configure this ?
Thanks -
Static vs. DHCP configuration: Arch-specific details
Hi,
I'm a recent Arch convert (after seven years of Slackware, Debian and CentOS). I have a few questions about details that I didn't quite get in the Wiki section.
1) static IP
The sample line in rc.conf is explicit enough, so this one is no problem. On the other hand, there are some diverging hints concerning the configuration in /etc/hosts. Let's say I configured a server with a static IP of 192.168.1.1/255·255.255.0. In that case, is it correct to have an /etc/hosts that looks like this?
127.0.0.1 localhost.localdomain localhost
192.168.1.1 buildbox.localdomain buildbox
Or is it:
127.0.0.1 localhost.localdomain buildbox.localdomain localhost buildbox
2) DHCP
If I configure my Ethernet interface with DHCP, what do I have to put in /etc/hosts? Only the localhost line?Yeah, you don't really need to inject anything into /etc/hosts
I'd say this is partially wrong. When I only keep the default /etc/hosts, I get a warning message when XFCE starts up: it complains that there's no hostname defined.
Finally, I'm using this configuration:
127.0.0.1 buildbox.local buildbox
127.0.0.1 localhost.local localhost
Note: The double 127.0.0.1 is only for better readability.
But I just notice something else, that puzzles me a bit. Here's what ifconfig returns, as expected:
[root@buildbox:~] # ifconfig
eth0 Link encap:Ethernet HWaddr 00:20:ED:B8:E8:EC
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::220:edff:feb8:e8ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:891 errors:0 dropped:0 overruns:0 frame:0
TX packets:457 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:194025 (189.4 Kb) TX bytes:103657 (101.2 Kb)
Interrupt:16 Base address:0xf00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3470 (3.3 Kb) TX bytes:3470 (3.3 Kb)
And here's the network section of my /etc/rc.conf:
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
# Wireless: See network profiles below
eth0="eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255"
INTERFACES=(eth0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.1.254"
ROUTES=(gateway)
What puzzles me: I didn't define anything localhost-like in rc.conf, and yet it's there. How comes?
Last edited by kikinovak (2008-04-10 11:29:19) -
Hi,
Below are the configurations of DHCP Server in 3550, it perfectly works fine & assigning the IP address across multiple VLAN's.now i wanted a setup in such a way that, i should not configure 3550 as DHCP Server, i wanted to make 2950 as DHCP Server, i mean we have got so many 2950 switchez, all switches are in same VLAN, but the PC's in every department are in different VLAN's. so i tried the option mentioned, but it doesn't work? where in do it in individual switch, it works, so how to proceed now. Thanks in advance & Happy New Year.
3550 (Working)
ip routing
ip dhcp pool A
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
ip dhcp pool B
network 10.2.1.0 255.255.255.0
default-router 10.2.1.1
ip dhcp pool C
network 10.3.1.0 255.255.255.0
default-router 10.3.1.1
ip dhcp-server 10.1.1.1
ip dhcp-server 10.2.1.1
ip dhcp-server 10.3.1.1
ip dhcp snooping
interface gigabitethernet 0/1
description ***Connected to 2950***
switchport trunk encapsulation dot1q
switchport mode trunk
vlan 2
ip address 10.2.1.1 255.255.255.0
vlan 3
ip address 10.3.1.1 255.255.255.0
vlan 4
description ***Switch***
ip address 10.4.1.1 255.255.255.0
2950 (Not Working Configuration)
ip dhcp pool A
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
ip dhcp-server 10.1.1.1
ip dhcp snooping
interface vlan 4
ip address 10.4.1.1 255.255.255.0
interface fastethernet 0/1
switchport access vlan 2
switchmode access
spanning-tree portfast
interface gigabit 0/1
description ***Connected to 3550***
switchport mode trunk
2950 (Individual working Configuration)
ip dhcp pool A
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
ip dhcp-server 10.1.1.1
ip dhcp snooping
interface vlan 4
ip address 10.1.1.1 255.255.255.0
interface fastethernet 0/1
switchport access vlan 4
switchmode access
spanning-tree portfast
interface gigabit 0/1
description ***Connected to 3550***
switchport mode trunkHi,
in the *not wotking* 2950 example, the 2950 should provide IP addresses to which clients? Why is the DHCP server set to 10.1.1.1, when the Switch IP is 10.4.1.1?
Do you have IP connectivity to all the other switches?
A DHCP request from a PC is sent as a broadcast. When it reaches the DHCP server it will determine the proper pool from the interface it was received. So try to place the 3550 DHCP config completely into one of the 2950 switches. Also make sure not to have duplicate IPs.
In case direct broadcast access to the DHCP server is not possible you will need a DHCP proxy. This can be achieved by "ip helper-address 1.2.3.4".
Hope this helps -
[ASR1K] ISG Dual Stack configuration
Hello
Is it possible to configure l3-connected ISG dual stack on ASR1000?Hi,
According to document http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/isg/configuration/xe-3s/asr1000/isg-xe-3s-asr1000-book/isg-ipv6.html, it is possible:
Restrictions for ISG IPv6 Support
Layer 2 connected interfaces are not supported. Only Layer 3 routed in-band IPv6 sessions are supported.
Session Coexistence on ISG Interfaces
The following session combinations can exist on the same ISG interface in Cisco IOS XE Release 3.5S and later releases:
Native IPv6 and native IPv4 sessions
Regards -
DHCP configuration for non-compliant clients
So your question isn't for a live situation, but because you are studying for a test?
hello!
i have a question about network policy server..
that is , how to configure DHCP server to lease IP address to non-compliant client??
specifically for access to remediation servers
thank you..
This topic first appeared in the Spiceworks Community -
DHCP configuration files on ML?
hello,
is it possible to configure the old settings on dhcp from my lion server?
in the bootpd.plist file aren't the settings from my static IP's with mac adress.
the server runs and give the right IP's to the client but i can not find the config files.
where are the config files??
thx for help/etc/bootpd.plist still remains the main config file for the DHCP server in Mountain Lion Server. It apparently still supports adding DHCP Option Codes to /etc/bootpd.plist (manually).
As Strontium90 says the definition of static DHCP address maps is normally stored in Open Directory and would therefore be editable using the Directory Utility. It is however apparently also possible to use the /etc/bootptab file to define DHCP static IP address mapping. Normally this file does not exist and in its absense Open Directory is used instead. However if you create this file and populate it, then it will be used instead of Open Directory.
The documentation for Lion and Mountain Lion Server is practically non-existent, I did however fine the following
https://developer.apple.com/library/mac/#documentation/Darwin/Reference/Manpages /man5/bootptab.5.html
and typing man bootptab in Terminal in Mountain Lion will probably show the same. -
Hi all,
I try to set up multiple Vlan but my issue is to associate them ip subneting.
This is the example:
I want to make some Vlans:
- 1 for Data
- 1 for Voice
so I make the ssid
dot11 ssid data
vlan 100
authentication ...
dot11 ssid voice
vlan 200
authentication open
authentication key-management wpa
wpa-psk ascii ...
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
and the BVI
interface BVI1
description Basic Virtual Interface
ip address A.B.C.D /24
no ip route-cache
the BVI interface is in the native Vlan of Data. My issue is that I want to have on subnet 192.168.1.0/24 for Data and another 192.168.2.0/24 for the voice
but the problem is that I always get dhcp info from the subnet where the BVI is.
Can anybody help me on that ?
I assume that the DHCP request is ?ade by the IP of the BVI (when helper activated) so this is why I always get an IP from the data pool where the BIV is into.
I started to think to some solution like create a BVI2 but this is a lost of IP
or directly assign ip from sub ethernet int and activate the helper.
What is the best and what do you think of that ?
Thanks in advance
MattYour problem is all your interfaces are using bridge group 1. change the bridge group number to match the corresponding VLAN and things should improve as long as the switch port is configured for trunking/.1Q support.
Suggestion initially configure the VLAN's using the WEB interface and then check the config and see the result.
Bill
Maybe you are looking for
-
GRC AC 10.0 PSS feature with SSO in scope
Hi, For one of our customer project, in ARM we have to enable password self-service (PSS) workflow which is in the scope. At the same project we also have single sign on (SSO) (SNC and SSL) in scope for all SAP system landscape. I understand that I c
-
I've installed the 10gb in app purchase twice now.
Maybe I'm missing something, but I'm supposed to be getting a bunch of new stuff, but nothing changes after the install? On top of everything else I'm supposed to get 40 lessons, and while I don't plan on using any of them, the fact that they aren't
-
Adobe reader end user license agreeement
A website wants me to fill out an e-form in pdf format, but says I must agee to the adobe reader end user licence agreement Can't figure out how to do this, as usual, Adobe is not help
-
Dear All, I am testing my DR server. i have resotred my full offline backup to Dr successfully. now i want to check it by making it onlne once. when i am starting the database, it is started. But when i am starting the lsnrctl, it is giving me error.
-
Needing to color correct a bunch of blue clips!
I recently did a shoot and the other shooter I hired gave me a bunch of blue video. What is the fastest way I can color correct those clips? I used a color corrector 3 way on those clips but it didn't really take the blue out. I then copied the setti