No response DHCP server
Hi All all new to this hope you can help!!!
set my new laptop to wireless network and all was fine ,till windows updated and having all sort of problems connecting to the net .did a manual diagnostic tool when i tryed to connect and no good and failed in ping test - no response DHCP server.I dont know why because it was all working good before no now !! murray
ps all new to wireless networking please be kind.
its for my laptop went and got a linksys wireless router WRT54PG2-EA set it up and all worked fine for two weeks,the other day when i turned my laptop windows ( VISTA) and norton internet security updated still worked fine didnt turn the computer off at all come back after a hour, cant get on the net ,at that stage rang linksys 24 hour techical support pluged my laptop to the router via network cable they cheaked it and all fine . when i unplug the network cable it can find a wireless network - connect to net work can no do comes up SECURITY-ENABLED NETWORK ok then i did a manual diagnostics fails on the ping test (useing vista )pluged the network cable and let the windows fix the problem,done that ok unplug the network cable try to connect no good by that time my hair was falling out not that i have much hair left-come up NO RESPONSE DHCP SERVER.
When its all pluged via network cable the internet works fine it the wireless side of things.
Do i get hold of my ISP or microsoft ,Linksys or Toshiba because i do not know !!!
Murray thank you .
Similar Messages
-
Remote access VPN with ASA 5510 using DHCP server
Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
LayFor RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
How do I find where my DHCP server is on my network?
I have a home network, a BT server, with an iMac, a MACBook Pro, two back-ups (Airports) and a Squeezebox (for internet radio). The problem is that the Squeezebox keeps dropping out and informing me that it cannot find the DHCP server. This did not used to be a problem, has happened failry recently, for no obvious reason. Any help is much appreciated.
start
system information
click network
click Wi-FI or ethernet depending how you get your network on the mac
scroll to the DHCP Server responses:
look under it's Server Identifier -
Using one controller as primary DHCP server for 2 or more controllers
Here's my setup
2 - 5508 controllers (40 APs per controller) running 6.0.196.0 (100 user license per controller)
about 80 mixed - 1142 and 1252 APs, trying to put 40 APs on each controller
One subnet connects two controllers together on the management interface on port 1 on both controllers. 10.x.x.x addresses.
Port 2 on each controller (LAG not used) connects to a DMZ via dynamic interfaces for user traffic, 172.x.x.x addresses.
I want to use one controller for all clients to get their DHCP addresses from (no matter what controller their AP is on)
as a primary DHCP server (controller A as primary), then i'd like to point the clients to the other controller (controller B) to be used as a backup DHCP server in case Controller A fails. Also, the APs are setup to have the correct primary and secondary controllers under their high availability setting as well as the mobility group information.
I want to avoid splitting my DHCP scopes between controllers, and I don't have a DHCP server dedicated to this project, so the 5508s should be able to do the job. Or at least I thought.
When configuring the controllers with the proper DHCP scopes, this only seems to work for clients connecting to controller A. Clients on controller B don't get an address from controller A when pointing to that controller, in fact, the wierd thing is that debugging shows DHCP requests going out of port 2 (DMZ traffic) instead of port 1 (management) on controller B. Shouldn't they be going out of the interface that is specified with the DHCP configuration in the dynamic interface? And I don't have "override" turned on in the WLAN configuration so the DHCP server should be taken from the dynamic interface that the user resides on.
Mobility groups are configured correctly between the two controllers and both the control and data paths are up between the two controllers. Another wierd thing, both controllers management interfaces are on the same subnet, no acls or filters, when the mobility groups are configured, controller A can ping controller B, but controller B cannot ping A. The status still shows as UP/UP in the mobility members windows, but they use mPing which seems to work fine. Remove the mobility group configuration and ping works just fine between the boxes. I don't know if this is related to my DHCP issues, but it would seem that if I put the controller A's management address in the dynamic interface configuration for DHCP on controller B, my clients on B should get an address from A's DHCP pool. Controller A's dynamic interfaces all point to controller A's management interface and they work just fine.
I'm trying to load ballance my AP distribution between two boxes, and I'm also trying to have some controller redundancy.
Controller A works just fine, it's in production. Trying to add another controller B to talk A for DHCP is the issue.
Anyone have any clues?
-BlairI guess i was under the impression that when mobility groups were cofigured, the lease time, along with other client information (mac address, IP address and such), would replicated from one controller to the other controller over the EoIP tunnel. If that's not the case, then obviously I'll have to look elsewhere.
Also, does this mean that it will not work, or just that it's not recommended. If it does work and I have to fix something, at least I can move on with my testing, all while pursuing a DHCP server. It doesn't sound like using an AP as a DHCP server is any better than using the controllers for that same purpose.
Thank you for the quick response. -
Internal DHCP Server on Wireless not working
Hi community,
I'm facing some problems to setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
I have 2 networks: inside users (vlan 1) and external users (vlan)
My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
I have 2 SSID, one for inside, other to outside. Inside is working very well.
To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
Managemente interface (vlan 1 inside): 192.168.3.119/24
Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
I alredy checked the DHCP Proxy in Advanced option.
See the output of the debug client:
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug client 00:27:10:ce:38:e8
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Association received from mobile on AP a4:18:75:03:e0:c0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Global 200 Clients are allowed to AP radio
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Re-applying interface policy for client
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1851)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3883 setting Central switched to TRUE
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3886 apVapId = 2 and Split Acl Id = 65535
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying site-specific Local Bridging override for station 00:27:10:ce:38:e8 - vapId 2, site 'default-group', interface 'externo-embratel'
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Local Bridging Interface Policy for station 00:27:10:ce:38:e8 - vlan 10, interface id 12, interface 'externo-embratel'
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 STA - rates (8): 140 18 152 36 176 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Processing RSN IE type 48, length 22 for mobile 00:27:10:ce:38:e8
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMsRunStateDec
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMs1xStateDec
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Initializing policy
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfPemAddUser2 (apf_policy.c:273) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Sending Assoc Response to station on BSSID a4:18:75:03:e0:c0 (status 0) ApVapId 2 Slot 1
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfProcessAssocReq (apf_80211.c:6719) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
*pemReceiveTask: Mar 26 17:45:11.393: 00:27:10:ce:38:e8 192.168.3.206 Removed NPU entry.
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Creating a PKC PMKID Cache entry for station 00:27:10:ce:38:e8 (RSN 2)
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Resetting MSCB PMK Cache Entry 0 for station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 0
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Adding BSSID a4:18:75:03:e0:ce to PMKID cache at index 0 for station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: New PMKID: (16)
*dot1xMsgTask: Mar 26 17:45:11.394: [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Initiating RSN PSK to mobile 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 dot1x - moving mobile 00:27:10:ce:38:e8 into Force Auth state
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Skipping EAP-Success to mobile 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: Including PMKID in M1 (16)
*dot1xMsgTask: Mar 26 17:45:11.394: [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Starting key exchange to mobile 00:27:10:ce:38:e8, data packets will be dropped
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Received EAPOL-key in PTK_START state (message 2) from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 apfMsRunStateInc
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Reached PLUMBFASTPATH: from line 5982
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP a4:18:75:03:e0:c0, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID =
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 10, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 Added NPU entry of type 1, dtlFlags 0x0
*pemReceiveTask: Mar 26 17:45:11.401: 00:27:10:ce:38:e8 Pushing IPv6: fe80:0000:0000:0000: 893c:4ed3:f9a0:b90f , and MAC: 00:27:10:CE:38:E8 , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x..195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 0, flags: 8000
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 768, flags: 8000
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 3072, flags: 8000
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
(Cisco Controller) >
What can be wrong?
Thank you in advanced.Hi Plinio,
I see your device connected twice. it connected to the first SSID successfully and I can see it got IP 192.168.3.206.
Then it tries to get an ip from the other scope!! (while as the debugs show it is already connected and in RUN state).
That is strange!!
a question: do you have DHCP required enabled under your WLAN?
Rating useful replies is more useful than saying "Thank you" -
WLC 5760 with internal DHCP server, clients no get IP address
Hi all,
I have 2 Cisco 5760 WLC (active-standby) IOS-Xe 03.03.03SE with one WLAN.
sh wlan summary
Number of WLANs: 1
WLAN Profile Name SSID VLAN Status
1 Invitados_ADSL Guest 905 UP
sh vlan
VLAN Name Status Ports
1 default active Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
Te2/0/4, Te2/0/5, Te2/0/6
100 VLAN0100 active Te1/0/1, Te2/0/1
101 Planta_1 active
905 Internet active Te1/0/2, Te2/0/2
The DHCP server is internal.
Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
The workaround done by me to solve the issue is “clear ip dhcp binding *”.
Some days later the problem appears again.
I see this bug with a similar problem:
NGWC blocks DHCP traffic if wireless broadcast disabled
CSCun88928
Description
Symptom:
Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
Conditions:
Seen on 3.3.2 IOS-XE
Workaround:
Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
OR
Enable "wireless broadcast" globally
My DHCP configuration is:
ip dhcp relay information trust-all
ip dhcp snooping vlan 905
ip dhcp snooping
ip dhcp excluded-address 172.16.0.1 172.16.0.19
ip dhcp excluded-address 172.16.1.250 172.16.1.254
ip dhcp pool Invitados
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 212.66.160.2 212.49.128.65
lease 0 8
I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
DHCP Snooping and Trust Configuration on CT5760
ip dhcp snooping vlan 100, 200
ip dhcp snooping wireless bootp-broadcast enable
ip dhcp snooping
interface TenGigabitEthernet1/0/1
description Connection to Core Switch
switchport trunk allowed vlan 100, 200
switchport mode trunk
ip dhcp relay information trusted ip dhcp snooping trust
interface Vlan100
description Client Vlan
ip dhcp relay information trusted
My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
Thanks in advance.
Regards.
DYes, test it with the command you mentioned
ip dhcp snooping wireless bootp-broadcast enable
HTH
Rasika
**** Pls rate all useful responses ***** -
5508 WLC + 3702I APs /w a Windows 2012 DHCP Server
All,
I am in the process of a new WLC install with five 3702I APs. The configuration was gone well up till now..... I am having issues with DHCP pulling IPs from the correct scope. The WLC is in a different VLAN (10) than the APs (142). What am I missing in the configuration? We have multiple autonomous 1252s that pull the correct scope. Any suggestions would be greatly appreciated.
DaveAre you having issues with client getting IP when they connect to 3702 ? or AP itself not taking IP ?
Either case I would check switch SVI is configured with "ip helper-address x.x.x.x" pointing to your DHCP server.
Also for dynamic interface configuration of WLC I would check all interfaces correctly configured with DHCP server address.
You can run " debug client <mac_address>" on WLC CLI for a single client & post that output if you still facing the issue
HTH
Rasika
**** Pls rate all useful responses **** -
Install keeps installing DNS / DHCP server
Install kept installing DHCP server - after about 8 attempts shutdown the
interface (simba) and started again
now its doing the same with DNS
is format and start again the only option ?simon,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
DHCP Failover / Migrate DHCP Server to another Machine
We have DHCP Server Installed in Domain Controller with Windows Server 2008 R2 Based OS.
I have Checked that there is no way to make the DHCP Failover in Server 2008 R2.
Can anyone help me to get some level of Failover in DHCP?
or
If I want to migrate the DHCP to Server 2012 what is the Best Practice?Hello,
There is no big challenge for configuring DHCP failover in Windows 2008 platform. Kindly go through with this link for configuring DHCP failover. I am sure it will help you to completing your task.
1> Step-by-Step: Configure DHCP for Failover
http://technet.microsoft.com/en-us/library/hh831385.aspx
2> DHCP Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab
http://technet.microsoft.com/en-us/library/ee405263(v=ws.10).aspx
Process of Migration DHCP Server 2008R2 to Windows 2012
• Firstly, you can disable the DHCP role in Windows Server 2008 R2. However, if the Windows Server 2012 is down, the clients cannot renew their IP lease duration and obtain IP address.
Therefore, it is recommended to leave the DHCP role in Windows Server 2008 R2 and deploy high availability. Windows Server 2012 brings the new feature: DHCP failover. However it requires both DHCP Servers are Windows Server 2012. Consider another Server
is Windows Server 2008 R2, we have to choose one of the following:
>> DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses
a single shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.
>> Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server.
If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of
address space, which is very common with Internet Protocol version 4 (IPv4).
More references:
Step-by-Step: Configure DHCP for Failover (Windows
Server 2012)
How
to configure split-scope using wizard
DHCP
Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
DHCP
Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab
If you need snap shot of migration then follow these links.
http://blogs.technet.com/b/canitpro/archive/2013/04/29/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012.aspx
http://www.mehrban.net/migrating-dhcp-from-windows-2008-to-windows-2012
Deepak Kotian.
MCP, MCTS, MCITP Exchange 2010 Ent. Administrator
Disclaimer:
Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!
All the opinions expressed here is mine. This posting is provided "AS IS" with no
warranties or guarantees and confers no rights. -
Mac Lion won't accept IP address sent from DHCP server
Upgraded to Lion a few days ago. Everything worked for a couple days. Plug in the ethernet cable today and I never get an ip address with DHCP from my router. I have 2 other devices plugged into the router and they get ip addresses normally. Captured the DHCP communication to see if I was getting a valid DHCP offer and I am...it is included. The Lion firewall is disabled. For some reason Lion isn't accepting the DHCP offer. Could this be a bug or maybe something in a cache needs to cleaned out. I connect to several different networks daily and they all work except for this one.
The line in Bold type shows the ip address being offered that never gets accepted by lion.
No. Time Source Destination Protocol Info
26 21.993141 10.19.39.97 255.255.255.255 DHCP DHCP Offer - Transaction ID 0x4e299603
Frame 26 (353 bytes on wire, 353 bytes captured)
Arrival Time: Aug 5, 2011 19:30:01.105566000
[Time delta from previous captured frame: 0.001086000 seconds]
[Time delta from previous displayed frame: 0.001086000 seconds]
[Time since reference or first frame: 21.993141000 seconds]
Frame Number: 26
Frame Length: 353 bytes
Capture Length: 353 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
Address: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 10.19.39.97 (10.19.39.97), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 339
Identification: 0x00fa (250)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0x882c [correct]
[Good: True]
[Bad : False]
Source: 10.19.39.97 (10.19.39.97)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 319
Checksum: 0x038d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x4e299603
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 10.19.39.98 (10.19.39.98)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Apple_17:fd:5d (c4:2c:03:17:fd:5d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) DHCP Server Identifier = 10.19.39.97
Option: (54) DHCP Server Identifier
Length: 4
Value: 0A132761
Option: (t=51,l=4) IP Address Lease Time = 1 day, 23 hours, 39 minutes, 50 seconds
Option: (51) IP Address Lease Time
Length: 4
Value: 00029E46
Option: (t=58,l=4) Renewal Time Value = 23 hours, 49 minutes, 55 seconds
Option: (58) Renewal Time Value
Length: 4
Value: 00014F23
Option: (t=59,l=4) Rebinding Time Value = 1 day, 17 hours, 42 minutes, 16 seconds
Option: (59) Rebinding Time Value
Length: 4
Value: 00024A78
Option: (t=1,l=4) Subnet Mask = 255.255.255.240
Option: (1) Subnet Mask
Length: 4
Value: FFFFFFF0
Option: (t=6,l=8) Domain Name Server
Option: (6) Domain Name Server
Length: 8
Value: AB44E278AB46A8B7
IP Address: 171.68.226.120
IP Address: 171.70.168.183
Option: (t=44,l=8) NetBIOS over TCP/IP Name Server
Option: (44) NetBIOS over TCP/IP Name Server
Length: 8
Value: AB443935AD2573BF
IP Address: 171.68.57.53
IP Address: 173.37.115.191
Option: (t=3,l=4) Router = 10.19.39.97
Option: (3) Router
Length: 4
Value: 0A132761
End OptionI have seen the same issue with my iOS and Mac OS devices (iPhone and MacBook Pro). I have written my own DHCP server (http://notebook.kulchenko.com/embedded/dhcp-and-dns-servers-with-arduino) and have had troubles getting my devices to connect (Windows Vista and Ubuntu devices connect fine). I suspect that this problem happens because the DHCP Offer message is sent to a broadcast address, even though (at least in my case) the broadcast flag is off in the DHCP Discover message I see.
Unfortunately you didn't include the Discover message, so I can't tell for sure, but if it indeed has the broadcast flag set to 0, then the server should send the response message using unicast as per DHCP spec (http://www.ietf.org/rfc/rfc2131.txt, section 4.1):
If the broadcast bit is not set and 'giaddr' is zero and
'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
messages to the client's hardware address and 'yiaddr' address.
So, it seems like in this case the server may be at fault, even though it would be nice for Mac OS to accept broadcast responses (and would solve my problem too).
Can someone confirm that Mac OS does not accept broadcast responses to DHCP Discover and DHCP Request messages? Thanks.
Paul. -
I am using this as an access point rather than router. I have a separate DHCP Server (Windows 2003 Ent. Server). I went in and disabled the DHCP server after upgrading to software 1.01.14, but it still is sending response to DHCP requests. Has anyone ever dealt with a similar problem? I am about to rollback to a previous version of firmware, but needed to upgrade to resolve another issue I was having. TIA
LRPenguinYou said that you have a win2003 DHCP server, even if you disable the DHCP capability on the router, your win2003 is the one providing the DHCP address on you computer.
-
Mac not registering hostname on Windows DHCP server
I work for a company who is heavy Windows, but we have a few Macs for our graphics department. The problem is that a few of the Macs, though not all, don't register a host name with the Windows DHCP server. I've compared the network and share settings between those that have a host name and those that don't and I don't see any glaring differences. What would make a Mac not give its host name to the DHCP server?
WIth DHCP, there is really nothing to configure. If the Relay Agent/IP Helper is pointing to it, and the VLAN subnet exactly matches the scope subnet, then it should just work.
What I've seen in the VLAN config is either a static route back to the subnet the DHCP server itself is sitting on is not configured or incorrectly configured, or there are ports blocked (need UDP, too, since that's what DHCP uses to pass the OFFER), and
other necessary ports are opened, then it should just work.
Sometimes NIC teaming on the DHCP server will cause it. Not sure. Microsoft doesn't support teaming prior to Windwos 2012, but it doesn't mean that it doesn't work. Don't get me wrong, teaming works nicely, but they just don't support it because they never
certified the drivers, that's all.
The issues I've seen with DHCP relays and VLANs in the forums are usually based on misconfigs in the VLAN or ports blocked. Sometimes we'll refer to call Microsoft Support for specific, hands-on assistance. And searching the threads, from what
I've found that if they did call support, they've never posted back what the problem was based on or the resolution. I can post a couple of them for you to read through, but there were never any response with the actual resolution.
If you like, you also have the option to contact Microsoft Support. Here's a list of phone numbers if you choose this option:
http://support.microsoft.com/contactus/
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights. -
Hi,
My setup
router > ASA5515(ver8.6) > 4 SGE2010p switches
I want to put the guest WiFi users on a separate network. I have layer 2 switches and want to configure the ASA5515 as a 'router on a stick' setup for the guest vlan to have access to the DHCP server on the native vlan.
I have
1. created a sub-interface for the inside interface and enabled intra-interface traffic.
2. A static route on the ASA point the guest network to the switch.
What else do I need to configure on the ASA for inter-vlan routing?
ASA related config:
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.15.xx.1 255.255.252.0 standby 10.15.xx.2
interface GigabitEthernet0/1.2
vlan 100
no nameif
no security-level
ip address 10.100.xx.1 255.255.255.0
C 10.15.xx.0 255.255.252.0 is directly connected, inside
S 10.100.xx.0 255.255.255.0 [1/0] via 10.100.xx.2, insideThanks for the quick response Reza.
Actually that command is already there. Didn't include it in my post.
So I am guessing my ASA config is correct.
I am having trouble setting up the trunk ports on the layer2 SGE2010P switch for trunk port.
I am used to command line layer3 switches (CLI is wasy) but not familiar with these switches GUI. I am going through the config guide right now.
Could you help me with that too?
Not to bother you with a completely different issue though.
Thanks again! -
BEFSR41 V3.0 - DHCP server periodically stops working; rest of functions ok
I have a BEFSR41 V3.0 latest firmware (1.0.5).
Sometimes the DHCP server will stop working. The rest of the functions are ok. I normally monitor the unit via PING and unfortunately, this won't alert me if the DHCP server stops working because the unit still responds to a ping.
Does anyone know of a fix?
The workaround is to power cycle the unit, but that needs me to be at the office and I'm not always here.It is the DHCP server within the Linksys BEFSR41 that intermittently stops working. I do not have another DHCP server on the network.
I'm curious why changing the MTU would help. If you could explain, I'd certainly give that a try.
At the moment, the BEFSR41 serves as the DHCP server and firewall for our guest network. I keep an eye on it by enabling external ping response. However, I have found that the firewall part of the BEFSR41 will work and it will respond to a ping. But newly connected computers won't get an IP address lease. I power cycle the unit and its DHCP server will work again. The trouble is, because the unit responds to a ping, I won't know if the DHCP server is not working until someone reports it. And I'd like to be proactive about things.
Message Edited by boomer on 04-06-2009 05:17 PM -
Windows DHCP Server and Linux DHCP Relay Agent
We are trying to organize a VLAN (say VLAN 1) for guests who must be assigned IP addresses from a DHCP server in a different VLAN (VLAN 2). This DHCP server is configured with two scopes - 172.16.0.0/24 (for VLAN 2) and 172.16.4.0/24 (for the Guests
VLAN 1). The DHCP server successfully distributes addresses to clients in its VLAN (it has the IP address 172.16.0.2). For the clients in the other VLAN a DHCP Relay Agent has been setup on the router. It is DHCRELAY running on Linux (CentOS) which has
been configured to accept the DHCPDISCOVER broadcasts coming on the VLAN1 interface of the router and forward these to the DHCP server. The IP address of the VLAN1 interface of the router is 172.16.4.254 and on the VLAN2 interface - 172.16.0.254
The problem is that the DHCP server won't respond with a DHCPOFFER message to the relay agent. I have traced the frames on the router and on the DHCP server. They arrive on the DHCP server with the correct GIADDR of the relay agent. According to all documentation,
if a scope has been configured on the DHCP server and it receives a unicast message with the GIADDR set by a relay agent that matches one of the configured scopes, the DHCP server must send a unicast DHCPOFFER to the relay agent. But it doesn't.
Here is what Wireshark reports (ignore the Destination port unreachable messages, the DHCP service was stopped at the time Wireshark was running)
When the service is running, there are just DHCPDISCOVERs - no OFFER. You can see that the server has the two scopes configured:
The relay agent seems to work normally - it forwards the DHCPDISCOVERs to the server continuously (tried many times with ipconfig /renew on the client).
I read many posts about this problem. Some users had other services running on the DHCP server that used the DHCP port, but I don't have such an issue (you see that when the service is stopped, an ICMP port unreachable is sent which is correct). Others however
did not find a solution. Am I missing something? Is there something specific when using the DHCRELAY agent from DHCPD? Can I turn on some verbose logging to track this down? Thanks in advance.WIth DHCP, there is really nothing to configure. If the Relay Agent/IP Helper is pointing to it, and the VLAN subnet exactly matches the scope subnet, then it should just work.
What I've seen in the VLAN config is either a static route back to the subnet the DHCP server itself is sitting on is not configured or incorrectly configured, or there are ports blocked (need UDP, too, since that's what DHCP uses to pass the OFFER), and
other necessary ports are opened, then it should just work.
Sometimes NIC teaming on the DHCP server will cause it. Not sure. Microsoft doesn't support teaming prior to Windwos 2012, but it doesn't mean that it doesn't work. Don't get me wrong, teaming works nicely, but they just don't support it because they never
certified the drivers, that's all.
The issues I've seen with DHCP relays and VLANs in the forums are usually based on misconfigs in the VLAN or ports blocked. Sometimes we'll refer to call Microsoft Support for specific, hands-on assistance. And searching the threads, from what
I've found that if they did call support, they've never posted back what the problem was based on or the resolution. I can post a couple of them for you to read through, but there were never any response with the actual resolution.
If you like, you also have the option to contact Microsoft Support. Here's a list of phone numbers if you choose this option:
http://support.microsoft.com/contactus/
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Maybe you are looking for
-
Why do I get an 800a0d5d error on a delete?
Hi, I am using SQL Server, and my site is defined as ASP Javascript. I add and update this table fine, but when I go to delete a record, I get: ADODB.Command error '800a0d5d' Application uses a value of the wrong type for the current operation. /adm
-
I am a big fan of creative since my teenage coz I used to li've abroad. I am really disappointed with my new HS-620 just received and doesn't work no mic no speaker. I have windows 7. My sound card is realtek integrated. Plz helpppppppppppppppppppp?
-
Raid Utility not an option on Lion Recovery Disk
I am trying to delete a single RAID set that includes the startup volume. I booted up with the Lion Recovery disk but only the disk utility is available as an option to erase information and no RAID utility is there. I erased the startup volume and
-
Hi how can I get adobe flash player
I can't streaming without adobe ..... Is there any other option?
-
[SOLVED, sort of] Yet another UEFI boot issue
Hello everyone, Let me start by saying sorry for the long (first) post. I've ended up with a UEFI boot problem I can't solve. I've searched the forum and internet and I realize I'm not the only one who ran into problems with UEFI. Unfortunately, the