Loadbalancing DHCP ?

Similar Messages

• DHCP loadsharing with redundant Guest Anchor Controllers

  Hi
  I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centres with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
  This is how I tried to distribute
  network. 10.1.0.0/23
  gateway: 10.1.1.254
  Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
  Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
  As the user loadbalancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
  I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP loadbalancing and having full redundancy at the same time?
  Any suggestion will be greatly appreciated.
  Regards

  Thanks Scott, I understand that it's quite obvious to get an external DHCP Server, unfortunately it's not an option for us The weired thing is, it seems when a client joins the guest WiFi, both the Anchor Controllers (both functioning as DHCP servers with mutually exclusive IP Address space) are providing IP addresses. While the client accepts only one the other Controller still reserves the IP address unused and hence depleting the DHCP Pool.
  I thought for load balancing (in the very beginning) the Foreign controller will forward the DHCP request to only one of tthe Anchor Controllers, but in reality it's forwarding it to both. I have tested this with only one test AP, so mobility doesn't seem to be an issue here. Any thoughts?

• DHCP Failover Server 2012

  Hi,
  I have a Problem with DHCP Failover in Windows Server 2012
  We configured 2 Windows Server 2012 with DHCP Role and created a Scope with loadbalancing algorithm.
  The Problem is, that the two DHCP Servers Show different statistic Information. DHCP 1 has 254 addresses and 218 in use. DHCP Server 2 has 254 addressses and 187 in use.
  We found situations when one DHCP Server has no available IP addresses and the other one has about 40% available addresses.
  Why do the Servers have different available address spaces ? We have one scope with one class c net, 254 addresses.
  Our Szenario is with this config not high available, cause of sometimes running out of IP addresses on one DHCP Server.
  Thanks for help
  Björn
  Björn Schiemann LemonTec IT Systems KG htttp://www.lemontec.de

  Hi Bjoern,
  Would you please provide us your detailed load balance configurations.
  In load-balance mode of operation both the servers respond to client requests. Here’s how the servers ensure the distribution of client requests between themselves:
  Each DHCP server on receiving the client request calculates hash of the MAC address in the client request as per hashing algorithm specified in RFC 3074. Each server hashes any MAC address
  to a value between 1 and 256. If the load distribution ratio between the 2 servers is left at the default of 50:50; and if the hash of the MAC address falls between 1 and 128 then the first server will respond to the client request else if the hash is any
  value between 129 and 256, the other server responds to the client. This ensures that only one server responds for a specific client. If the load distribution ratio has been changed by the admin to a different value, the distribution of hash buckets would
  be in that proportion. The admin does not need to configure the MAC addresses on any server configuration a-priori.
  Quote from DHCP Failover Load Balance Mode
  http://blogs.technet.com/b/teamdhcp/archive/2012/08/06/dhcp-failover-load-balancing-mode.aspx
  In addition, I notice that you have a Class C network for the scope, why does each DHCP server have 254 IP address available?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Loadbalancing with BigIP via port 70**

  I'm thinking of using our company's F5 to loadbalance our weblogic servers,
  since it costs extra money to upgrade our WebLogic licenses to enterprise to
  implement clustering - i have to look for other means of loadbalancing and
  health checking.
  Have any of you guys tried to use the BigIP to load balance your application
  servers? The architecture would look similar to this.
  [bigip ip] -> [apache servers] ->[bigip ip VIP:foo:700*] ->[weblogic
  servers]
  Is this bad?

  Hi,
  What do you mean by "Your Network "?
  Is this LAN v WAN (Internet) Buddies ?
  Or do you mean not using the same ISP ?
  The Log Says
  Router
  BAD TEST
  15.483082 @/SourceCache/VideoConference/VideoConference-415.13/Video Conference/VideoConferenceGlobalObjects.m:1672 type=5 (00000000/0)
  CommNAT Result: 0x00000001
  Near the Bottom. (The Binary Images bit is useless at this stage).
  This suggests there is something "wrong" between your computer ad the Internet.
  This could be an issues between a modem that routes (Mostly DSL) and a router that might both be doing DHCP creating overlapping Subnets.
  It could be a NAT issue (How data from the Internet on the IP from your ISP gives you is translated to the LAN IP address of your computer).
  It may be as simple as missing DNS info in the modem or router or even computer.
  There are also some others caused by Dual connections to the modem such as Wifi and Ethernet the same time or "sharing" a neighbour's WiFi as well as Ethernet to your Own Internet connection.
  9:42 PM Wednesday; May 19, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Airport can no longer get DHCP address

  Hello,
  I'm at the point of dumping the airport base station in the trash, but thought I would try this first.
  I have broadband internet service. It worked - until mid morning today. Suddenly it will not work. The base station (old one, white - snow?), though set for DHCP, now defaults to a self-addressed 169... address. I have tried:
  - powering off the base station, the cable modem, powering up one at a time, etc etc. Internet provider (insight, IL) says they don't know why the apple base station is unable to renew the DHCP lease.
  - The Airport Admin Utility is set to Ethernet, using DHCP. There is no "renew DHCP lease" button there, but I have switched it to connect using modem and then switched backed to Ethernet, hit Update, and back comes Using DHCP ... with a 169.254 address.
  - I can connect through the cable modem with my powerbook without a problem. The address starts with 74.134.
  I take it the self-assigned IP means there was a timeout or the airport was otherwise unable to get what it considered a valid IP.
  Is the base station toast?
  Should I buy a router and hook it to that? Seems redundant, with my setup (two laptops, one desktop connected to base station LAN port)
  I've spent several hours reading (via direct connect to the cable modem) and trying different wiring / reset combinations, and have about had it. Any thoughts most welcome.
  Thanks,
  Brian

  It is a long while since I tried Google Toolbar, I am not sure what it changes. But I would not expect it to totally remove your options to use the ordinary toolbars.
  ■ Try
  * press the''' alt '''key on the keyboard, that may return the menu bar
  * once you have the menubar '''View -> Toolbars ->''' and select which you need
  * you may also use View-> Toolbars -> Customise and drag items back or use the restore default set option.
  * right clicking on the toolbars also gets you to the customise and show toolbars options
  ■ have a look at [[Back and forward or other toolbar items are missing]]
  PS
  I hope you do not need to resort to editing registry settings, the firefox 'dragons' in prefs are user friendly compared with Windows registry. Messing up firefox prefs only really affects firefox normally; whereas errors in a registry edit may prevent you from even booting the computer.

• HP LaserJet P1606dn loses their IP address in DHCP mode

  Hi,
  We are currently encountering what seems to us to be a strange behavior with the HP LaserJet P1606dn printer. The behavior is that, while in DHCP mode, when it goes into sleep mode, it loses its IP address.
  It shouldn't be bad because it should wake up when something is sent to it and get back its IP address, but it doesn't. It get stuck in the printing queue and we need to do an "ipconfig/ flushdns" on the appropriate server so it get back its address. This is kinda annoying because we can't even desactivate this sleep mode function, the best we can do is put it to 1 hour which is temporary because it still gonna loses its IP address anyway.
  I have searched all over the net for an answer to our problem and the closest one I have find is one on HP forum where the P1606dn loses its IP address in manual mode and switch to DHCP. Even though it wasn't our exact problem, the recommanded solution was to update the 1606dn firmware, which we did. It sadly hasn't solve our problem. At least, we aren't forced to do a flushdns everytime this time and we can force it to print by printing the configuration page...
  An other thing we have found is that, it always or well, very often create a second entry in the inversed zone of the dns with an IP adress it won't even use... It is probably important to note that when the printers loses its ip address, the information of the ipv4, the dns and the rest of the address are all 0.0.0.0.
  It seems to me that when the printers enters in sleep mode, it loses its ip address so it can save energy, which would be a good thing, but then, it cannot get back its ip address and well, its like the printers says to himself "well, I am lost and I don't know where I am neither at which address I live but hey, it's ok, everything is just fine."
  Our configuration :
  Windows 7 professional 64 bit on users end
  Windows server 2008 r2 enterprise
  The printer is connected in LAN
  Anyone has stumbled accross a problem like this before with this model?
  Thank you

  These settings are for setting up your wireless printer to stay connected to your router, keep wireless devices better connected and makes your router secure and hack proof.
  1. Set a static IP in the printer (click here) outside the DHCP range of the router (check your manual).
     This is for Linksys routers but can be used for all routers. Verify your DHCP range and change this
     first if needed. More Wireless Printing help is here.
  2. Verify in the printer that 'Auto Off' is disabled.  Use the Embedded Web Server (EWS) by going to the
     printers IP address in your browsers address bar, click Settings Tab/Auto Off. Or use the Printer
     Assistant, Printer Home Page (EWS).
  3. If the printer supports and has IPv6 enabled, turn off IPv6 in the printer.
  4. If needed and you assigned a static IP address, try using 8.8.8.8 for the Manual DNS server and
       8.8.4.4 preferred DNS server.
  In the router: (Refer to your router manual for information)
  5. Use a fixed wireless channel like 1, 6 or 11, never 'auto', try channel 1 first then the rest. 
  6. Set router to 20Mhz only, or 145Mbps depending on router. 
  7. Always use WPA2-AES (Personal) encryption, but you can try ‘mixed’ mode. 
  8. Disable WPS and never use it and disable UPnP for the routers security. Nobody can hack your
     system now and helps with wireless connectivity (if you want to know why, search the web).
  9. If you have a dual band router (2.4Ghz and 5.0Ghz bands), make sure the SSID’s are NOT the same,
     they must be different for all bands, even for any Guest networks.
  10. SSID broadcast must be enabled.
  11. Save all settings. Power off both, wait 2 mins.  Power on router wait 2 mins. 
  12. Power on printer and verify it reconnects to router. 
  Windows 7/8/8.1   Is Network Discovery on or off?
  Control Panel/Network and Internet/Network and Sharing Center/Advanced sharing settings.
  Under Home or Work (current profile) / Network Discovery.
  Select "Turn on network discovery" and save changes.
  Say thanks by clicking the Kudos Thumbs Up to the right in the post.
  If my post resolved your problem, please mark it as an Accepted Solution ...
  I worked for HP but now I'm retired!

• ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

  Hello guys
  Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
  Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
  I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
  Thanks in advance
  Sayre

  Hello Sayre-
  For Question #1:
  Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
  You can configure Radius and Profiling to be enabled on other interfaces
  Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
  Take a look at this link for more info:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
  For Question #2
  If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations. 
  The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
  –Option 12—HostName of the client
  –Option 60—The Vendor Class Identifier
  After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
  Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
  On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
  http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
  I hope this helps!
  Thank you for rating helpful posts!

• I want to reserve a static IP address on my Airport extreme.  What is the difference between reserving by MAC Address and DHCP Client ID?

  I want to understand the differences in the way you can reserve a static address for a device on the network.  I had previously set the device itself to an address and then reserved it with DHCP Client ID, which I thought was just the devices static addresss.  I'm not sure if this was in fact correct or just happend to work.  I know what a MAC address is, but I'm not really sure what the DHCP Client ID is. So it would be great if someone could clarify it, and the difference between reserving address by MAC Address or DHCP Client ID.

  A MAC address is a unique identification consisting of letters and numbers in a form that looks like this:
  xx:xx:xx:xx:xx:xx
  Every network device has a MAC address, which can be found on a label on the bottom or back of the device. Apple calls this the Ethernet ID.
  A DHCP Client ID is an optional name that you can assign to a device. For example, on your Mac....
  Open System Preferences (gear icon on the dock)
  Open Network
  Click on Ethernet
  Click Advanced at the lower right
  You may be able to edit the DHCP Client  ID here....for example.....you could enter MJ500's MacBook in the space provided. That would be the Client ID of your Mac.

• IIS 6.0 Policyagent not working with AM loadbalancer

  Trying to enable SSO for IIS 6.0 website running on port 80 with Access manager 7.0. AM loadbalancer URL is configured on OracleAS webcache.
  Everything works fine when policyagent is configured with one of the AM servers instead of load balancer URL. But when configured with AM loadbalancer URL a blank page gets displayed after user gives his credentials on the AM authentication page and submits. Below is the error part of log generated at policyagent's end.
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="auth" reqid="0">
  <Request><![CDATA[<?xml version="1.0" encoding="UTF-8"?><AuthContext version="1.0">
  <Request authIdentifier="0"><NewAuthContext orgName="/"/></Request></AuthContext>]]></Request>
  </RequestSet>
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest Request line: POST /amserver/authservice HTTP/1.0
  2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Cookie and Headers =Host: am.xxxx.com
  2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Content-Length =Content-Length: 296
  2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
  Content-Type: text/xml; charset=UTF-8
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest(): Total chunks: 9.
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: BaseService::sendRequest(): Sent 9 chunks.
  2008-04-21 19:08:04.556 Debug 2160:18ef080 AuthService: HTTP Status = 404 (Not Found)
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Reading headers.
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Content-Type: text/html; charset=iso-8859-1
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Connection: Close
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Server: Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.2.0 (N;ecid=1254975795829,0)
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Date: Mon, 21 Apr 2008 13:38:04 GMT
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Reading body content of length: 73435745963999573
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 all: Connection::waitForReply(): returns with status success.
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: Http::Response::readAndParse(): Completed processing the response with status: success
  2008-04-21 19:08:04.556MaxDebug 2160:18ef080 AuthService: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <HTML><HEAD>
  <TITLE>404 Not Found</TITLE>
  </HEAD><BODY>
  <H1>Not Found</H1>
  The requested URL /amserver/authservice was not found on this server.<P>
  <HR>
  <ADDRESS>Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server Server at INTRANET-WC.xxxx.COM Port 7777</ADDRESS>
  </BODY></HTML>
  Any idea why it is looking for /amserver/authservice context on the webcache??
  Thanks

  com.sun.am.cookie.name = iPlanetDirectoryPro
  # If this property is set to true the cookies set by the agent
  # will be marked secure and will only be transmitted if the
  # communications channel with the host is a secure one.
  com.sun.am.cookie.secure = false
  # The URL for the Access Manager Naming service.
  com.sun.am.naming.url = http://<Loadbalancerhostname>:7777/amserver/namingservice http://<Loadbalancerhostname>:7777/amserver/namingservice
  com.sun.am.ignore.naming_service = true
  # The URL of the login page on the Access Manager.
  com.sun.am.policy.am.login.url = http://<Loadbalancerhostname>:7777/amserver/UI/Login http://<Loadbalancerhostname>:7777/amserver/UI/Login
  # Name of the file to use for logging messages.
  com.sun.am.policy.agents.config.local.log.file = D:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1/amAgent
  # This property is used for Log Rotation. The value of the property specifies
  # whether the agent deployed on the server supports the feature of not. If set
  # to false all log messages are written to the same file.
  com.sun.am.policy.agents.config.local.log.rotate = true
  # Name of the Access Manager log file to use for logging messages to
  # Access Manager.
  # Just the name of the file is needed. The directory of the file
  # is determined by settings configured on the Access Manager.
  com.sun.am.policy.agents.config.remote.log = amAuthLog.<Protectedserverhostname>.80
  com.sun.am.log.level = all:5
  # The org, username and password for Agent to login to AM.
  com.sun.am.policy.am.username = lmsagent1
  com.sun.am.policy.am.password = HCuUvbq+uuVQ0LA9cDZUsw==
  # Name of the directory containing the certificate databases for SSL.
  com.sun.am.sslcert.dir = D:/Sun/Access_Manager/Agents/2.2/iis6/cert
  # Set this property if the certificate databases in the directory specified
  # by the previous property have a prefix.
  com.sun.am.certdb.prefix =
  # Should agent trust all server certificates when Access Manager
  # is running SSL?
  # Possible values are true or false.
  com.sun.am.trust_server_certs = true
  # Should the policy SDK use the Access Manager notification
  # mechanism to maintain the consistency of its internal cache? If the value
  # is false, then a polling mechanism is used to maintain cache consistency.
  # Possible values are true or false.
  com.sun.am.notification.enable = true
  # URL to which notification messages should be sent if notification is
  # enabled, see previous property.
  com.sun.am.notification.url = http://<Protectedserverhostname>:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
  # This property determines whether URL string case sensitivity is
  # obeyed during policy evaluation
  com.sun.am.policy.am.url_comparison.case_ignore = true
  # This property determines the amount of time (in minutes) a policy entry
  # remains valid after it has been added to the cache. The default
  # value for this property is 3 minutes.
  com.sun.am.policy.am.polling.interval=3
  # This property determines the amount of time (in minutes) an sso entry
  # remains valid after it has been added to the cache. The default
  # value for this property is 3 minutes.
  com.sun.am.sso.polling.period=3
  # This property allows the user to configure the User Id parameter passed
  # by the session information from the access manager. The value of User
  # Id will be used by the agent to set the value of REMOTE_USER server
  # variable. By default this parameter is set to "UserToken"
  com.sun.am.policy.am.userid.param=UserToken
  # Profile attributes fetch mode
  # String attribute mode to specify if additional user profile attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user profile attributes will be introduced.
  # HTTP_HEADER - additional user profile attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user profile attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.profile.attribute.fetch.mode=HTTP_HEADER
  # The user profile attributes to be added to the HTTP header. The
  # specification is of the format ldap_attribute_name|http_header_name[,...].
  # ldap_attribute_name is the attribute in data store to be fetched and
  # http_header_name is the name of the header to which the value needs
  # to be assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.profile.attribute.map=myuid|my_uid,cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
  # Session attributes mode
  # String attribute mode to specify if additional user session attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user session attributes will be introduced.
  # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
  # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
  # The session attributes to be added to the HTTP header. The specification is
  # of the format session_attribute_name|http_header_name[,...].
  # session_attribute_name is the attribute in session to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.session.attribute.map=
  # Response Attribute Fetch Mode
  # String attribute mode to specify if additional user response attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user response attributes will be introduced.
  # HTTP_HEADER - additional user response attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user response attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
  # The response attributes to be added to the HTTP header. The specification is
  # of the format response_attribute_name|http_header_name[,...].
  # response_attribute_name is the attribute in policy response to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.response.attribute.map=
  # indicate where a load balancer is used for Access Manager
  # services.
  # true | false
  com.sun.am.load_balancer.enable = true
  ####Agent Configuration####
  # this is for product versioning, please do not modify it
  com.sun.am.policy.agents.config.version=2.2
  # Set the url access logging level. the choices are
  # LOG_NONE - do not log user access to url
  # LOG_DENY - log url access that was denied.
  # LOG_ALLOW - log url access that was allowed.
  # LOG_BOTH - log url access that was allowed or denied.
  com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
  # Agent prefix
  com.sun.am.policy.agents.config.agenturi.prefix = http://<Protectedserverhostname>:80/amagent
  # Locale setting.
  com.sun.am.policy.agents.config.locale = en_US
  # The unique identifier for this agent instance.
  com.sun.am.policy.agents.config.instance.name = unused
  # Do SSO only
  # Boolean attribute to indicate whether the agent will just enforce user
  # authentication (SSO) without enforcing policies (authorization)
  com.sun.am.policy.agents.config.do_sso_only = true
  # The URL of the access denied page. If no value is specified, then
  # the agent will return an HTTP status of 403 (Forbidden).
  com.sun.am.policy.agents.config.accessdenied.url =
  # This property indicates if FQDN checking is enabled or not.
  com.sun.am.policy.agents.config.fqdn.check.enable = true
  # Default FQDN is the fully qualified hostname that the users should use
  # in order to access resources on this web server instance. This is a
  # required configuration value without which the Web server may not
  # startup correctly.
  # The primary purpose of specifying this property is to ensure that if
  # the users try to access protected resources on this web server
  # instance without specifying the FQDN in the browser URL, the Agent
  # can take corrective action and redirect the user to the URL that
  # contains the correct FQDN.
  # This property is set during the agent installation and need not be
  # modified unless absolutely necessary to accommodate deployment
  # requirements.
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
  # com.sun.am.policy.agents.config.fqdn.map
  com.sun.am.policy.agents.config.fqdn.default = <Protectedserverhostname>
  # The FQDN Map is a simple map that enables the Agent to take corrective
  # action in the case where the users may have typed in an incorrect URL
  # such as by specifying partial hostname or using an IP address to
  # access protected resources. It redirects the browser to the URL
  # with fully qualified domain name so that cookies related to the domain
  # are received by the agents.
  # The format for this property is:
  # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
  # This property can also be used so that the agents use the name specified
  # in this map instead of the web server's actual name. This can be
  # accomplished by doing the following.
  # Say you want your server to be addressed as xyz.hostname.com whereas the
  # actual name of the server is abc.hostname.com. The browsers only knows
  # xyz.hostname.com and you have specified polices using xyz.hostname.com at
  # the Access Manager policy console, in this file set the mapping as
  # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
  # Another example is if you have multiple virtual servers say rst.hostname.com,
  # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
  # abc.hostname.com and each of the virtual servers have their own policies
  # defined, then the fqdnMap should be defined as follows:
  # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  com.sun.am.policy.agents.config.fqdn.map =
  # Cookie Reset
  # This property must be set to true, if this agent needs to
  # reset cookies in the response before redirecting to
  # Access Manager for Authentication.
  # By default this is set to false.
  # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
  com.sun.am.policy.agents.config.cookie.reset.enable=false
  # This property gives the comma separated list of Cookies, that
  # need to be included in the Redirect Response to Access Manager.
  # This property is used only if the Cookie Reset feature is enabled.
  # The Cookie details need to be specified in the following Format
  # name[=value][;Domain=value]
  # If "Domain" is not specified, then the default agent domain is
  # used to set the Cookie.
  # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
  # token=value;Domain=subdomain.domain.com
  com.sun.am.policy.agents.config.cookie.reset.list=
  # This property gives the space separated list of domains in
  # which cookies have to be set in a CDSSO scenario. This property
  # is used only if CDSSO is enabled.
  # If this property is left blank then the fully qualified cookie
  # domain for the agent server will be used for setting the cookie
  # domain. In such case it is a host cookie instead of a domain cookie.
  # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
  com.sun.am.policy.agents.config.cookie.domain.list=
  # user id returned if accessing global allow page and not authenticated
  com.sun.am.policy.agents.config.anonymous_user=anonymous
  # Enable/Disable REMOTE_USER processing for anonymous users
  # true | false
  com.sun.am.policy.agents.config.anonymous_user.enable=false
  # Not enforced list is the list of URLs for which no authentication is
  # required. Wildcards can be used to define a pattern of URLs.
  # The URLs specified may not contain any query parameters.
  # Each service have their own not enforced list. The service name is suffixed
  # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
  # for a particular service. SPACE is the separator between the URL.
  com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
  # Boolean attribute to indicate whether the above list is a not enforced list
  # or an enforced list; When the value is true, the list means enforced list,
  # or in other words, the whole web site is open/accessible without
  # authentication except for those URLs in the list.
  com.sun.am.policy.agents.config.notenforced_list.invert = false
  # Not enforced client IP address list is a list of client IP addresses.
  # No authentication and authorization are required for the requests coming
  # from these client IP addresses. The IP address must be in the form of
  # eg: 192.168.12.2 1.1.1.1
  com.sun.am.policy.agents.config.notenforced_client_ip_list =
  # Enable POST data preservation; By default it is set to false
  com.sun.am.policy.agents.config.postdata.preserve.enable = false
  # POST data preservation : POST cache entry lifetime in minutes,
  # After the specified interval, the entry will be dropped
  com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
  # Cross-Domain Single Sign On URL
  # Is CDSSO enabled.
  com.sun.am.policy.agents.config.cdsso.enable=false
  # This is the URL the user will be redirected to for authentication
  # in a CDSSO Scenario.
  com.sun.am.policy.agents.config.cdcservlet.url =
  # Enable/Disable client IP address validation. This validate
  # will check if the subsequent browser requests come from the
  # same ip address that the SSO token is initially issued against
  com.sun.am.policy.agents.config.client_ip_validation.enable = false
  # Below properties are used to define cookie prefix and cookie max age
  com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
  com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
  # Logout URL - application's Logout URL.
  # This URL is not enforced by policy.
  # if set, agent will intercept this URL and destroy the user's session,
  # if any. The application's logout URL will be allowed whether or not
  # the session destroy is successful.
  com.sun.am.policy.agents.config.logout.url=
  # Any cookies to be reset upon logout in the same format as cookie_reset_list
  com.sun.am.policy.agents.config.logout.cookie.reset.list =
  # By default, when a policy decision for a resource is needed,
  # agent gets and caches the policy decision of the resource and
  # all resource from the root of the resource down, from the Access Manager.
  # For example, if the resource is http://host/a/b/c, the the root of the
  # resource is http://host/. This is because more resources from the
  # same path are likely to be accessed subsequently.
  # However this may take a long time the first time if there
  # are many many policies defined under the root resource.
  # To have agent get and cache the policy decision for the resource only,
  # set the following property to false.
  com.sun.am.policy.am.fetch_from_root_resource = true
  # Whether to get the client's hostname through DNS reverse lookup for use
  # in policy evaluation.
  # It is true by default, if the property does not exist or if it is
  # any value other than false.
  com.sun.am.policy.agents.config.get_client_host_name = true
  # The following property is to enable native encoding of
  # ldap header attributes forwarded by agents. If set to true
  # agent will encode the ldap header value in the default
  # encoding of OS locale. If set to false ldap header values
  # will be encoded in UTF-8
  com.sun.am.policy.agents.config.convert_mbyte.enable = false
  # The following property is to enable encoding of URL special
  # chars, if any. If set to true agent will encode URL special
  # characters before sending for policy evaluation.
  com.sun.am.policy.agents.config.encode_url_special_chars.enable = false
  #When the not enforced list or policy has a wildcard '*' character, agent
  #strips the path info from the request URI and uses the resulting request
  #URI to check against the not enforced list or policy instead of the entire
  #request URI, in order to prevent someone from getting access to any URI by
  #simply appending the matching pattern in the policy or not enforced list.
  #For example, if the not enforced list has the value http://host/*.gif,
  #stripping the path info from the request URI will prevent someone from
  #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
  #However when a web server (for exmample apache) is configured to be a reverse
  #proxy server for a J2EE application server, path info is interpreted in a different
  #manner since it maps to a resource on the proxy instead of the app server.
  #This prevents the not enforced list or policy from being applied to part of
  #the URI below the app serverpath if there is a wildcard character. For example,
  #if the not enforced list has value http://host/webapp/servcontext/* and the
  #request URL is http://host/webapp/servcontext/example.jsp the path info
  #is /servcontext/example.jsp and the resulting request URL with path info stripped
  #is http://host/webapp, which will not match the not enforced list. By setting the
  #following property to true, the path info will not be stripped from the request URL
  #even if there is a wild character in the not enforced list or policy.
  #Be aware though that if this is set to true there should be nothing following the
  #wildcard character '*' in the not enforced list or policy, or the
  #security loophole described above may occur.
  com.sun.am.policy.agents.config.ignore_path_info = false
  # Override the request url given by the web server with
  # the protocol, host or port of the agent's uri specified in
  # the com.sun.am.policy.agents.agenturiprefix property.
  # These may be needed if the agent is sitting behind a ssl off-loader,
  # load balancer, or proxy, and either the protocol (HTTP scheme),
  # hostname, or port of the machine in front of agent which users go through
  # is different from the agent's protocol, host or port.
  com.sun.am.policy.agents.config.override_protocol =
  com.sun.am.policy.agents.config.override_host =
  com.sun.am.policy.agents.config.override_port =
  # Override the notification url in the same way as other request urls.
  # Set this to true if any one of the override properties above is true,
  # and if the notification url is coming through the proxy or load balancer
  # in the same way as other request url's.
  com.sun.am.policy.agents.config.override_notification.url =
  # The following property defines how long to wait in attempting
  # to connect to an Access Manager AUTH server.
  # The default value is 2 seconds. This value needs to be increased
  # when receiving the error "unable to find active Access Manager Auth server"
  com.sun.am.policy.agents.config.connection_timeout =
  # Time in milliseconds the agent will wait to receive the
  # response from Access Manager. After the timeout, the connection
  # will be drop.
  # A value of 0 means that the agent will wait until receiving the response.
  # WARNING: Invalid value for this property can result in
  # the resources becoming inaccessible.
  com.sun.am.receive_timeout = 0
  # The following property in milliseconds indicates how long the
  # socket connection needs to be kept open.
  # The default value is 0 which implies no timeout.
  com.sun.am.connect_timeout = 0
  # This property determines the amount of time (in minutes) after which
  # the agent polls whether the primary server is up and running.
  # The default value is 5 minutes
  com.sun.am.poll_primary_server = 5
  # Indicate if the socket option TCP_NODELAY should be enabled.
  # Possible values are true or false. Default is false
  com.sun.am.tcp_nodelay.enable = false
  com.sun.am.policy.agents.config.locale = en_US
  # Set the IIS filter priority. The choices are
  # HIGH - IIS5 filter priority is HIGH.
  # LOW - IIS5 filter priority is LOW.
  # MEDIUM - IIS5 filter priority is MEDIUM.
  # DEFAULT - IIS5 filter priority is DEFAULT.
  com.sun.am.policy.agents.config.iis.filter_priority = HIGH

• WRE54G and WAP54G DHCP Problem

  Hi,
  Please can someone help me. 
  Current setup:-
  Cisco ASA 5505 with DHCP Server enabled on the inside interface.
  Linksys  WAP54G cabled directly into the above interface on the Cisco ASA.
  Linksys WRE54G with a wireless connection to the above access point using the same SSID and Channel.
  When connecting my laptop to the linksys access point, the laptop obtains an IP address allocated from the Cisco ASA and works perfectly.
  When adding the WRE range extender into the mix and connecting my laptop via the extender the laptop fails to obtain an IP address. The extender is connecting to the AP ok, it has 2 blue lights and i get a strong signal.
  I have carried out packet captures on both my laptop and the inside interface of the CISCO ASA. The capture on my laptop shows DHCP discovery packets leaving my wireless interface, however, i receive no acknowledgement. when i run the same capture on the Cisco ASA i see the discovery packet hit the interface and a subsequent dhcp offer packet leave the interface, however, the offer packet does not reach the laptop when connecting via the extender.
  Can anyone kindly offer any advise that doesnt involve throwing the extender in the bin!!?
  Thanks

  The WRE54G is connected after the WAP.
  The router's IP is 10.10.10.254 and is configured to allocate DHCP addresses within this range.
  The AP's management IP is 10.10.10.1 and the gateway is 10.10.10.254 (router address).
  The Extender's management IP is 10.10.10.2 and the gateway is 10.10.10.254 (router address).
  When connecting to the wireless network via the AP, it connects and receives an address.
  When connecting to the wireless network via the extender, it connects but does not receive a DHCP address. Signal is strong and the extender shows both blue lights.
  Message Edited by marchingontogether on 02-03-2010 06:31 AM

• Question regarding Airport and DHCP settings

  I currently had a Dlink 624 router that just died. I need to get a new wifi router and was looking at the airport extreme base station...
  the question I have is with Dlink my dhcp is set to send out 192.168.0.xxx to my network. The apple is 10.0.0.xxx I believe. Can you change the airport extreme base station to 192.168.0.1? and serve 192.168.0.xxx across the network? The issue I have is I have other wifi devices that are already preset to accept the 192.168.0.xxx.

  AirPort Extreme Base Station Setup (AEBS) w/High-Speed Cable Modem
  Modem/Router Power ReCycling
  - Power-off the Cable modem, AEBS, & computer(s). (If possible, leave the modem off overnight.)
  - Power-on the Cable modem; Wait at least 30 minutes.
  - Power-on the AEBS; Wait at least 5 minutes.
  - Power-on the computer(s)
  Perform a "hard" reset of the AEBS.
  - (ref: http://docs.info.apple.com/article.html?artnum=107451)
  Setup the AEBS
  With the network components powered down, set up the AEBS, using the AirPort Admin Utility, connect your computer directly (using an Ethernet cable) to the LAN port of the AEBS, and then, try these settings:
  AirPort tab
  - Base Station Name: <whatever you wish or use the default>
  - AirPort Network Name: <whatever you wish or use the default>
  - Create a closed network (unchecked)
  - Wireless Security: Not enabled
  - Channel: Automatic
  - Mode: 802.11b/g Compatible
  Internet tab
  - Connect Using: Ethernet
  - Configure: Using DHCP
  - WAN Ethernet Port: Automatic
  Network tab
  - Distribute IP addresses (checked)
  - Share a single IP address (using DHCP & NAT) (enabled)
  - Use 192.168.0.1 addressing

• How do I configure my time capsule to DHCP mode?  I had to replace my DSL router, had a network set up before.

  I recently had to replace my DSL router.  My provider, Earthlink, walked me through the setup and I do have internet access if I connect directly to my Mac.  When I tried to use my time capsule, it would not work.  The Earthlink tech said I needed to reconfigure my time capsule to DHCP mode.  I tried the set up manual and could not make sense of it.  My 90 free service is long gone.

  and the text in the router mode box came up DHCP and NAT, but the lettering was in a lighter shade than elsewhere and I could not open the drop down box.
  You would have had to change some other settings on the AirPort to be able make changes in the drop down Router Mode box.
  Your AirPort is already configured as Earthlink suggests.
  Try powering off the entire network...all devices....in any order you want
  Wait a few minutes
  Start the Earthlink modem first and let it run 2-3 minutes by itself
  Start the Time Capsule and let it run a full minute
  Keep starting other devices the same way until everything is powered back up
  Check the network
  If still no improvement, I think you need to let Earthlink know that you have done as they asked, and ask for more steps to try.
  Hopefully, another Earthlink user will see this post and offer any special information or tips that only they would know.

• How do i use my own dhcp server with airport extreme

  I just bought an airport extreme and I'm trying to replace my linksys router and another access point.
  I have my own dhcp/dns server and I want to continue using it. So far, I was not able to find the way to use NAT without DHCP (like I'm doing now with my current setup).
  I want to give the device another chance before I return it to the store. Is there anything I can do?
  Thanks

  I thought that you could figure out the answer for yourself, but if you need more confirmation.....the choices/options that you need do not exist on an AirPort router.
  Cisco or Netgear might be brands to look at.  Good luck in your quest.

• How do I access router setup page if the router DHCP service is disabled?

  When I had DSL, my WRT54G was my DHCP master for my home network.  When I got AT&T U-Verse, their "gateway" became the DHCP master and also the wireless access point.  But the signal was not strong enough where I wanted to use it, so I hooked up the WRT54G again.  I discovered that if I connected the U-Verse gateway to the "Internet" port on the WRT54G Linksys, then my home network was split in two, which I did not want.  The WRT54G access point is physically somewhat distant from my wired computer, so I wanted to keep the U-Verse gateway as the DHCP master. (The U-Verse gateway is a router with four "computer" ports but no "Internet" port.)
  I followed instructions on the Linksys web site, and using my wi-fi connected computer I re-programmed the WRT54G to be "Disabled" as a DHCP server.  Then I powered down and physically connected the U-Verse gateway to a "Computer" port on the WRT54G.  This solved my problem:  my distant wi-fi computer now has a good signal, and both computers "see" each other.
  However, now I seem to have lost access to the WRT54G setup "web page."  Is it possible to access the innards of the WRT54G when its DHCP service is disabled?  Or would I have to reset the device to factory configuration and start all over if I wanted to make any tweaks?

  You can still access the router's web configuration pages even if the internal DHCP server is disabled and it is connected via a LAN Ethernet port to your upstream router. 
  Did you reserve and IP addresses on the Uverse router for static IPs?
  If you did, assign one of these to the Linksys router (LAN) and you will be able to access it from your LAN. Since you are not using the WAN port, the Linksys router will not pull an IP from the Uverse router. You are using the device as a switch. 

• Oracle10g Installation problem on Linux with DHCP IP

  Hi,
  I am new to Oracle Products, I have tried to install Oracle 10G on Linux with DHCP IP.
  I got the following warning while installing even though I have loopback interface configured.
  Checking Network Configuration requirements ...
  Check complete. The overall result of this check is: Failed <<<<
  Problem: The install has detected that the primary IP address of the system is DHCP-assigned.
  Recommendation: Oracle supports installations on systems with DHCP-assigned public IP addresses. However, the primary network interface on the system should be configured with a static IP address in order for the Oracle Software to function properly. See the Installation Guide for more details on installing the software on systems configured with DHCP.
  Please help me in resolving this problem or Can I ignore this message?
  My Server Configurations:
  [root@SQAESMRH5 Oracle_Install_Errors]# ifconfig
  eth0 Link encap:Ethernet HWaddr 00:12:3F:79:FA:2C
  inet addr:10.10.121.61 Bcast:10.10.121.2 Mask:255.255.255.0
  inet6 addr: fe80::212:3fff:fe79:fa2c/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:20751998 errors:0 dropped:0 overruns:0 frame:0
  TX packets:19278549 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:2150795393 (2.0 GiB) TX bytes:438232502 (417.9 MiB)
  Interrupt:177
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:12383146 errors:0 dropped:0 overruns:0 frame:0
  TX packets:12383146 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:1965045834 (1.8 GiB) TX bytes:1965045834 (1.8 GiB)
  [root@SQAESMRH5 Oracle_Install_Errors]# cat /etc/hosts
  # Do not remove the following line, or various programs
  # that require network functionality will fail.
  #::1 localhost6.localdomain6 localhost6
  127.0.0.1 localhost.localdomain localhost
  #::1 localhost6.localdomain6 localhost6
  [root@SQAESMRH5 Oracle_Install_Errors]#

  This warning means it is not recommended to install Oracle 10g on a DHCP assigned IP address. It could work, but you won't be able to configure Enterprise Manager, since this tool requires a fixed IP address. If possible, have the IP address fixed.
  ~ Madrid
  http://hrivera99.blogspot.com/