NAC DHCP server subnet-list issue
Hello everyone,
I currently setup the CAS as a layer 3 IB deployment, and use the CAS as the DHCP server for our remote subnets.
My issuse is when I configure the IP address pool, I have to check option "Retrict range to REALY IP", and can only put one IP address of the remote router IP address to make the DHCP server function working.
But our remote routers are configured HSRP for the user subnets, and I find that it use the physical ip address instead of the virtaul ip address to encapsulate the DHCP rely packets. If I put the HSRP virtual IP, it could not work. If I put the primary router's physical interface IP, how about it failover to the standby router?
Could anyone help me for this problem?
Thanks in advance.
Jason
Never had this issue before, it should not occur under normal circumstances.
Two tips:
1: Although not 100% applicable, please verify that your config includes the command: ip subnet zero.
2: Verify that your IOS is recent and not ED, T or whatsoever. If possible load a GD image.
Regards,
Leo
Similar Messages
-
Hi,
I'm having an issue with ip address conflict or "bad_address"
I've checked for rogue dhcp server with wireshark. One issue i'm having is that the mac address of the device getting the bad_address issue on the dhcp server is only 8 characters. There is no such device like that on my network. This would be occuring every
other week. Removing it solved the problem, but how do i find the culprit of this problem?
Thanks.What confuses me, is that it works fine at one site with all of your Windows 7 machines, but not the other. So something up with the DHCP Server? As I asked before, is it multihomed? If RRAS is installe on it, that constitutes multihoming, too.
OTH, Windows 7/Vista's DHCP Lease behavior is a bit different than XP. And keep in mind, we can't discount server side issues, yet, or we can look at this as a combo of the facts. In addition, if anything is on a VLAN, then that's another layer of "something"
else that we need to look at.
Anyway, here are my notes on Windwos 7/Vista DHCP lease behavior differences:
Windows 7 DHCP Lease Behavior is different than Windows XP upon startup
DHCP Client Behavior
http://blogs.technet.com/b/networking/archive/2009/01/29/dhcp-client-behavior.aspx
If the DHCP client obtained a lease from a DHCP server on a previous occasion, and the lease is still valid (not expired) at system startup, the client tries to renew its lease.
If, during the renewal attempt, the client fails to locate any DHCP server, it attempts to ping the default gateway listed in the lease, and proceeds in one of the following ways:
•If the ping is successful, the DHCP client assumes that it is still located on the same network where it obtained its current lease, and continues to use the lease as long as the lease is still valid. By default the client then attempts, in the background,
to renew its lease when 50 percent of its assigned lease time has expired.
•If the ping fails, the DHCP client assumes that it has been moved to a network where a DHCP server is not available. The client then auto-configures its IP address by using the settings on the Alternate Configuration tab. When the client is auto-configured,
it attempts to locate a DHCP server and obtain a lease.
As a workaround, you can force a Windows Vista or Windows 7 DHCP client to keep the old DHCP lease by adding registry key “DontPingGateway” if connectivity fails, see the resolution in the KB article below:
Windows Vista does not keep its DHCP IP address if a DHCP server is not available (works for Windows 7, too):
http://support.microsoft.com/kb/958336
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Hi,
We are facing a very weird issue with one of our DHCP server. The DHCP server is Windows 2008 Server. We have configured the scope. The clients are getting the IP address from DHCP server, and the lease is showing in the DHCP console. But after some time
the Lease information gets removed from DHCP Server Console. The client still keeps that IP and we can ping that PC. Lease information keeps coming and going from Console. If I check the DHCP log file I can see that DHCP server is assigning same IP to same
host again and again.
Sometime the same IP gets assigned to other PC and IP conflict occurs. We have tried changing the DHCP server but same issue.
Please suggestHi,
You referred the issue occurred on one of the DHCP servers. Could you tell the relationship among the issued on and the others?
Can you share a snippet log file that is unusual?
Meanwhile, you can try the articles. Especially for the subtitle “The DHCP server appears to have suffered some data corruption or loss.”
Troubleshooting DHCP servers
http://technet.microsoft.com/en-us/library/cc779112(v=ws.10).aspx#BKMK_4 -
NAC guest server-user poster assesment problem
Dear all,
Please assist me for NAC guest server poster assesment issue.
Scenario is like we have NAC guest server and all wireless guest users authenticate through Guest Server.
Its working fine.
But customer wants to apply poster assement on guest users through existing CAS and CAM.
Guest_users-------AP-------WLC------- NAC_Guest_Server----------internetThanks for reply.
Actually in my network we have cas and cam integrate with WLC for internal users. Its working fine.No issue. Poster assesment and authentication working fine.
We have also NGS server which is integrate with WLC for web authentication fow guest wireless users.
It is also working fine.Authentication happened through NGS server succesfully.
But now I wanted to force poster assesment for wireless guest users which are authenticated through NGS server. -
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu -
NAC implementation wi thout DHCP Server
Dear Experts,
Is it possible to deploy NAC without having DHCP server in the network? We have some 300-400 users in the campus and want to enable NAC for them.
As per my understanding Cisco NAC cannot be deployed without DHCP server in the network, however it is not documented anywhere on the site. Currently all users' machines are configured with static IP.
We want to do user authentication, AV remediation and Patch deployment through NAC. Is it possible to deploy NAC without DHCP server??
Thanks in advance.
nayanHi,
Here is the basic flow of clean access for both inband and out of band: (http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_white_paper0900aecd802bdc42.html)
Figure 1. Laptop Attempts to Access the Internal Network
1. When the laptop first accesses the network, the Cisco Clean Access Server determines that the computer's MAC address is not in the list of certified devices, and that laptop is placed into an unauthenticated role. While in this role, only User Datagram Protocol (UDP) Port 53 (Domain Name System [DNS]) and Dynamic Host Control Protocol (DHCP) traffic (via DHCP and VLAN passthrough) is allowed.
2. The laptop gets an IP address from the DHCP server, but cannot get past the Clean Access Server acting as an IP filter.
3. The laptop user opens a browser and is redirected to an SSL-based Web login page where she enters her credentials, which in turn map her into the "employee" role.
4. As an "employee," she is asked to download the Clean Access Agent.
5. The Clean Access Agent performs the posture assessment and forwards the results to the Clean Access Server to make the network admissions decision.
Tarik Admani
*Please rate helpful posts* -
Hi guys,
i have problem use nac server as dhcp server at different subnet.
one thing that i want to know is dhcp in NAC server support unicast dhcp messages ?
because when client use layer 2 connection to nac server, dhcp works fine. i think they use dhcp broadcast message.
thanksHi,
Ensure your internal network can ping the DHCP server, which in this case I think is your Hyper-V host. This probably requires that you configure an IP address on your Hyper-V host that matches the subnet you have configured on the DHCP scope.
When you add a virtual network to Hyper-V, this will add a virtual network adapter on the Hyper-V host. You can see the adapter in ipconfig with a name that matches the name of the virtual switch, for example: Ethernet adapter vEthernet (Internal Network).
I'm not sure what your goals are here. It sounds like you want to give the VMs access to the Internet, which can be done much more simply by just creating an External virtual network rather than an Internal one with NAT.
Whatever your configuration, consider that DHCP works only one of two ways:
1. DHCP server exists on the same subnet as the scope subnet and shares one of these subnet IP addresses.
2. DHCP server has a different IP address than the scope, and clients use DHCP relay to get to the DHCP server.
If you don't have a DHCP relay, then you must use the first method.
-Greg -
NAC guest server and guest proxy filtering issue.
Hi all
Continuing our issues log for the NAC guest server install, our toplogy and issue is as follows:
We have a guest NAC server and a 4404 anchor controller successfully deployed in the DMZ, the anchor WLC has a mobilty anchor which is a WISM on the corporate network, DHCP services for guest clients are issued with no problems from the WLC in the DMZ. The first port of the DMZ controller is located on the DMZ and the second port directly connects to the firewall interface.
All works correctly, DNS, DHCP, NTP, SNMP etc all work fine through the firewall.
What options do I have to filter Internet access in this scenario, we have Websense and Nokia firewalls, don't think I can use WCCP as I have nowhere to place it, the second connection on the WLC is directly connected to the firewal so nowhere to intercept the traffic, our security team has tried some tricks on the Nokia to try to redirect the traffic on the firewall using a type of redirect, WPAD, I can't see as an option. Any ideas. If I place the second interface into the DMZ, could I use WCCP that way maybe, but won't traffic still have to go to the firewall??
options please ??Well you will need to use a 3rd party certificate.. Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Here is a link for the NGS:
http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ
The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems. So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue. -
DHCP server and ip helper-address issue
Question,
By accident I had configured an IP HELPER-ADDRESS on a VLAN interface pointing to a DHCP server with an IP addrees in the same VLAN ( ip subnet ).
Some users had complaints and there were BAD ADDRESS entries in our DHCP server registered.
Can anyone explain to me why this is an issue please ?
My guess is that the the DHCP server receives the DHCPREQUEST from the client via the braodcast request and via the unicast request from the ip helper-address configuration. But does this really interfere with the DHCPACK and DHCPOFFER packets afterwards ?Alex,
I've not been able to capture the network packets but I can understand if the server would send DHCPNACK requests ( wxhich would be a normal process ).
I just don't understand why so many users suddenly have issues and my DHCP scope is filling up with BAD ADDRESSES.
My assumption is that the client receives 2 valid DHCP responses ( one form the actual DHCP server and another one from the router, acting as DHCP relay agent ) and acknowledges them, but the DHCP process is somewhere corrupted ( either on the DHCP server or the DHCP client ).
I want a technical explanation for this issue :-) -
WRT54GC Static DHCP listing issue
Hello:
I have the latest firmware installed (1.02.8) and I am running into an issue:
I currently have my WRT54GC to act as a DHCP server with 100 clients; I set each of my PC's to DHCP, but the WRT54GC will serve the same IP address to each PC ("Static DHCP"). I currently have seven MAC listed in the static DHCP list, but when I attempt to add another MAC and save the settings, it times out. This has happened consistently where it appears only seven MAC's are allowed. I can edit the existing seven without an issue, but adding any more PC's times out the router.
Any ideas? I have flashed the router a number of times to no effect.
TIA.
[8F] The NyQuil KidMessage Edited by nyquilkid on 07-14-2006 07:15 AM
Message Edited by nyquilkid on 07-14-2006 07:16 AMHi All,
Ok,first - try to delete 7-th MAC address and IP,then click "save settings"
When it finished with rebooting,connect and try to fill the 7-th MAC with IP Address.
It should work!!!
That happening,cou'se first you should free the MAC Lock in router's memory,reboot to free it and delete from memory,and then you can fill new MAC Lock function.
Good Luck!!!
Message Edited by gochev_george on 03-16-200701:58 AM
Message Edited by gochev_george on 03-16-200702:00 AM
Thanks
Kind Regards
ing.George Gochev
DSL and Telecommunications Engineer -
Project Server 2012, SharePoint 2013
I have a task with a few attached issues, risks and documents. And I see links to that in the PWA project plan (as icons).
But when resource open his PWA task pane attachment lists (issues, risks and documents) are empty.
Why? How to add documents in that lists?Hi,
I have a solution that might work for you, please follow steps below:
1) Go to your project schedule, make a small modification to any task on schedule and 'Publish' the project.
2) While your project is being published and saved, open another window
Server Settings -> Manage Queue Jobs
3) Here you can view the progress of your current Project Publishing update, check if all goes smooth and your project is published successfully without indicating any errors of issues like :
Reporting transfer WSS links failed ( to view any error look at the last column of table on Manage Queue Job page)
4) Also in your Project window see if the project is published and not saved as Draft.
Basically this will give you a fair idea of your project being published or not, if not that there is some problem with your Lists ( Risks, Issues and Documents).
Regards -
ISE reimage 1.1.4 on NAC 3355 Server Issues
g'day All,
I'm having trouble with an ISE re-image of a NAC 3355 server presently. I have successfully download the iso for 1.1.4 ise and burnt it to dvd, I've gone through the remiage process, with all the packages being installed successfully (or so it appears) there were no issues during the packages being uploaded and installed from the DVD.
My issue is, when the box reboots and I am presented with the login prompt where I can type 'setup' to start the initial config script, I can enter all the relevant details and the system brings up the newtork interface, pings the default gateway and nameserver successfully (I don't see any errors that the pings have failed) and it appears to start installing ISE.
I get the on screen message about not using "Ctrl C from this point", then I see the 'installing applications....' on screen message, but rather than seeing the 'Installing ISE' on screen message as detailed in the 1.1.x hardware installation guide, my install jumps straight to on screen message 'generating configurations' then the box reboots.
Once the box reboots, I am able to log in with the username/password combo I entered in the intial setup script, but I don't get any further on screen messages or prompts to create a database password, etc. I only get the cli prompt. I am able to navigate around the cli fine, I can ping gateway and nameservers from the CLI fine, but if I do a show application, it comes back with nothing. If I do a application configure ise, the cli states that ise is not installed.
help please guys.
Cheers,
JS.Hello James,
How do you made your install ? Using KVM or Serial port ?
I had same problems with serial install : I was imaging (1.1.4) some appliance (3315 & 3395) at the same time with one PC/console cable that I plug & unplug from one appliance to another for following the install progress. But on several appliance, I was not prompt for the admin & user database passwords.
The result was the same than you : The appliance booted, but ISE application was not installed.
I have got no problems the next time when I have try to reimage the appliance with serial cable but WITHOUT UNPLUG IT from the begining to the end ! The database users/admin DB password were asked and the install was successfull on all my appliances.
Also you have to check the system time/date/timezone in the BIOS setting of Appliance as describe on the hardware install guide.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_install_guide.html
Have you check the MD5 or your ISO ?
Hope you'll able to finish properly your install. -
NAC guest server with RADIUS authentication for guests issue.
Hi all,
We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
-----START QUOTE-----
Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
•Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
•Self Service—This option allows guest self service. After selection proceed to Step 8.
•Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
----- END QUOTE-----
Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
Regards
Kevin WoodhouseWell I will try to answer your 2nd questions.... will it work... yes. It is like any other radius server (high end:)) But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD. Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right. Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that. That is my opinion. -
Best practice configure DHCP server NAC
hi all,
any idea how the best practice deploy dhcp on cas? i tired follow user guide configure dhcp on cas but still cannot running smoothly user just only grep ip authenticate.
- CCA agent very slow appear when user get ip dhcp on authenticate.any idea ?
- how to integrated profiler with nac appliance .?Hi ahmed,
You have configured your CAS to be your DHCP server, Thats well and good because you are using Real IP mode, Which Supports the CAS to be a DHCP server.
Remember
This Setting is only For your Authentication VLAN that your client gets an ip While Authentication ok.
When your Client switches to Access VLAN , your client trafiic no longer flows through the CAS so CAS is now not responsible for DHCP.
You'll have to configure another DHCP on the Trusted Side which can Lease IPs to the Acess VLAN Members.
As you have configured OOB then your client is in Acess VLAN and does not come in contact with the CAS so you need the Trusted side DHCP to give the Client an IP address.
Here in your Scenario your ACCESS VLANS are 2022,2044
Hope this helps, Do reply after Testing.
Thank You
Regards
Edward -
I am using this as an access point rather than router. I have a separate DHCP Server (Windows 2003 Ent. Server). I went in and disabled the DHCP server after upgrading to software 1.01.14, but it still is sending response to DHCP requests. Has anyone ever dealt with a similar problem? I am about to rollback to a previous version of firmware, but needed to upgrade to resolve another issue I was having. TIA
LRPenguinYou said that you have a win2003 DHCP server, even if you disable the DHCP capability on the router, your win2003 is the one providing the DHCP address on you computer.
Maybe you are looking for
-
Arabic Language compatability- Will XI accept Arabic accept arabic language
Hi, I just wanted to know whether XI is compatible with Arabic langauge.I mean , if a message comes in XI which has Arabic text in some fields ,then will XI process this Arabic languae and send the same arabic text to the traget system.I found some t
-
Change the font of Eterm so can use ñ and á chars
I've been in a lot of sites on the web trying to find a way to make Eterm use fonts that accept spanish chars like ñ or á and have found nothing. Can anyone point me in the right direction?. I have use the xlsfonts command so it showed me the fonts t
-
Feedback on several containerController
Hi, If you use several dynamic ContainerContainer, the last container must NOT be empty. Otherwise you can get some #1009 error on text selection... in any case, it's my case. In my app, if the text in the TextFlow is not present in all containerCont
-
ORA-19502 while adding a tablespace
Hello All, I am using ORACLE 10g R2, on LINUX, red hat 5 When i am trying to add a tablespace through Enterprise manager I am getting the below error: Failed to commit: ORA-19502: write error on file "/u01/app/oracle/oradata/IMALREF/MDB_O10_DATA", bl
-
How to swap two primitive dataelements using swap function??
How to write a swap function that can swap two integer..??