Non-Airport DHCP Server in Gateway mode...
Hello:
I've searched the forums, and found that what I need doesn't seem to be supported... but I'm going to bring it up again in hopes that Apple will see this need, and look into updates...
I run Mac OS X Server on my network. I would like to use the DHCP server supplied by Apple (with all the relevant bells and whistles associated with it) in Mac OS X Server... but I also want to use my shiny new Airport Extreme (N, Gig) as the internet gateway on my network.
There is no way to suppress the DHCP server on the Airport if I want to "share a public IP Address"... and as we all know... two DHCP servers on the same Layer 2 network is a bad, bad thing.
Will Apple help me use Apple's products? Please!!!
- matthewk
Message was edited by: KrawNET
I solved the problem in my network.
But it only works if the IP ends with "1" is not in use (by the server e.g.).
DHCP on my server works with IPs from 192.168.x.150 to 192.168.x.199
DHCP on the Airport Express only works with 192.168.x.200
By doing this, the router (Airport Express) gets the IP 192.168.x.1 (it always gets the "1").
In DHCP on my server I changed the router adress to 192.168.x.1
The 192.168.x.200 adress from the Airport Express DHCP I gave to my iPhone fix.
So all other clients in the net still get IPs and all other information from the server`s DHCP.
Btw. in the server`s DHCP log there where just two lines saying, that "dhcpd: host 1,00:00:00:00:00:00 ...(my iPhone)... declines IP 192.168.x.200 from server 192.168.x.1" and "dhcpd: INIT-REBOOT host 1,00:00:00:00:00:00 binding for 192.168.x.200 with another server" nothing more ans so there are no problems.
Similar Messages
-
Greetings to all!
I've got an Apple Airport Extreme running as a router to my (large) Office Network.
Recently, I've setup an Active Directory server, which runs with a DHCP server for configuration purposes.
What I'd like to know is if I can *disable* the Airport's DHCP Server, but keep it running as a "Router"/Firewall (if you want to call it that) to my ISP.
As it is now, if I disable DHCP serving, then the Airport also disables its NAT service, regardless of the fact that I've got my own internal DHCP server serving up addresses (with the Airport remaining as the "Router"). I know this is possible as Statically assigned addresses pointing at my AE as a router can access the internet, so its not like DHCP is absolutely required for NAT.
Is there any way to kill the AE's DHCP server, but keep it running as a NAT Gateway to my ISP?
Cheers!No, the DHCP and NAT services are not able to be independently switched on and off. The cheapest way you could do this is to connect the modem to a separate broadband router that can have DHCP switched off and run the Airport express in the Distribute IP Addresses off mode.
-
Cascading RV180 as DHCP server but pointing to another default gateway router
Hi,
My network topology is as follows:
Internet <-> Residential Gateway (RG) from ISP (OEM: Pace) [192.168.1.254/255.255.255.0] <-> RV180 [192.168.1.253/255.255.255.0] <-> SG500 switch [192.168.1.250/255.255.255.0] <-> rest of network.
I know this is a cascading LAN-to-LAN arrangement. The cable from the RG to the RV180 is from a LAN port on the RG to a LAN (not WAN) port on the RV180.
I eventually want to segment my network into a few VLANs from the RV180 down. I am aware most people would recommend DHCP on the "primary" router, but the RG is non-VLAN aware, so I figure I need to handle the DHCP off the RV180. At the same time, I have also opted not to do a LAN-to-WAN cascade because I want to retain the ability to configure the RG from the rest of the network and not have to cart a computer over to the RG to do it.
On the RG, I've disabled DHCP, and placed 192.168.1.253 in the DMZ.
On the RV180, I've enabled DHCP and put it in Router mode.
The issue is that I do not have any Internet connectivity. If I allow the computers in the network to receive IP addresses over DHCP, the default gateway that is communicated is 192.168.1.253, which is the RV180. If I configure static IPv4 information on my computers to point to 192.168.1.254, I am able to connect outside, as you would expect.
How can I get the RV180 to pass out DHCP IP addresses, but point to 192.168.1.254 as the default gateway? I thought the solution might be to create a default route (or something). I went to the static routes tab but it wouldn't let me enter 0.0.0.0 as a destination IP to route through 192.168.1.254.
Further down the line, is it possible for both the RG and the RV180 to connect directly to the SG500, along with the other nodes in my network? That way the RV180 only serves to maintain the VLANs and pass out IP addresses via DHCP, instead of having it be the choke through which everything goes through on the way out?
Sorry if there is a really obvious solution to this. It's really been floundering about in the dark so would appreciate any adviceHi Jason, I have considered your post here for quite some time. I came to one conclusion based off your text. The entire purpose of the RV180 is a DHCP server for multiple subnet / vlan.
Here's the thing, you have a SG500 switch. Based off reading your text, this will do everything the RV180 can except the DHCP service. The limitation you are going to run in to is still going to be your gateway unit, the RG.
In the end, even with such a configuration using the RV!80 or the SG500 (layer 3), the RG will have to be configured with static routes since the RG has no concept of those other LAN segments.
Here is a post I wrote about a SG300 connecting to a RV0XX router (which doesn't understand the VLANs)
https://supportforums.cisco.com/message/3739083#3739083
Using the concept of this topic, you may be able to add aditional static routes on the RV180 sending each subnet to the common IP interface of the RG.
It would be very interesting to see if we could make that work.
-Tom
Please rate helpful posts -
Hi,
I have a RVS4000 router with DHCP enabled and in router mode.
The LAN is 192.168.2.x. The RVS4000 static IP address is 192.168.2.8
The router is not the RVS4000 and is at 192.168.2.1
The RVS4000 dhcp is assigning it's clients a default gateway of 192.168.2.8 instead of what I want 192.168.2.1.
How can I get the RVS4000's DHCP server to assign another IP address other than its own as the default gateway to its DHCP clients?
ThanksHi Gail, you cannot do this. The router, as the DHCP server will only assign a default gateway of what IP interface the DHCP server runs on. If you have the default IP, the gateway is 192.168.1.1. If you create a second vlan, by default it would be 192.168.2.1.
There are not configuration options for the built-in DHCP server. If you'd like to expand this functionality, you would need an external dhcp server.
-Tom
Please mark answered for helpful posts -
Can you use the Airport Express A1264 as an AP and a DHCP server at the same time?
Can you use the Airport Express A1264 as an Access Point and a DHCP server at the same time?
I would like to use it as a DHCP server and AP at the same time in my LAN (no internet, just local machines through a few switches). I was lead to belive this could be the case from a few networking friends that haven't been friendly enough to help me out setting it up.I need it to act as a dLink/Cisco/Linksys/etc basic wifi router, in the fact that you can access it via wifi, and it will spit out DHCP addresses (192.168.1.xxx) to everything wired downstream of it.
I want to simultaniously provide a Wifi connection and a LAN connection at the same time
Thanks,
BRad -
Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
interface bvi1
ip address 192.168.1.205 255.255.255.0
no ip route-cache
exit
It would be the ..1. subnet.
Since the dhcp pool is set as:
ip dhcp pool GeneralWiFi
network 192.168.1.0 255.255.255.0
lease 1
default-router 192.168.1.1
dns-server 8.8.8.8
exit
There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve -
DHCP Server in non-glocal zone
Is there anyway to run a DHCP server in a non global zone ? Can you give a zone access to a networking device such as qfe3 so dhcpd can catch and respond to requests ?
ThanksActually, the DHCP server doesn't need direct access to the networking device. However, it currently doesn't work with logical interfaces and zones only expose logical interfaces. Adding this support to the DHCP server is currently under consideration.
Blaise -
AirPort Express DHCP Server for distribution of IP-addresses?
Does the AirPort Express have an DHCP server that distribute local IP-addresses like other Wi-FI router does? If so, how do I set it up in the AirPort Utillity?
+Seems I cant force it to only use a specific subset of the IP address range?+
That would be up to the Netcomm router to provide the IP addresses to be used. I'm not familiar with Netcom, but a router with the type of capability I was thinking of could be configured to provide a certain range of IP addresses to a given device based on the MAC address of the device.
The additional information that you just furnished indicates that you probably have a basic featured router designed for home network use that would not have this type of capability. In that case, the AirPort Express would not be able to be configured to Distribute a Range of IP Addresses. It would have to be configured as a "bridge" on the network and receive IP addresses from the main router.
Or, the AirPort Express might be able to distribute the IP addresses that you want if you configure it to Share a public IP address. The rub here is that you will have what is known as a Double NAT on your network. You'll have two devices handling DHCP on the network when there should only really be one. It may or may not function correctly as this is not a recommended configuration.
Message was edited by: Bob Timmons -
Want to stream Netflix to blueray player via my existing Airport Express wifi. The player finds my wifi but the wireless connection fails - says, " Ensure DHCP server is enabled on router and restart router." I don't think I have a DHCP server. Suggestions anyone?
I can't speak specifically regarding LG, but the Whole Home feature on Direct TV (record a movie on one DVR and watch it on another TV in another location) just won't work with wireless, and I have a strong fast connection at 300 Mbps. Ethernet works perfectly.
Few audio/video products will accept "n" wireless at 5 GHz. I suspect that your LG accepts a 2.4 GHz signal, which would top out at 130 Mpbs.
If you are trying to stream High Definition video, especially at 1080P, my opinion would be that it is unlikely that you will be able to do so reliably using wireless.
Perhaps another user who has figured out how to do this will post with some input. -
Time Capsule/AirPort Express problem with DHCP server
Hi everyone,
I seem to be having some weird issue with my home network. I use a Time Capsule (2011) as my main router and a new AirPort Express as a wireless bridge (router set to "Extend a wireless network", the LAN port is connected to network printer). Recently, it seems that at least once or twice a week that the DHCP server on my router stops working. Computers that have static IP addresses have no problem accessing the internet or my local network, but devices that don't have static IPs are unable to join the network (over Wi-Fi or ethernet) because they are not being assigned an IP. This never happened before. I'm not sure if it has anything to do with the recent firmware update. Anybody else seem to be having this problem? I am able to get the DHCP server working again by restarting the Time Capsule or by setting the computer or device that won't connect to a static IP. Really curious why this seems to be happening…
Thanks for all the help guysI am having the same problem with the same setup: a 2011 Time Capsule and an Airport Express. I've had my Aiport Express hooked in for about 2 years, so I know it is not the problem. The only difference I have is the DHCP will stop working on the ethernet, but still work over WiFi from the TC. Rebooting the Time Capsule fixes the DHCP issue.
I am running version 7.6.4 in the Time Capsule. -
Dhcp server won't admit my Arch Linux (though Win's have no problems)
1. Generally my dhcpcd works fine in every network (and always has, I have not changed anything substantial).
2. Currently I am in a network (for just a couple of weeks) in which it does not.
3. The network will ignore all my dhcp requests over both network devices, enp1s0 and wlp2s0 (ethernet and wifi)
4. When trying the same from Windows (dual boot), the dhcp client works brilliantly (i.e. the hardware is fine)
5. I can force entry into the cable network by simply assigning an IP address and setting netmask and gateway as was configured by dhcp when I tried from Windows
6. For wifi this does not work. More specifically it works for a brief moment if (and only if) I was connected from Windows immediately before and assign myself the same IP address (I can ping the gateway and also 8.8.8.8). After this moment the network apparently kicks me out (cannot ping anything any more, nothing answers). dhcpcd inform (dhcpcd -s <IP Adress>) does not fare better.
7. I tried changing some of the settings in dhcpcd.conf that have been given as reasons for similar problems in the forums, archwiki, or somewhere else, including exchanging 'duid' for 'clientid', and commenting out 'require dhcp_server_identifier'. Does not help. My dhcpcd.conf, see below.
8. dhclient does not work either.
What I want: Connect to the internet via wifi from Arch.
I guess this comes down to making the dhcp server believe my Arch was one of the Windowses it is used to. How do I do that?
I understand that dhcp does not involve clients revealing their operating systems to the servers; but some configurations are likely different between Arch and Windows. I am not used to working with Windows and have no idea how to access the dhcp client configuration settings there (if this is even possible) to get an idea what exactly is different. Here is my dhcpcd.conf - any ideas what exactly about it displeases the server so much or what I might change or add to make the server more pleasantly inclined?
dhcpcd.conf
hostname
clientid
#duid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
#require dhcp_server_identifier
nohook lookup-hostname
noipv4ll
I would include the logs as well, but they are boring beyond belief, do not contain anything except for dhcpcd trying and failing with timeout.Thanks, MoonSwan & ewaller,
MoonSwan wrote:Windows' IP address and network settings navigate to: Control Panel -> Network and Internet -> Network Connections -> Click on Device Here (WIFI or LAN) -> Properties and from there you should be able to see the settings you need to figure out what's going on in Windows.
Found that, There are a lot of "Advanced properties", for instance "Bandwidth Capacity" is set to "11b/g: 20MHz", "BSS Mode" is set to "802.11n Mode", "Fragmentation Threshold" to "2346" (whatever that may mean) ... etc. Unfortunately, I cant copy any of that; most of it also seems rather unimportant; also I left all this on its default setting when I followed the instructions on how to connect to this wifi on Windows.
However, here is some information I managed to squeeze out of the pathetic, pittyful Windows terminal which they call the "Comand Line"
C:\Windows\system32> ipconfig /all
<...>
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : <the network name>
Description . . . . . . . . . . . : <hardware description> 802.11b/g/n (2.4GHz)
Physical Address. . . . . . . . . : <the mac address>
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : <some ipv6> %13(Preferred)
IPv4 Address. . . . . . . . . . . : <the ipv4> (Preferred)
Subnet Mask . . . . . . . . . . . : <subnet mask>
Lease Obtained. . . . . . . . . . : Fri, 23. May 2014 19:47:10
Lease Expires . . . . . . . . . . : Fri, 23. May 2014 21:17:09
Default Gateway . . . . . . . . . : <gateway ip>
DHCP Server . . . . . . . . . . . : <some ip that is not part of the local subnet>
DHCPv6 IAID . . . . . . . . . . . : 319352249
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-9F-0F-D6-E0-DB-55-CF-26-6
DNS Servers . . . . . . . . . . . : <a few dns server ip's>
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : <some ipv6> (Preferred)
Link-local IPv6 Address . . . . . : <another ipv6> %12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . : <the network name>
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : <some ipv6> (Preferred)
Default Gateway . . . . . . . . . : <another ipv6>
<yet another ipv6>
DNS Servers . . . . . . . . . . . : <the same ipv4 dns server ip's as above>
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Windows\system32> netsh wlan show all
Wireless System Information Summary
(Time: 23.05.2014 20:38:49 W. Europe Daylight Time)
=======================================================================
============================== SHOW DRIVERS ===========================
=======================================================================
Interface name: Wireless Network Connection
Driver : <hardware description> 802.11b/g/n (2.4GHz)
Vendor : Broadcom
Provider : Broadcom
Date : 21.01.2012
Version : 6.20.55.31
INF file : C:\Windows\INF\oem25.inf
Files : 5 total
C:\Windows\system32\DRIVERS\BCMWL664.SYS
C:\Windows\system32\bcmihvsrv64.dll
C:\Windows\system32\bcmihvui64.dll
C:\Windows\system32\drivers\vwifibus.sys
C:\Windows\system32\bcmwlcoi.dll
Type : Native Wi-Fi Driver
Radio types supported : 802.11n 802.11g 802.11b
FIPS 140-2 mode supported : Yes
Hosted network supported : Yes
Authentication and cipher supported in infrastructure mode:
Open None
Open WEP
Shared None
Shared WEP
WPA2-Enterprise TKIP
WPA2-Personal TKIP
WPA2-Enterprise CCMP
WPA2-Personal CCMP
WPA2-Enterprise Vendor defined
WPA2-Enterprise Vendor defined
Vendor defined Vendor defined
Vendor defined Vendor defined
Vendor defined TKIP
Vendor defined CCMP
Vendor defined Vendor defined
Vendor defined Vendor defined
WPA-Enterprise TKIP
WPA-Personal TKIP
WPA-Enterprise CCMP
WPA-Personal CCMP
Authentication and cipher supported in ad-hoc mode:
WPA2-Personal CCMP
Open None
Open WEP
IHV service present : Yes
IHV adapter OUI : [00 10 18], type: [00]
IHV extensibility DLL path: C:\Windows\System32\bcmihvsrv64.dll
IHV UI extensibility ClSID: {aaa6dee9-31b9-4f18-ab39-82ef9b06eb73}
IHV diagnostics CLSID : {00000000-0000-0000-0000-000000000000}
=======================================================================
============================= SHOW INTERFACES =========================
=======================================================================
There is 1 interface on the system:
Name : Wireless Network Connection
Description : 802.11b/g/n (2.4GHz)
GUID : 6d122ca5-cdc2-42d1-a1fb-3754098b19eb
Physical address : <the mac address>
State : connected
SSID : <ssid>
BSSID : <access point mac address>
Network type : Infrastructure
Radio type : 802.11n
Authentication : WPA2-Enterprise
Cipher : CCMP
Connection mode : Auto Connect
Channel : 1
Receive rate (Mbps) : 72
Transmit rate (Mbps) : 72
Signal : 83%
Profile : <ssid>
Hosted network status : Not available
=======================================================================
=========================== SHOW HOSTED NETWORK =======================
=======================================================================
Hosted network settings
Mode : Disallowed
Settings : <Not configured>
Hosted network status
Status : Not available
=======================================================================
============================= SHOW SETTINGS ===========================
=======================================================================
Wireless LAN settings
Show blocked networks in visible network list: No
Only use GP profiles on GP-configured networks: No
Hosted network mode allowed in WLAN service: No
Allow shared user credentials for network authentication: Yes
Block period: Not Configured.
Auto configuration logic is enabled on interface "Wireless Network Connection"
=======================================================================
============================== SHOW FILTERS ===========================
=======================================================================
Allow list on the system (group policy)
<None>
Allow list on the system (user)
<None>
Block list on the system (group policy)
<None>
Block list on the system (user)
<None>
=======================================================================
=========================== SHOW CREATEALLUSER ========================
=======================================================================
Everyone is allowed to create all user profiles.
=======================================================================
============================= SHOW PROFILES ===========================
=======================================================================
Profiles on interface Wireless Network Connection:
Group policy profiles (read only)
<None>
User profiles
All User Profile : <ssid>
<other profile names>
=======================================================================
========================== SHOW PROFILES NAME=* =======================
=======================================================================
Profile eduroam on interface Wireless Network Connection:
=======================================================================
Applied: All User Profile
Profile information
Version : 1
Type : Wireless LAN
Name : <ssid>
Control options :
Connection mode : Connect automatically
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks
Connectivity settings
Number of SSIDs : 1
SSID name : "<ssid>"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present
Security settings
Authentication : WPA2-Enterprise
Cipher : CCMP
Security key : Absent
802.1X : Enabled
EAP type : Microsoft: Protected EAP (PEAP)
802.1X auth credential : Machine or user credential
Cache user information : Yes
<other profiles ...>
=======================================================================
======================= SHOW NETWORKS MODE=BSSID ======================
=======================================================================
Interface name : Wireless Network Connection
There are 4 networks currently visible.
SSID 1 : eduroam
Network type : Infrastructure
Authentication : WPA2-Enterprise
Encryption : CCMP
BSSID 1 : <other access point ssid>
Signal : 2%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 2 : <other access point ssid>
Signal : 0%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 3 : <access point ssid>
Signal : 87%
Radio type : 802.11n
Channel : 1
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
BSSID 4 : <other access point ssid>
Signal : 0%
Radio type : 802.11n
Channel : 1
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54
SSID 2 : <...>
What I find odd is this "Taredo Tunneling Pseudo-Interface". As a matter of fact, I have not the slightest idea if this is happening inside this local Windows I have here or if this is something real in the network configuration (on the other side of the access point)... It apparently should tunnel IPv6 to IPv4 and/or vice versa. However, why would there be two connections over the same network interface (IPv6 and IPv4)...
What is odd as well is that the DHCP server is not part of the subnet my Windows is in. It just seems to announce IP, netmask, gateway to the Windows ... (the gateway is in the subnet). Could it be that the Linux dhcp client does not accept something like that. No, that's unlikely, right? dhcpcd -d should have reported this...
MoonSwan wrote:Btw, love the name,
Thanks. Likewise
MoonSwan wrote:it's nice to see such a name after seeing so many that are intentionally hurtful to others of any stripe in a rainbow.
Actually, I always felt that the Arch Forum is quite tolerant in this respect. (And so is reddit, but of course, you are right, there are places on the internet where you can run into a lot of assholes. Kind of like in the real world... Quite frustrating.)
ewaller wrote:I guess it could be a MAC problem. but I don't know.
Unlikely; on windows the mac address is the same.
ewaller wrote: Can you get to the router logs? Can you see if the router saw a solicitation?
no. and given their network configuration I don't suppose the IT people here would be very forthcoming if I asked them. Their helpdesk said that they couldn't help me since my laptop was not one of their computers.
ewaller wrote:Also, (just a sanity check) are you sure you are connected to the correct access point? But that does not make sense -- you said this happens on wired as well sad
Dang.
I am. It's WPA2 encrypted & I only have access data to this one wifi network. (To avoid confusing everyone with mentioning too many different things, I did not detail this in the original post. I am accessing it using wpa_supplicant running in a terminal; wpa_supplicant works fine says "connection succeeded" etc. So the problem is not in the WPA/ wifi-connection layer but really in the IP/dhcp layer.)
ewaller wrote:Is this a corporate environment? A school perhaps?
Yes, a university. They have someone working here who went through great lengths to make it difficult for people to connect to the internet. -
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu -
DHCP server does not assign IP addresses SG500 firmware 1.3.5
good day collegues
has any of you come across the following issue:
my switch (after upgrading to the newest firmware 1.3.5) does not assign IP addresses to some of the hosts.
after a couple of hours I managed (do not even how) to force my switch to assign IP addresses only to some of the hosts.
still some of them cannot get the IP address and remain with "funny" IP address like i.e. 169.254.100.100
additional info
1. if I boot my switch with the previous version of firmware (1.3.0.6) everything is OK. all my hosts get correct IP addresess
2. the hosts which do not get IP address were perviously entered in stat host table - now removed, ARP cleared, etc, everything many many times rebooted.
I ran out of ideas, could you pleae give me some hints ?
the config below:
config-file-header
SG500
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end zzz
no spanning-tree
vlan database
vlan 11,13-14
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no ip dhcp snooping verify
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 11
ip dhcp snooping vlan 13
ip dhcp snooping vlan 14
ip arp inspection logging interval infinite
green-ethernet energy-detect
no eee enable
arp timeout 1
ip dhcp server
ip dhcp pool host q409
address 10.10.11.2 255.255.255.0 client-identifier 01:00:08:9b:ac:8f:92
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool host PCH-100
address 10.10.11.10 255.255.255.0 client-identifier 01:00:06:dc:41:ef:ef
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool host q209
address 10.10.13.3 255.255.255.0 client-identifier 01:00:08:9b:ac:72:ba
client-name q209
default-router 10.10.13.254
dns-server 8.8.8.8
exit
exit
ip dhcp pool network HOME
address low 10.10.11.1 high 10.10.11.254 255.255.255.0
lease infinite
default-router 10.10.11.254
dns-server 10.10.10.1
exit
ip dhcp pool network GUESTS
address low 10.10.14.1 high 10.10.14.254 255.255.255.0
lease infinite
netbios-node-type b-node
default-router 10.10.14.254
dns-server 10.10.10.1 62.233.233.233
exit
ip dhcp relay address 10.10.10.1
ip dhcp relay address 10.10.11.254
ip dhcp relay address 10.10.13.254
ip dhcp relay address 10.10.14.254
no boot host auto-config
no qos
qos advanced-mode trust dscp
qos wrr-queue wrtd
exit
hostname SG500
line telnet
exec-timeout 0
exit
logging buffered debugging
no logging file
aaa authentication login Telnet local
aaa authentication enable Telnet enable
aaa authentication dot1x default none
line telnet
login authentication Telnet
enable authentication Telnet
password 999 encrypted
exit
no passwords complexity enable
passwords aging 0
username 999 password encrypted 999 privilege 15
ip http timeout-policy 0 http-only
clock timezone " " 1
clock summer-time web recurring eu
clock source sntp
clock source browser
sntp unicast client enable
clock dhcp timezone
ip domain name 999
ip name-server 10.10.10.1 62.233.233.233 8.8.8.8
ip host 999 10.10.13.3
ip telnet server
no service mirror-configuration
no security-suite deny syn-fin
security-suite syn protection mode disabled
interface vlan 1
ip address 10.10.10.254 255.255.255.0
no ip address dhcp
interface vlan 11
name HOME
ip address 10.10.11.254 255.255.255.0
ip dhcp relay enable
interface vlan 13
name DMZ
ip address 10.10.13.254 255.255.255.0
ip dhcp relay enable
interface vlan 14
name GUESTS
ip address 10.10.14.254 255.255.255.0
ip dhcp relay enable
interface gigabitethernet1/10
description "(99) QNAP 409"
switchport trunk native vlan 11
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
mac address-table aging-time 10
ip default-gateway 10.10.10.1
snmp-server set 999 permitHi Andbor, please make a backup config of your file, factory reset the switch.
After this, manually configure a DHCP scope without any other configuration.
Just something simple like this
ip dhcp pool network GUESTS
address low 10.10.14.1 high 10.10.14.254 255.255.255.0
lease infinite
netbios-node-type b-node
default-router 10.10.14.254
dns-server 10.10.10.1 62.233.233.233
Verify your machine receive IP address with no other configuration.
In some ways, I'm afraid some of your connections black listed due to the arp inspection.
-Tom
Please mark answered for helpful posts -
AirPort guest wifi in bridge mode v 6
Oke... seems the configuration is a very limited to what Apple thinks are the basic needs...
What I really miss is support for Guest network in bridge mode. It ALMOST workst in 6... a shame you can't configure a DHCP server for the Guest network when the main wifi is in bridge mode. You can enable Guest, the client just won't get any IP address... Please fix this! A really usefull function since the AirPort Extreme is used in situation where it isn't the NAT, DHCP or gateway device!
Also it should be possible to configure the DHCP ranges for main and guest should indepently of each other... and simple disable the DHCP function for one or both. Also client isolation is a nice option.
Please make it more Office friendly...
Really make an more advanced view... the aiport is capable of so much more! A pitty it's potential is limited through software configuration issues...
So make it so in the next generation of the configuration utility! Thank youPlease tell Apple what you want here. This support community is comprised of other users, just like you. Apple is not here.
Apple - AirPort Extreme - Feedback -
Can I use DHCP snooping and IOS DHCP server on the same switch stack
Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
ThanksNope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.
Maybe you are looking for
-
How do i move itunes account from one computer to another?
I need to move my wife's itunes account from her PC to my Mac. It will be the second itunes account on our mac. She will long in as her own user on the mac.
-
I'm looking for a way to do a panorama image that the user can simply drag left/right to pan the image and view around the panorama. Without a cursor this is becoming a bit difficult. Looking for some javascript/phonegap/jquerymobile/cs5.5 tips that
-
Components are disapearing!!!
Hello! I am working on a project for about 4 months and decided to add to it my own l&f. Evereything went well untill I needed to deal with InternalFrameUI . Aperantly, when the internal frames are not focused, all the components on each one of them
-
Terms of payment field on 3rd party condition record
Hello, Does anyone currently utilize the terms of payment field (Payment terms) on the 3rd party condition record? At this point, it is a field that can be populated and saved to the condition table (KONP) but it does not appear to influence the pur
-
How can I get the hot spot connection to say working on my phone?
I cannot get my hot spot connection to stay working.