No response DHCP server

Hi All all new to this  hope you can help!!!
 set my new laptop  to wireless network and all was fine ,till windows updated  and having all sort of problems connecting to the net .did a manual diagnostic tool  when i tryed to connect and no good and failed in ping test - no response DHCP server.I dont know why because it was all working good before no now !! murray
 ps  all new to wireless networking  please be kind.

its for my laptop went and got a linksys wireless router WRT54PG2-EA set it up and all worked fine for two weeks,the other day when i turned my laptop windows ( VISTA) and norton internet security  updated still worked fine didnt turn the computer off at all come back after a hour, cant get on the net ,at that stage rang linksys 24 hour techical support pluged my laptop to the router  via network cable they cheaked  it and all fine . when i unplug the network cable it can find a wireless network - connect to net work  can no do comes up SECURITY-ENABLED NETWORK ok then i did a manual diagnostics  fails on the ping test (useing vista )pluged the network cable and let the windows fix the problem,done that ok unplug the network cable try to connect  no good by that time my hair was falling out not that i have much hair left-come up NO RESPONSE DHCP SERVER.
When its all pluged via network cable  the internet works fine it the wireless side of things.
Do i get hold of my ISP or microsoft ,Linksys or Toshiba because i do not know !!!
Murray thank you .

Similar Messages

  • Remote access VPN with ASA 5510 using DHCP server

    Hi,
    Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
    I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
    ASA Version 8.2(5)
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 10.6.0.12 255.255.254.0
    ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
    route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
    crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map dyn1 1 set transform-set FirstSet
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto map mymap interface inside
    crypto isakmp enable inside
    crypto isakmp policy 1
      authentication pre-share
      encryption 3des
      hash sha
      group 2
      lifetime 43200
    vpn-addr-assign aaa
    vpn-addr-assign dhcp
    group-policy testgroup internal
    group-policy testgroup attributes
    dhcp-network-scope 10.6.192.1
    ipsec-udp enable
    ipsec-udp-port 10000
    username testlay password *********** encrypted
    tunnel-group testgroup type remote-access
    tunnel-group testgroup general-attributes
    default-group-policy testgroup
    dhcp-server 10.6.20.3
    tunnel-group testgroup ipsec-attributes
    pre-shared-key *****
    I got following output when I test connect to ASA with Cisco VPN client 5.0
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
    4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
    Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
    [OK]
    kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
    Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
    Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
    Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
    Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
    Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
    Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
    Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
    Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
    Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
    Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
    Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
    Regards,
    Lay

    For RADIUS you need a aaa-server-definition:
    aaa-server NPS-RADIUS protocol radius
    aaa-server NPS-RADIUS (inside) host 10.10.18.12
      key *****   
      authentication-port 1812
      accounting-port 1813
    and tell your tunnel-group to ask that server:
    tunnel-group VPN general-attributes
      authentication-server-group NPS-RADIUS LOCAL
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • How do I find where my DHCP server is on my network?

    I have a home network, a BT server, with an iMac, a MACBook Pro, two back-ups (Airports) and a Squeezebox (for internet radio).  The problem is that the Squeezebox keeps dropping out and informing me that it cannot find the DHCP server.  This did not used to be a problem, has happened failry recently, for no obvious reason.  Any help is much appreciated.

    start
    system information
    click network
    click Wi-FI or ethernet depending how you get your network on the mac
    scroll to the DHCP Server responses:
    look under it's Server Identifier

  • Using one controller as primary DHCP server for 2 or more controllers

    Here's my setup
    2 - 5508 controllers (40 APs per controller) running 6.0.196.0 (100 user license per controller)
    about 80 mixed - 1142 and 1252 APs, trying to put 40 APs on each controller
    One subnet connects two controllers together on the management interface on port 1 on both controllers. 10.x.x.x addresses.
    Port 2 on each controller (LAG not used) connects to a DMZ via dynamic interfaces for user traffic, 172.x.x.x addresses.
    I want to use one controller for all clients to get their DHCP addresses from (no matter what controller their AP is on)
    as a primary DHCP server (controller A as primary), then i'd like to point the clients to the other controller (controller B) to be used as a backup DHCP server in case Controller A fails. Also, the APs are setup to have the correct primary and secondary controllers under their high availability setting as well as the mobility group information.
    I want to avoid splitting my DHCP scopes between controllers, and I don't have a DHCP server dedicated to this project, so the 5508s should be able to do the job. Or at least I thought.
    When configuring the controllers with the proper DHCP scopes, this only seems to work for clients connecting to controller A. Clients on controller B don't get an address from controller A when pointing to that controller, in fact, the wierd thing is that debugging shows DHCP requests going out of port 2 (DMZ traffic) instead of port 1 (management) on controller B. Shouldn't they be going out of the interface that is specified with the DHCP configuration in the dynamic interface? And I don't have "override" turned on in the WLAN configuration so the DHCP server should be taken from the dynamic interface that the user resides on.
    Mobility groups are configured correctly between the two controllers and both the control and data paths are up between the two controllers. Another wierd thing, both controllers management interfaces are on the same subnet, no acls or filters, when the mobility groups are configured, controller A can ping controller B, but controller B cannot ping A. The status still shows as UP/UP in the mobility members windows, but they use mPing which seems to work fine. Remove the mobility group configuration and ping works just fine between the boxes. I don't know if this is related to my DHCP issues, but it would seem that if I put the controller A's management address in the dynamic interface configuration for DHCP on controller B, my clients on B should get an address from A's DHCP pool. Controller A's dynamic interfaces all point to controller A's management interface and they work just fine.
    I'm trying to load ballance my AP distribution between two boxes, and I'm also trying to have some controller redundancy.
    Controller A works just fine, it's in production. Trying to add another controller B to talk A for DHCP is the issue.
    Anyone have any clues?
    -Blair

    I guess i was under the impression that when mobility groups were cofigured, the lease time, along with other client information (mac address, IP address and such), would replicated from one controller to the other controller over the EoIP tunnel.  If that's not the case, then obviously I'll have to look elsewhere.
    Also, does this mean that it will not work, or just that it's not recommended.  If it does work and I have to fix something, at least I can move on with my testing, all while pursuing a DHCP server.  It doesn't sound like using an AP as a DHCP server is any better than using the controllers for that same purpose.
    Thank you for the quick response.

  • Internal DHCP Server on Wireless not working

    Hi community,
    I'm facing some problems to setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
    I have 2 networks: inside users (vlan 1) and external users (vlan)
    My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
    I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
    I have 2 SSID, one for inside, other to outside. Inside is working very well.
    To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
    Managemente interface (vlan 1 inside): 192.168.3.119/24
    Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
    I alredy checked the DHCP Proxy in Advanced option.
    See the output of the debug client:
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >debug client 00:27:10:ce:38:e8
    (Cisco Controller) >
    (Cisco Controller) >
    (Cisco Controller) >*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Association received from mobile on AP a4:18:75:03:e0:c0
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Global 200 Clients are allowed to AP radio
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Max Client Trap Threshold: 0  cur: 1
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Re-applying interface policy for client
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1851)
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3883 setting Central switched to TRUE
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3886 apVapId = 2 and Split Acl Id = 65535
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying site-specific Local Bridging override for station 00:27:10:ce:38:e8 - vapId 2, site 'default-group', interface 'externo-embratel'
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Local Bridging Interface Policy for station 00:27:10:ce:38:e8 - vlan 10, interface id 12, interface 'externo-embratel'
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 STA - rates (8): 140 18 152 36 176 72 96 108 48 72 96 108 0 0 0 0
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Processing RSN IE type 48, length 22 for mobile 00:27:10:ce:38:e8
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMsRunStateDec
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMs1xStateDec
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Change state to START (0) last state RUN (20)
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Initializing policy
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Change state to AUTHCHECK (2) last state START (0)
    *apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfPemAddUser2 (apf_policy.c:273) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Sending Assoc Response to station on BSSID a4:18:75:03:e0:c0 (status 0) ApVapId 2 Slot 1
    *apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfProcessAssocReq (apf_80211.c:6719) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
    *pemReceiveTask: Mar 26 17:45:11.393: 00:27:10:ce:38:e8 192.168.3.206 Removed NPU entry.
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Creating a PKC PMKID Cache entry for station 00:27:10:ce:38:e8 (RSN 2)
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Resetting MSCB PMK Cache Entry 0 for station 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 8
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 0
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Adding BSSID a4:18:75:03:e0:ce to PMKID cache at index 0 for station 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: New PMKID: (16)
    *dot1xMsgTask: Mar 26 17:45:11.394:      [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Initiating RSN PSK to mobile 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 dot1x - moving mobile 00:27:10:ce:38:e8 into Force Auth state
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Skipping EAP-Success to mobile 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
    *dot1xMsgTask: Mar 26 17:45:11.394: Including PMKID in M1  (16)
    *dot1xMsgTask: Mar 26 17:45:11.394:      [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Starting key exchange to mobile 00:27:10:ce:38:e8, data packets will be dropped
    *dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
                                                                                                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Received EAPOL-key in PTK_START state (message 2) from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
                                                                                                                        state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 apfMs1xStateInc
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 apfMsRunStateInc
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Reached PLUMBFASTPATH: from line 5982
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Adding Fast Path rule
      type = Airespace AP Client
      on AP a4:18:75:03:e0:c0, slot 1, interface = 1, QOS = 0
      IPv4 ACL ID = 255, IPv6 ACL ID =
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 10, Local Bridging intf id = 12
    *Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
    *pemReceiveTask: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 Added NPU entry of type 1, dtlFlags 0x0
    *pemReceiveTask: Mar 26 17:45:11.401: 00:27:10:ce:38:e8 Pushing IPv6: fe80:0000:0000:0000: 893c:4ed3:f9a0:b90f , and MAC: 00:27:10:CE:38:E8 , Binding to Data Plane. SUCCESS !!
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x..195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   xid: 0x464542f7 (1178944247), secs: 0, flags: 8000
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   chaddr: 00:27:10:ce:38:e8
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   siaddr: 0.0.0.0,  giaddr: 200.x.x.195
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP   requested ip: 192.168.3.206
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   xid: 0x464542f7 (1178944247), secs: 768, flags: 8000
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   chaddr: 00:27:10:ce:38:e8
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   siaddr: 0.0.0.0,  giaddr: 200.x.x.195
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP   requested ip: 192.168.3.206
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   xid: 0x464542f7 (1178944247), secs: 3072, flags: 8000
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   chaddr: 00:27:10:ce:38:e8
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   siaddr: 0.0.0.0,  giaddr: 200.x.x.195
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP   requested ip: 192.168.3.206
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195  VLAN: 10
    *DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
    (Cisco Controller) >
    What can be wrong?
    Thank you in advanced.

    Hi Plinio,
    I see your device connected twice. it connected to the first SSID successfully and I can see it got IP 192.168.3.206.
    Then it tries to get an ip from the other scope!! (while as the debugs show it is already connected and in RUN state).
    That is strange!!
    a question: do you have DHCP required enabled under your WLAN?
    Rating useful replies is more useful than saying "Thank you"

  • WLC 5760 with internal DHCP server, clients no get IP address

    Hi all,
    I have  2  Cisco 5760 WLC (active-standby)  IOS-Xe 03.03.03SE  with  one WLAN.
     sh wlan summary 
    Number of WLANs: 1
    WLAN Profile Name                     SSID                           VLAN Status 
    1    Invitados_ADSL                   Guest                          905  UP
    sh vlan         
    VLAN Name                             Status    Ports
    1    default                          active    Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
                                                    Te2/0/4, Te2/0/5, Te2/0/6
    100  VLAN0100                         active    Te1/0/1, Te2/0/1
    101  Planta_1                         active    
    905  Internet                         active    Te1/0/2, Te2/0/2
    The DHCP server is internal.
    Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
    The workaround done by me to solve the issue is “clear  ip dhcp  binding *”.
    Some days later the problem appears again.
    I see this bug with a similar problem:
    NGWC blocks DHCP traffic if wireless broadcast disabled
    CSCun88928
    Description
    Symptom:
    Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
    In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
    Conditions:
    Seen on 3.3.2 IOS-XE
    Workaround:
    Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
    OR
    Enable "wireless broadcast" globally
    My DHCP configuration is:
    ip dhcp relay information trust-all
    ip dhcp snooping vlan 905
    ip dhcp snooping
    ip dhcp excluded-address 172.16.0.1 172.16.0.19
    ip dhcp excluded-address 172.16.1.250 172.16.1.254
    ip dhcp pool Invitados
     network 172.16.0.0 255.255.254.0
     default-router 172.16.0.1 
     dns-server 212.66.160.2 212.49.128.65 
     lease 0 8
    I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
    DHCP Snooping and Trust Configuration on CT5760
    ip dhcp snooping vlan 100, 200
    ip dhcp snooping wireless bootp-broadcast enable
    ip dhcp snooping
    interface TenGigabitEthernet1/0/1
    description Connection to Core Switch
    switchport trunk allowed vlan 100, 200
    switchport mode trunk
    ip dhcp relay information trusted ip dhcp snooping trust
    interface Vlan100
    description Client Vlan
    ip dhcp relay information trusted
    My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
    Thanks in advance.
    Regards.
    D

    Yes, test it with the command you mentioned
    ip dhcp snooping wireless bootp-broadcast enable
    HTH
    Rasika
    **** Pls rate all useful responses *****

  • 5508 WLC + 3702I APs /w a Windows 2012 DHCP Server

    All,
      I am in the process of a new WLC install with five 3702I APs.  The configuration was gone well up till now.....  I am having issues with DHCP pulling IPs from the correct scope. The WLC is in a different VLAN (10) than the APs (142).  What am I missing in the configuration?  We have multiple autonomous 1252s that pull the correct scope.  Any suggestions would be greatly appreciated. 
      Dave

    Are you  having issues with client getting IP when they connect to 3702 ? or AP itself not taking IP ?
    Either case I would check switch SVI is configured with "ip helper-address x.x.x.x" pointing to your DHCP server.
    Also for dynamic interface configuration of WLC I would check all interfaces correctly configured with DHCP server address.
    You can run " debug client <mac_address>" on WLC CLI for a single client & post that output if you still facing the issue
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Install keeps installing DNS / DHCP server

    Install kept installing DHCP server - after about 8 attempts shutdown the
    interface (simba) and started again
    now its doing the same with DNS
    is format and start again the only option ?

    simon,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • DHCP Failover / Migrate DHCP Server to another Machine

    We have DHCP Server Installed in Domain Controller with Windows Server 2008 R2 Based OS.
    I have Checked that there is no way to make the DHCP Failover in Server 2008 R2.
    Can anyone help me to get some level of Failover in DHCP?
    or
    If I want to migrate the DHCP to Server 2012 what is the Best Practice?

    Hello,
    There is no big challenge for configuring DHCP failover in Windows 2008 platform. Kindly go through with this link for configuring DHCP failover. I am sure it will help you to completing your task.
    1> Step-by-Step: Configure DHCP for Failover
    http://technet.microsoft.com/en-us/library/hh831385.aspx
    2> DHCP Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab
    http://technet.microsoft.com/en-us/library/ee405263(v=ws.10).aspx
    Process of Migration DHCP Server 2008R2 to Windows 2012
    • Firstly, you can disable the DHCP role in Windows Server 2008 R2. However, if the Windows Server 2012 is down, the clients cannot renew their IP lease duration and obtain IP address.
    Therefore, it is recommended to leave the DHCP role in Windows Server 2008 R2 and deploy high availability. Windows Server 2012 brings the new feature: DHCP failover. However it requires both DHCP Servers are Windows Server 2012. Consider another Server
    is Windows Server 2008 R2, we have to choose one of the following:
    >> DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses
    a single shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.
    >> Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server.
    If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of
    address space, which is very common with Internet Protocol version 4 (IPv4).
    More references:
    Step-by-Step: Configure DHCP for Failover (Windows
    Server 2012)
    How
    to configure split-scope using wizard
    DHCP
    Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
    DHCP
    Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab
    If you need snap shot of migration then follow these links.
    http://blogs.technet.com/b/canitpro/archive/2013/04/29/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012.aspx
    http://www.mehrban.net/migrating-dhcp-from-windows-2008-to-windows-2012
    Deepak Kotian.
    MCP, MCTS, MCITP Exchange 2010 Ent. Administrator
    Disclaimer:
    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!
    All the opinions expressed here is mine. This posting is provided "AS IS" with no
    warranties or guarantees and confers no rights.

  • Mac Lion won't accept IP address sent from DHCP server

    Upgraded to Lion a few days ago.  Everything worked for a couple days.  Plug in the ethernet cable today and I never get an ip address with DHCP from my router.  I have 2 other devices plugged into the router and they get ip addresses normally.  Captured the DHCP communication to see if I was getting a valid DHCP offer and I am...it is included.  The Lion firewall is disabled.  For some reason Lion isn't accepting the DHCP offer.  Could this be a bug or maybe something in a cache needs to cleaned out.  I connect to several different networks daily and they all work except for this one.
    The line in Bold type shows the ip address being offered that never gets accepted by lion.
    No.     Time        Source                Destination           Protocol Info
         26 21.993141   10.19.39.97           255.255.255.255       DHCP     DHCP Offer    - Transaction ID 0x4e299603
    Frame 26 (353 bytes on wire, 353 bytes captured)
        Arrival Time: Aug  5, 2011 19:30:01.105566000
        [Time delta from previous captured frame: 0.001086000 seconds]
        [Time delta from previous displayed frame: 0.001086000 seconds]
        [Time since reference or first frame: 21.993141000 seconds]
        Frame Number: 26
        Frame Length: 353 bytes
        Capture Length: 353 bytes
        [Frame is marked: False]
        [Protocols in frame: eth:ip:udp:bootp]
        [Coloring Rule Name: UDP]
        [Coloring Rule String: udp]
    Ethernet II, Src: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
        Destination: Broadcast (ff:ff:ff:ff:ff:ff)
            Address: Broadcast (ff:ff:ff:ff:ff:ff)
            .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
            .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        Source: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
            Address: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
            .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
            .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        Type: IP (0x0800)
    Internet Protocol, Src: 10.19.39.97 (10.19.39.97), Dst: 255.255.255.255 (255.255.255.255)
        Version: 4
        Header length: 20 bytes
        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
            0000 00.. = Differentiated Services Codepoint: Default (0x00)
            .... ..0. = ECN-Capable Transport (ECT): 0
            .... ...0 = ECN-CE: 0
        Total Length: 339
        Identification: 0x00fa (250)
        Flags: 0x00
            0.. = Reserved bit: Not Set
            .0. = Don't fragment: Not Set
            ..0 = More fragments: Not Set
        Fragment offset: 0
        Time to live: 255
        Protocol: UDP (0x11)
        Header checksum: 0x882c [correct]
            [Good: True]
            [Bad : False]
        Source: 10.19.39.97 (10.19.39.97)
        Destination: 255.255.255.255 (255.255.255.255)
    User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
        Source port: bootps (67)
        Destination port: bootpc (68)
        Length: 319
        Checksum: 0x038d [validation disabled]
            [Good Checksum: False]
            [Bad Checksum: False]
    Bootstrap Protocol
        Message type: Boot Reply (2)
        Hardware type: Ethernet
        Hardware address length: 6
        Hops: 0
        Transaction ID: 0x4e299603
        Seconds elapsed: 0
        Bootp flags: 0x8000 (Broadcast)
            1... .... .... .... = Broadcast flag: Broadcast
            .000 0000 0000 0000 = Reserved flags: 0x0000
        Client IP address: 0.0.0.0 (0.0.0.0)
        Your (client) IP address: 10.19.39.98 (10.19.39.98)
        Next server IP address: 0.0.0.0 (0.0.0.0)
        Relay agent IP address: 0.0.0.0 (0.0.0.0)
        Client MAC address: Apple_17:fd:5d (c4:2c:03:17:fd:5d)
        Client hardware address padding: 00000000000000000000
        Server host name not given
        Boot file name not given
        Magic cookie: (OK)
        Option: (t=53,l=1) DHCP Message Type = DHCP Offer
            Option: (53) DHCP Message Type
            Length: 1
            Value: 02
        Option: (t=54,l=4) DHCP Server Identifier = 10.19.39.97
            Option: (54) DHCP Server Identifier
            Length: 4
            Value: 0A132761
        Option: (t=51,l=4) IP Address Lease Time = 1 day, 23 hours, 39 minutes, 50 seconds
            Option: (51) IP Address Lease Time
            Length: 4
            Value: 00029E46
        Option: (t=58,l=4) Renewal Time Value = 23 hours, 49 minutes, 55 seconds
            Option: (58) Renewal Time Value
            Length: 4
            Value: 00014F23
        Option: (t=59,l=4) Rebinding Time Value = 1 day, 17 hours, 42 minutes, 16 seconds
            Option: (59) Rebinding Time Value
            Length: 4
            Value: 00024A78
        Option: (t=1,l=4) Subnet Mask = 255.255.255.240
            Option: (1) Subnet Mask
            Length: 4
            Value: FFFFFFF0
        Option: (t=6,l=8) Domain Name Server
            Option: (6) Domain Name Server
            Length: 8
            Value: AB44E278AB46A8B7
            IP Address: 171.68.226.120
            IP Address: 171.70.168.183
        Option: (t=44,l=8) NetBIOS over TCP/IP Name Server
            Option: (44) NetBIOS over TCP/IP Name Server
            Length: 8
            Value: AB443935AD2573BF
            IP Address: 171.68.57.53
            IP Address: 173.37.115.191
        Option: (t=3,l=4) Router = 10.19.39.97
            Option: (3) Router
            Length: 4
            Value: 0A132761
        End Option

    I have seen the same issue with my iOS and Mac OS devices (iPhone and MacBook Pro). I have written my own DHCP server (http://notebook.kulchenko.com/embedded/dhcp-and-dns-servers-with-arduino) and have had troubles getting my devices to connect (Windows Vista and Ubuntu devices connect fine). I suspect that this problem happens because the DHCP Offer message is sent to a broadcast address, even though (at least in my case) the broadcast flag is off in the DHCP Discover message I see.
    Unfortunately you didn't include the Discover message, so I can't tell for sure, but if it indeed has the broadcast flag set to 0, then the server should send the response message using unicast as per DHCP spec (http://www.ietf.org/rfc/rfc2131.txt, section 4.1):
      If the broadcast bit is not set and 'giaddr' is zero and
       'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
       messages to the client's hardware address and 'yiaddr' address.
    So, it seems like in this case the server may be at fault, even though it would be nice for Mac OS to accept broadcast responses (and would solve my problem too).
    Can someone confirm that Mac OS does not accept broadcast responses to DHCP Discover and DHCP Request messages? Thanks.
    Paul.

  • WRT54GX2 DHCP Server issue

    I am using this as an access point rather than router. I have a separate DHCP Server (Windows 2003 Ent. Server). I went in and disabled the DHCP server after upgrading to software 1.01.14, but it still is sending response to DHCP requests. Has anyone ever dealt with a similar problem? I am about to rollback to a previous version of firmware, but needed to upgrade to resolve another issue I was having. TIA
    LRPenguin

    You said that you have a win2003 DHCP server, even if you disable the DHCP capability on the router, your win2003 is the one providing the DHCP address on you computer.

  • Mac not registering hostname on Windows DHCP server

    I work for a company who is heavy Windows, but we have a few Macs for our graphics department.  The problem is that a few of the Macs, though not all, don't register a host name with the Windows DHCP server.  I've compared the network and share settings between those that have a host name and those that don't and I don't see any glaring differences.  What would make a Mac not give its host name to the DHCP server?

    WIth DHCP, there is really nothing to configure. If the Relay Agent/IP Helper is pointing to it, and the VLAN subnet exactly matches the scope subnet, then it should just work.
    What I've seen in the VLAN config is either a static route back to the subnet the DHCP server itself is sitting on is not configured or incorrectly configured, or there are ports blocked (need UDP, too, since that's what DHCP uses to pass the OFFER), and
    other necessary ports are opened, then it should just work.
    Sometimes NIC teaming on the DHCP server will cause it. Not sure. Microsoft doesn't support teaming prior to Windwos 2012, but it doesn't mean that it doesn't work. Don't get me wrong, teaming works nicely, but they just don't support it because they never
    certified the drivers, that's all.
    The issues I've seen with DHCP relays and VLANs in the forums are usually based on misconfigs in the VLAN or ports blocked. Sometimes we'll refer to call Microsoft Support for specific, hands-on assistance. And searching the threads, from what
    I've found that if they did call support, they've never posted back what the problem was based on or the resolution. I can post a couple of them for you to read through, but there were never any response with the actual resolution.
    If you like, you also have the option to contact Microsoft Support. Here's a list of phone numbers if you choose this option:
    http://support.microsoft.com/contactus/
    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
    This post is provided AS-IS with no warranties or guarantees and confers no rights.

  • Help. How to configure ASA5515 as 'one armed router' for access to DHCP server on a different VLAN

    Hi,
    My setup
         router > ASA5515(ver8.6) > 4 SGE2010p switches
     I want to put the guest WiFi users on a separate network. I have layer 2 switches and want to configure the ASA5515 as a 'router on a stick' setup for the guest vlan to have access to the DHCP server on the native vlan.
    I have
    1. created a sub-interface for the inside interface and enabled intra-interface traffic.
    2. A static route on the ASA point the guest network to the switch.
      What else do I need to configure on the ASA for inter-vlan routing?
    ASA related config:
    interface GigabitEthernet0/1
     nameif inside
     security-level 100
     ip address 10.15.xx.1 255.255.252.0 standby 10.15.xx.2
    interface GigabitEthernet0/1.2
     vlan 100
     no nameif
     no security-level
     ip address 10.100.xx.1 255.255.255.0
    C    10.15.xx.0 255.255.252.0 is directly connected, inside
    S    10.100.xx.0 255.255.255.0 [1/0] via 10.100.xx.2, inside

    Thanks for the quick response Reza.
     Actually that command is already there. Didn't include it in my post.
    So I am guessing my ASA config is correct.
    I am having trouble setting up the trunk ports on the layer2 SGE2010P switch for trunk port.
    I am used to command line layer3 switches (CLI is wasy) but not familiar with these switches GUI. I am going through the config guide right now.
    Could you help me with that too?
    Not to bother you with a completely different issue though.
    Thanks again!

  • BEFSR41 V3.0 - DHCP server periodically stops working; rest of functions ok

    I have a BEFSR41 V3.0 latest firmware (1.0.5).
    Sometimes the DHCP server will stop working.  The rest of the functions are ok.  I normally monitor the unit via PING and unfortunately, this won't alert me if the DHCP server stops working because the unit still responds to a ping.
    Does anyone know of a fix?  
    The workaround is to power cycle the unit, but that needs me to be at the office and I'm not always here. 

    It is the DHCP server within the Linksys BEFSR41 that intermittently stops working.  I do not have another DHCP server on the network.
    I'm curious why changing the MTU would help.  If you could explain, I'd certainly give that a try. 
    At the moment, the BEFSR41 serves as the DHCP server and firewall for our guest network.  I keep an eye on it by enabling external ping response.  However, I have found that the firewall part of the BEFSR41 will work and it will respond to a ping.  But newly connected computers won't get an IP address lease.  I power cycle the unit and its DHCP server will work again.  The trouble is, because the unit responds to a ping, I won't know if the DHCP server is not working until someone reports it.  And I'd like to be proactive about things.
    Message Edited by boomer on 04-06-2009 05:17 PM

  • Windows DHCP Server and Linux DHCP Relay Agent

    We are trying to organize a VLAN (say VLAN 1) for guests who must be assigned IP addresses from a DHCP server in a different VLAN (VLAN 2). This DHCP server is configured with two scopes - 172.16.0.0/24 (for VLAN 2) and 172.16.4.0/24 (for the Guests
    VLAN 1). The DHCP server successfully distributes addresses to clients in its VLAN (it has the IP address 172.16.0.2). For the clients in the other VLAN a DHCP Relay Agent has been setup on the router. It is DHCRELAY running on Linux (CentOS) which has
    been configured to accept the DHCPDISCOVER broadcasts coming on the VLAN1 interface of the router and forward these to the DHCP server. The IP address of the VLAN1 interface of the router is 172.16.4.254 and on the VLAN2 interface - 172.16.0.254
    The problem is that the DHCP server won't respond with a DHCPOFFER message to the relay agent. I have traced the frames on the router and on the DHCP server. They arrive on the DHCP server with the correct GIADDR of the relay agent. According to all documentation,
    if a scope has been configured on the DHCP server and it receives a unicast message with the GIADDR set by a relay agent that matches one of the configured scopes, the DHCP server must send a unicast DHCPOFFER to the relay agent. But it doesn't.
    Here is what Wireshark reports (ignore the Destination port unreachable messages, the DHCP service was stopped at the time Wireshark was running)
    When the service is running, there are just DHCPDISCOVERs - no OFFER. You can see that the server has the two scopes configured:
    The relay agent seems to work normally - it forwards the DHCPDISCOVERs to the server continuously (tried many times with ipconfig /renew on the client).
    I read many posts about this problem. Some users had other services running on the DHCP server that used the DHCP port, but I don't have such an issue (you see that when the service is stopped, an ICMP port unreachable is sent which is correct). Others however
    did not find a solution. Am I missing something? Is there something specific when using the DHCRELAY agent from DHCPD? Can I turn on some verbose logging to track this down? Thanks in advance.

    WIth DHCP, there is really nothing to configure. If the Relay Agent/IP Helper is pointing to it, and the VLAN subnet exactly matches the scope subnet, then it should just work.
    What I've seen in the VLAN config is either a static route back to the subnet the DHCP server itself is sitting on is not configured or incorrectly configured, or there are ports blocked (need UDP, too, since that's what DHCP uses to pass the OFFER), and
    other necessary ports are opened, then it should just work.
    Sometimes NIC teaming on the DHCP server will cause it. Not sure. Microsoft doesn't support teaming prior to Windwos 2012, but it doesn't mean that it doesn't work. Don't get me wrong, teaming works nicely, but they just don't support it because they never
    certified the drivers, that's all.
    The issues I've seen with DHCP relays and VLANs in the forums are usually based on misconfigs in the VLAN or ports blocked. Sometimes we'll refer to call Microsoft Support for specific, hands-on assistance. And searching the threads, from what
    I've found that if they did call support, they've never posted back what the problem was based on or the resolution. I can post a couple of them for you to read through, but there were never any response with the actual resolution.
    If you like, you also have the option to contact Microsoft Support. Here's a list of phone numbers if you choose this option:
    http://support.microsoft.com/contactus/
    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
    This post is provided AS-IS with no warranties or guarantees and confers no rights.

Maybe you are looking for

  • Why do I get an 800a0d5d error on a delete?

    Hi, I am using SQL Server, and my site is defined as ASP Javascript. I add and update this table fine, but when I go to delete a record, I get: ADODB.Command error '800a0d5d' Application uses a value of the wrong type for the  current operation. /adm

  • Chat Max HS-620 doesn't work

    I am a big fan of creative since my teenage coz I used to li've abroad. I am really disappointed with my new HS-620 just received and doesn't work no mic no speaker. I have windows 7. My sound card is realtek integrated. Plz helpppppppppppppppppppp?

  • Raid Utility not an option on Lion Recovery Disk

    I am trying to delete a single RAID set that includes the startup volume.  I booted up with the Lion Recovery disk but only the disk utility is available as an option to erase information and no RAID utility is there.  I erased the startup volume and

  • Hi how can I get adobe flash player

    I can't streaming without adobe ..... Is there any other option?

  • [SOLVED, sort of] Yet another UEFI boot issue

    Hello everyone, Let me start by saying sorry for the long (first) post. I've ended up with a UEFI boot problem I can't solve. I've searched the forum and internet and I realize I'm not the only one who ran into problems with UEFI. Unfortunately, the