Windows 2008 DHCP
We setup a test VLAN using Windows Server 2008 as DHCP. Currently we have a Novell DHCP running on the production side. We also have Zen 7 that we use for imaging, etc. We can PXE boot just fine on the VLANs that are using the Novell DHCP. However the PXE boot will not work for the Windows 2008 Server.
We have Boot Server Host Name (IP of our imaging server) and Boot Filename (PXEClient) filled in on the Server 2008 DHCP settings. We get an IP just fine, however the PC can't see the imaging server. It gets to looking for TFTP and can't go on.
Can this be done? and if so what settings are we missing?
Thanks in advance.
Originally Posted by grimlock
jshawn wrote:
> We setup a test VLAN using Windows Server 2008 as DHCP. Currently we
> have a Novell DHCP running on the production side. We also have Zen 7
> that we use for imaging, etc. We can PXE boot just fine on the VLANs
> that are using the Novell DHCP. However the PXE boot will not work for
> the Windows 2008 Server.
>
> We have Boot Server Host Name (IP of our imaging server) and Boot
> Filename (PXEClient) filled in on the Server 2008 DHCP settings. We get
> an IP just fine, however the PC can't see the imaging server. It gets to
> looking for TFTP and can't go on.
>
> Can this be done? and if so what settings are we missing?
>
By any chance is your existing dhcp server running on the same box as
the Zen server?
No, they are running on different boxes.
Similar Messages
-
Windows 2008 DHCP Server Address Range and Exclusion Range
Hi ,
I have a couple of Doubts regarding DHCp windows 2008 server
1) The DHCP server is given a static Ip in a network series eg(192.168.1.x) starting Ip is 192.168.1.1 to 192.168.1.254 ,
and if the range is from 192.168.1.10 to 1.250 ,
Should the DHCP server be not given an Ip in the DHCP range specified ?
ie the DHCP server static IP should not be in the 192.168.1.10-192.168.1.250 , ( I have given as 192.168.20.5)
Even though the Exclusion range can be specified , Just want to know if this is best practice.
2) And next setting up the range , should we give the entire network address as range ( eg 192.168.1.1 to 192.168.1.254) and set exclusion range
or take a particular series (eg 192.168.10-100)
Please advise
Thanks in Advance
Regards
Anand MYour DHCP server range should update automatically to the 192.168.0.x subnet when you change your "Local IP address" to 192.168.0.1. Be sure to use a computer that is wired to your router when you do this. Also, be sure to click on "Save Settings", then wait (3 to 60 seconds) for the screen to refresh. You will likely be disconnected from the router when you do this. Do not worry about this. Power down the router and your computer.
Next, wait 30 seconds, then reboot router and computer. Your Local IP address and the DHCP server range should now have the same subnet. -
Server 2008 DHCP is handing out the wrong DNS server.
We have two new 2008 DC that handles, DNS, DHCP and WINS. Our DHCP scopes have been migrated to these servers. We are seeing some random issues where clients are using the new dhcp server but the old dns server information is listed for the some systems. We discover this by using network monitor on the old DC, DNS, DHCP server. Once the client performs a ipconfig /renew, the problem is corrected. Any ideas?
Hi BrianAuH20,
Thank you for posting here.
Based on your description, I understand that your Windows 2008 DHCP server hands out the wrong DNS server address.
To troubleshoot this issue, please perform the follow steps to see whether the clients retrieve the right DNS server address.
1. Temporarily make the old DC, DNS, DHCP server offline.
2. Check the new 2008 DHCP server setting.
i. In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options.
ii. On the Advanced tab, verify that Default User Class is selected next to User class.
iii. Select the 006 DNS Servers check box, in IP Address, under Data entry, type DNS Server IP address, and then click Add.
iv. Select the 015 DNS Domain Name check box, in String value, under Data entry, type your domain's FQDN name, and then click OK.
3. Restart the DHCP service.
For more information, you may refer to:
http://technet.microsoft.com/en-us/library/ee404786(WS.10).aspx
Hope this helps.
Sincerely,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights. -
Windows 2008 R2 DHCP scope change - Netsh Exec not working
OK, there seems to be a disconnect between Netsh documentation and how it actually works. We are in the process of re-addressing ALL our DHCP scopes (joys of a buy-out) and using the steps outlined in numerous MS articles and Blogs etc... we should
be able to use "Netsh dhcp server scope 192.168.1.0 dump > scope1.cfg" then modify the cfg file with the new scope address (i.e. change all 192.168.1. to lets say 10.10.5.). Then use netsh exec scope1.cfg (yes, the file modified) to
create the new scope which would contain all the "stuff" the current scope has (reservations, options, etc).
Well, all we get is the response "The following command was not found: |".
Environment is as follows:
Account is a domain admin
working on a RDP session on the DHCP server
Server is Windows 2008 R2 (current functioning DHCP server)
Using administrative CMD (elevated)
have tried changing context into Netsh | DHCP | Server and default CMD - all "no go"
supporting link from MS: http://technet.microsoft.com/en-us/library/cc772372(v=ws.10).aspx#BKMK_1
There's a lot of discussions around this, but I haven't seen any response that says how to actually do it. export/import won't work for us since we have to update the scope info. With almost 100 scopes to update, we really need this functionality!
(or similar method)
Any assistance would be greatly appreciated.OK... It seems the issue is with the dump file. I actually got exec to run once with a dump file which wasn't modified. The stupid part is it only ran one time, I could not duplicate it. Since
I've beat this thing to death and no one could offer any assistance (Hello MS?), I'm not wasting any more time on it. Luckily, I was able to figure out an alternate method.
Looking at the dump file I realized all the lines are just a straight NetSh commands, which means all I needed to do is grab the lines and preface them with NetSh. Like this...
for /f "tokens=*" %a in ('type scope.cfg ^| find /i "dhcp"') do NetSh %a
where scope.cfg is your dump file. This runs perfect and seems to be the exact thing that exec should be doing. I did flip the "SET STATE 1" to "0" so the scope was deactivated (Don't forget to run it in an elevated
prompt).
Hope this helps someone else so they aren't spending days for nothing! -
Address Leases not appeared in the scopes at DHCP Windows 2008 R2 ent
Hi Friends,
Recently couple of days ago we have migrated from DHCP Server ( Windows Server 2003 R2 32 ) to Windows Server 2008 R2 64 bit Virtual Machine.
After migration, most of the scopes seem empty, no Address Leases appeared in the scopes even most of the reservations also not appeared from DHCP MMC but the client machines obtaining IPs and DHCP VM is working fine.
After investigation I have found following event log errors.
Are these event log errors related to this Issue and what will be problem. Please advise.
===============================================================================
Log Name: Application
Source: Microsoft-Windows-LoadPerf
Date: 9/1/2014 10:01:28 AM
Event ID: 3002
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: SERVER-DHCP1.com
Description:
The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section
contain the last valid index values.
Event Xml:
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122EE297-BB47-41AE-B265-1CA8D1886D40}'/><EventID>3002</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated
SystemTime='2014-09-01T07:01:28.858089200Z'/><EventRecordID>10800</EventRecordID><Correlation/><Execution ProcessID='3108' ThreadID='1628'/><Channel>Application</Channel><Computer>SERVER-DHCP1.Server.com.sa</Computer><Security
UserID='S-1-5-18'/></System><UserData><EventXML xmlns:auto-ns2='http://schemas.microsoft.com/win/2004/08/events' xmlns='LoadPerf'><param1></param1><binaryDataSize>16</binaryDataSize><binaryData>000000006B1700006B170000980B0000</binaryData></EventXML></UserData></Event>
Log Name: System
Source: Service Control Manager
Date: 9/1/2014 9:59:39 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER-DHCP1.com
Description:
The WMI Performance Adapter service terminated with the following error:
%%-2147467259
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-09-01T06:59:39.967870200Z" />
<EventRecordID>29732</EventRecordID>
<Correlation />
<Execution ProcessID="504" ThreadID="3080" />
<Channel>System</Channel>
<Computer>SERVER-DHCP1. com</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WMI Performance Adapter</Data>
<Data Name="param2">%%-2147467259</Data>
</EventData>
</Event>
Thanks in Advanced.
Regards,AliHi Ali,
check this post: http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b8cd762-3f95-4ff9-9d9e-75b04e067d2a/server-2008-dhcp-assigns-leases-but-never-displays-leases-in-the-gui?forum=winserverNIS
Perform these steps from new W2K8 DHCP server:
Open DHCP mmc
Open Command prompt: cmd
Type: netsh dhcp server export C:\dhcp.txt all in command prompt and press Enter
Delete ALL scope information from within the DHCP mmc
Type: netsh dhcp server import C:\dhcp.txt all in command prompt and press Enter
Right-click server name within DHCP mmc and choose refresh -
Windows 2008 R2 DHCP management pack
i got the windows 2008 R2 DHCP management pack installed but one of my dhcp server is 2008. Will this mp monitor 2008 DHCp server?
one of my dhcp cluster went down and service was stopped but there was no alert .
what is the problem?Different between true and false option of “Alert only if startup type is automatic " when DHCP service is stopped
DHCP service start up type
“Alert only if startup type is automatic "
automatic
not automatic
Yes
Generate Alert
No Alert
No
Generate Alert
Generate Alert
Roger -
DHCP Permission - Windows 2008
Hi
We have windows 2008 R2 DHCP server. I want to delegate the helpdesk to have access to DHCP with the below permission:
Reservation : can delete, modify, and add
DHCP Lease : Delete and View
Because currenlty, I'll provide them administrator account and I'm afraid mabe they delete the scope and stop the services, and etc.... which NOT required for them
Please adviseHi,
When we install the DHCP Server service, two local groups are created: DHCP Users and DHCP Administrators. Especially, when we install DHCP Server service in a domain controller, two
domain local groups are created: DHCP Users and DHCP Administrators.
See,
DHCP groups for details.
Therefore, we can add the helpdesk users to the domain local DHCP Administrators group or the local DHCP Administrators group to give only DHCP Administrator permissions than domain or local server administrator permissions. However, I’m afraid that we cannot
split the Administrator rights as you described.
More information:
More About DHCP Security Groups
Add a user or group as a DHCP administrator at a member server
Add a Group or User as a DHCP Administrator at a Domain Controller
Hope this helps.
Jeremy Wu
TechNet Community Support -
Windows 2008 DNS & DHCP configuration steps for 11gR2 GI install with GNS
Hi,
I have windows 2008 R2 server with DNS & DHCP services installed. I am planning to install 2 node RAC with GNS option.
The problem is i could not find any document to setup the windows 2008 DNS server for the below steps.
a. Configure GNS VIP : add a name resolution entry in a DNS for the GNS virtual IP address in the forward Lookup file.
gns-server IN A <virtual_IP>
where gns-server is the GNS virtual IP address given during grid installation.
b. Configure the GNS sub-domain delegation: add an entry in the DNS to establish DNS Lookup that directs the DNS resolution of a GNS subdomain to the cluster.
clusterdomain.example.com. NS gns-server.example.com.
where clusterdomain.example.com is the GNS subdomain (provided during grid installation) that you
delegate and gns-server.clustername.com resolves to GNS virtual IP address.
I am aware that this configuration steps has to be taken care by the System administrator. Here is what he tried and the results.
My SA was able to Configure GNS VIP in the DNS and the Nslookup works fine for this.
When he Configures the GNS sub-domain delegation the nslookup fails when trying to resolve the SCAN name.
Any step by step tutorial for this windows 2008 DNS & DHCP configuration for Oracle GNS setup would be highly appreciated.
Thanks,
Ashok Kumar.GHi Guys,
Any help on this request will be very helpful.
Thanks,
Ashok Kumar.G -
IPV6 clients cannot ping each other while getting IP from DHCP server running in windows 2008
I have two windows 7 clients and a windows 2008 server connected to a switch with static IP 172:16:5::1/64.
DHCP server is configured with static IP 172:16:5::20/64
when i statically assign IP to windows 7 clients like 172:16:5::21 & ::22, they can ping each other. if they get ip from DHCP server, they cannot ping each other.
if i configure the gateway (172:16:5::1) in the clients manually, they can ping each other.
is there any way we can make dhcp server to give gateway to the clients along with IP?From what I have gathered:
IPv6 won't route because the DHCP server is setup in 'stateless' mode and the switches do not support IPv6. (
"But if your routers are not IPv6 supported (yet), you can
reconfigure DHCPv6 to Disable Stateless mode, and that'll issue IPv6 addresses that
will eliminate the Ping problem." -
http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html)
So you must change to 'disable stateless' mode. Which the only way I can THINK to do this is to uninstall DHCP and reinstall DHCP and select 'disable stateless' during the installation (which I haven't confirmed). (In
case, “Disable DHCPv6 stateless mode for this server” option was selected duringrole installation" -
http://blogs.technet.com/b/teamdhcp/archive/2009/03/03/dhcpv6-understanding-of-address-configuration-in-automatic-mode-and-installation-of-dhcpv6-server.aspx)
zz.. but my understanding of DHCP is fragmented, please take what I find with a grain of salt. I am off to reinstall DHCP :] .. fun.
Mediocre Access 2010 | (Baby) Beginner C Sharp | OK at Active Directory (2012) | Fragmented understanding of DNS/DHCP | Laughable experience with Group Policy | Expert question asker on MSDN Forums -
Slow transfer file speed in Windows 7 SP1, Windows 2008 R2
We have Windows 7 SP 1 and Windows 2008 R2 in both Physical and Virtualization environment. Our network speed is 1 Gbps for Client and 10 Gbps for server infrastructure. We found this
problem in all referred environment and here is the current situation.
Transfer files from Windows 7 to Server 2008 (Slow < 10 MB/s)
Transfer files from Windows 2008 to Server 7 (Slow < 10 MB/s)
Transfer files from Windows 7 to Windows 7 (Slow < 10 MB/s)
Transfer files from Windows 2003 to Server 7 (Normal up to 120 MB/s)
Transfer files from Windows 2008 to Server 7 in Safe Mode with Network (Normal up to 120 MB/s)
Copy File using 3rd software (Normal up to 120 MB/s) but copy via windows explorer (Slow < 10 MB/s)
We try to do some configuration but it still doesn’t work below.
Command netsh int tcp set global
Update NIC driver vmxnet3 (Virtualization) and Realtek (Physical)
Disable Firewall
Disable and Enable network card
Apply hotfix in Kb2675785 and Kb2885974
Apply all Update Windows using Windows update feature
Finally we found strange solution to improve network speed which faster more than 10 times (60 - 150 Mbps) by using one of condition below
Change UNC form using Hostname to IP Address
Restart DHCP service
Change some NIC hardware configuration or Check and uncheck IP V4 property in NIC configuration (No restart required)
This is an temporary solution for No.1 but in No.2 and No.3 user need administrator right ans after computer is restarted the problem still existing. Do you have any Idea to fix this problem
in long term? Thank you for you help.Hi,
The difference should be Windows Server 2003 uses SMB 1.0 protocol:
•SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
•SMB 2.1 ((technically SMB2 version 2.1) – The version used in Windows 7 (or any SP) and Windows Server 2008 R2 (or any SP)
Just for a test, disable the SMB v2 to check if it could make any difference:
How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
http://support.microsoft.com/kb/2696547
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
Windows 2008 Server Configuration - Help
Hello All,
I am not an expert in configuring servers and I have just started to learn. Please forgive me if I am doing something funny!
I have a router with static IP address and DHCP enabled on the router. The router had the following configuration as shown below and the clients were obtaining IP address from the router and using the internet without a problem.
Router Configutaion:
Basic Setting:
IP Address : 122.165.60.160 (My Wan Static IP)
IP Subnet Mask : 255.255.252.0
Gateway IP: 122.165.60.1
DNS Address:
Primary DNS : 203.145.184.32
Secondary DNS: 203.145.184.13
Lan TCP/IP Setup:
IP Address: 192.168.2.1 (Router IP)
IP Subnet Mask: 255.255.255.0
DHCP Enabled:
Statring IP : 192.168.2.11
Ending IP: 192.168.2.100
Now, I have installed Windows 2008 R2 Server with Active Directory, DNS and DHCP, IIS. I have created a few users and did nothing more than that in the server.
Server IP Settings
Server IP: 192.168.2.5
Subnet : 255.255.255.0
Gateway : 192.168.2.1
DNS: 127.0.0.1
And when I tried to join the domain i created... corp.globe.com the clients were not able to find the domain I therefore changed the following settings in the router.
DNS Address:
Primary DNS : 203.145.184.32
Secondary DNS: 192.168.2.5 (Server IP)
After this change the clients were able to join the domain and login as well. However the clients were getting the IP from the router. I am facing a lot of problems as listed below.
1. I am not able to ping the clients using the computer name from the server.
2. Clients cannot ping other clients or server using name. (Suppose if I try... PING SYS1 .... It looks like it is trying to ping some 92.x.x.xx IP address) even if SYS1 IP address is 192.168.2.13
3. Clients can access Internet, but I cannot browse anything in the server.
Please help me in the configuration, or point me to some guide which describes the same. I tried to set up and enable the DHCP server using Windows 2008 machine and I disabled it DHCP on the router, clients where able to get the IP address from Windows 2008
server, but they were not able to use internet. Please advise.
Thanks for your time.Hi,
And you cannot ping the clients using the computer name from the server?
Did you turn off the firewall on server and client?
If you are having problems connecting to Active Directory and you have already successfully verified network connectivity, there might be a name resolution problem. For more and detail information, please refer to:
http://technet.microsoft.com/en-us/library/cc961921.aspx
Regards.
Vivian Wang -
Oracle 10g instalation on windows 2008 64 bit getting error
Hi,
I am trying to install Oracle 10g database(10204_vista_w2k8_x64_production_db) ON windows 2008 release 2 sevice pack1. i am getting following errors.
please give me solution how to install.
Checking operating system requirements ...
Expected result: One of 5.0,5.1,5.2,6.0
Actual Result: 6.1
Check complete. The overall result of this check is: Failed <<<<
Problem: Oracle Database 10g is not certified on the current operating system.
Recommendation: Make sure you are installing the software on the correct platform.
=======================================================================
Checking service pack requirements ...
Check complete. The overall result of this check is: Not executed <<<<
OUI-18001: The operating system 'Windows Vista Version 6.1' is not supported.
Recommendation: Install the recommended Service Pack.
=======================================================================
Checking physical memory requirements ...
Expected result: 256MB
Actual Result: 3956MB
Check complete. The overall result of this check is: Passed
=======================================================================
Checking Network Configuration requirements ...
Actual Result: :Native Library C:\Users\Administrator\AppData\Local\Temp\1\OraInstall2011-06-21_11-06-53AM\bin\win64\DHCPPrereq.dll already loaded in another classloader
Check complete. The overall result of this check is: Not executed <<<<
Recommendation: Oracle supports installations on systems with DHCP-assigned IP addresses; However, before you can do this, you must configure the Microsoft LoopBack Adapter to be the primary network adapter on the system. See the Installation Guide for more details on installing the software on systems configured with DHCP.
=======================================================================
Checking the length of PATH environment variable...
Check complete. The overall result of this check is: Passed
=======================================================================
Validating ORACLE_BASE location (if set) ...
Check complete. The overall result of this check is: Passed
=======================================================================
Checking Oracle Home path for spaces...
Check complete. The overall result of this check is: Passed
=======================================================================
Checking Oracle Home path for location ...
Check complete. The overall result of this check is: Passed
=======================================================================
Checking for proper system clean-up....
Actual Result: :java.lang.UnsatisfiedLinkError:Native Library C:\Users\Administrator\AppData\Local\Temp\1\OraInstall2011-06-21_11-06-53AM\bin\win64\sidqueries.dll already loaded in another classloader
Check complete. The overall result of this check is: Not executed <<<<
Recommendation: You must completely remove the ASM instance by removing the ASM service from the Service Control Manager, or you must configure it properly by ensuring that the ASM service is associated with a valid Oracle Home where ASM is configured.
=======================================================================
Checking for Oracle Home incompatibilities ....
Actual Result: NEW_HOME
Check complete. The overall result of this check is: Passed
=======================================================================10..2.0.4 not certified for Windows Server 2008 64bit, If you want install this software , you need to apply patch 10.2.0.5 patch
10.2.0.4 is on certified for windows Server 2008 32bit (x86), so you can install the software without apply patch but If you want to install windows 7 , you need to apply patch.
Read 4th steps
http://www.oracle.com/technetwork/database/10204-winx64-vista-win2k8-082253.html -
Not Able To Assign A Static IP Address To Windows 2008 64 bit Server
Hello Experts,
I've been trying to assign a static IP address to Windows 2008 R2 Server Virtual Box image. As soon as I assign static IP address to the image, either it hangs or says "Unidentified network".
I'm 100% sure that I'm using correct IP address, Gateway, Subnet mask and DNS Server details. If I use same settings on other linux virtual box, it is able get that static ip address. The issue is only with Windows 2008 image.
Here few more inputs that may help:
- Windows 2008 image has "Bridge" adapter.
- Host system is connected to corporate network via wired connection and NOT on VPN.
- If I use "Obtain IP address automatically" setting, then it is able to get a dynamic IP address and internet is working fine.
Questions:
1. Has anyone seen this issue before ?
2. Do I need to do any additional configuration on Windows 2008 server ?
Thanks,
GKHi,
Method 1: Uninstall and reinstall network drivers.
Method 2: If you have any anti-virus software, disable them.
You can also try set a static IP via neetsh commend.
How to Use the NETSH Command to Change from Static IP Address to DHCP in Windows 2000
http://support.microsoft.com/kb/257748
Hope this helps. -
Domain Controller upgrade windows 2008 r2 to windows 2012
I currently have 3 windows 2008 r2 domain controllers. 1 physical and 2 virtual. I am looking to see what the best upgrade path would be. the physical is the primary and has dhcp and dns services
Stonecold31666See this,
http://social.technet.microsoft.com/wiki/contents/articles/16797.upgrade-to-active-directory-2012.aspx
Regards
Biswajit Biswas
My
Blogs|TechnetWiki
Ninja
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin -
Aironet 2702i Autonomous - Web-Authentication with Radius Window 2008
Hi Guys,
I have a problems with case, i have diagrams sample like then : AD(Win2008) - Radius(Win2008) - Aironet 2702i => Use methods Web-Auth for EndUser
This is my Configure file on Aironet 2702i
Aironet2702i#show run
Building configuration...
Current configuration : 8547 bytes
! Last configuration change at 05:08:25 +0700 Fri Oct 31 2014 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Aironet2702i
logging rate-limit console 9
aaa new-model
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login DTSGROUP group radius
aaa authentication login webauth group radius
aaa authentication login weblist group radius
aaa authentication dot1x default group radius
aaa authorization exec default local
aaa session-id common
clock timezone +0700 7 0
no ip source-route
no ip cef
ip admission name webauth proxy http
ip admission name webauth method-list authentication weblist
no ip domain lookup
ip domain name dts.com.vn
dot11 syslog
dot11 activity-timeout unknown default 1000
dot11 activity-timeout client default 1000
dot11 activity-timeout repeater default 1000
dot11 activity-timeout workgroup-bridge default 1000
dot11 activity-timeout bridge default 1000
dot11 vlan-name DTSGroup vlan 46
dot11 vlan-name L6-Webauthen-test vlan 45
dot11 vlan-name NetworkL7 vlan 43
dot11 vlan-name SGCTT vlan 44
dot11 ssid DTS-Group
vlan 46
authentication open eap DTSGROUP
authentication key-management wpa version 2
mbssid guest-mode
dot11 ssid DTS-Group-Floor7
vlan 43
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 013D03104C0414040D4D5B5E392559
dot11 ssid L6-Webauthen-test
vlan 45
web-auth
authentication open
dot1x eap profile DTSGROUP
mbssid guest-mode
dot11 ssid SaigonCTT-Public
vlan 44
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 04480A0F082E424D1D0D4B141D06421224
dot11 arp-cache optional
dot11 adjacent-ap age-timeout 3
eap profile DTSGROUP
description testwebauth-radius
method peap
method mschapv2
method leap
username TRIHM privilege 15 secret 5 $1$y1J9$3CeHRHUzbO.b6EPBmNlFZ/
username ADMIN privilege 15 secret 5 $1$IvtF$EP6/9zsYgqthWqTyr.1FB0
ip ssh version 2
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 44 mode ciphers aes-ccm
encryption vlan 46 mode ciphers aes-ccm
encryption mode ciphers aes-ccm
encryption vlan 43 mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
ssid DTS-Group
ssid DTS-Group-Floor7
ssid L6-Webauthen-test
ssid SaigonCTT-Public
countermeasure tkip hold-time 0
antenna gain 0
stbc
mbssid
packet retries 128 drop-packet
channel 2412
station-role root
rts threshold 2340
rts retries 128
ip admission webauth
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.43
encapsulation dot1Q 43
bridge-group 43
bridge-group 43 subscriber-loop-control
bridge-group 43 spanning-disabled
bridge-group 43 block-unknown-source
no bridge-group 43 source-learning
no bridge-group 43 unicast-flooding
interface Dot11Radio0.44
encapsulation dot1Q 44
bridge-group 44
bridge-group 44 subscriber-loop-control
bridge-group 44 spanning-disabled
bridge-group 44 block-unknown-source
no bridge-group 44 source-learning
no bridge-group 44 unicast-flooding
ip admission webauth
interface Dot11Radio0.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 subscriber-loop-control
bridge-group 45 spanning-disabled
bridge-group 45 block-unknown-source
no bridge-group 45 source-learning
no bridge-group 45 unicast-flooding
ip admission webauth
interface Dot11Radio0.46
encapsulation dot1Q 46
bridge-group 46
bridge-group 46 subscriber-loop-control
bridge-group 46 spanning-disabled
bridge-group 46 block-unknown-source
no bridge-group 46 source-learning
no bridge-group 46 unicast-flooding
interface Dot11Radio1
no ip address
shutdown
encryption vlan 46 mode ciphers aes-ccm
encryption vlan 44 mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 43 mode ciphers aes-ccm
encryption vlan 45 mode ciphers ckip-cmic
ssid DTS-Group
ssid DTS-Group-Floor7
ssid SaigonCTT-Public
countermeasure tkip hold-time 0
antenna gain 0
peakdetect
dfs band 3 block
stbc
mbssid
packet retries 128 drop-packet
channel 5745
station-role root
rts threshold 2340
rts retries 128
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.43
encapsulation dot1Q 43
bridge-group 43
bridge-group 43 subscriber-loop-control
bridge-group 43 spanning-disabled
bridge-group 43 block-unknown-source
no bridge-group 43 source-learning
no bridge-group 43 unicast-flooding
interface Dot11Radio1.44
encapsulation dot1Q 44
bridge-group 44
bridge-group 44 subscriber-loop-control
bridge-group 44 spanning-disabled
bridge-group 44 block-unknown-source
no bridge-group 44 source-learning
no bridge-group 44 unicast-flooding
ip admission webauth
interface Dot11Radio1.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 subscriber-loop-control
bridge-group 45 spanning-disabled
bridge-group 45 block-unknown-source
no bridge-group 45 source-learning
no bridge-group 45 unicast-flooding
ip admission webauth
interface Dot11Radio1.46
encapsulation dot1Q 46
bridge-group 46
bridge-group 46 subscriber-loop-control
bridge-group 46 spanning-disabled
bridge-group 46 block-unknown-source
no bridge-group 46 source-learning
no bridge-group 46 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
dot1x pae authenticator
dot1x authenticator eap profile DTSGROUP
dot1x supplicant eap profile DTSGROUP
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.43
encapsulation dot1Q 43
bridge-group 43
bridge-group 43 spanning-disabled
no bridge-group 43 source-learning
interface GigabitEthernet0.44
encapsulation dot1Q 44
bridge-group 44
bridge-group 44 spanning-disabled
no bridge-group 44 source-learning
interface GigabitEthernet0.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 spanning-disabled
no bridge-group 45 source-learning
interface GigabitEthernet0.46
encapsulation dot1Q 46
bridge-group 46
bridge-group 46 spanning-disabled
no bridge-group 46 source-learning
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet1.43
encapsulation dot1Q 43
bridge-group 43
bridge-group 43 spanning-disabled
no bridge-group 43 source-learning
interface GigabitEthernet1.44
encapsulation dot1Q 44
bridge-group 44
bridge-group 44 spanning-disabled
no bridge-group 44 source-learning
interface GigabitEthernet1.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 spanning-disabled
no bridge-group 45 source-learning
interface GigabitEthernet1.46
encapsulation dot1Q 46
bridge-group 46
bridge-group 46 spanning-disabled
no bridge-group 46 source-learning
interface BVI1
mac-address 58f3.9ce0.8038
ip address 172.16.1.62 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius server 172.16.50.99
address ipv4 172.16.50.99 auth-port 1645 acct-port 1646
key 7 104A1D0A4B141D06421224
bridge 1 route ip
line con 0
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
end
This is My Logfile on Radius Win 2008 :
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: S-1-5-21-858235673-3059293199-2272579369-1162
Account Name: xxxxxxxxxxxxxxxx
Account Domain: xxxxxxxxxxx
Fully Qualified Account Name: xxxxxxxxxxxxxxxxxxx
Client Machine:
Security ID: S-1-0-0
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: -
Calling Station Identifier: -
NAS:
NAS IPv4 Address: 172.16.1.62
NAS IPv6 Address: -
NAS Identifier: Aironet2702i
NAS Port-Type: Async
NAS Port: -
RADIUS Client:
Client Friendly Name: Aironet2702i
Client IP Address: 172.16.1.62
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: DTSWIRELESS
Authentication Provider: Windows
Authentication Server: xxxxxxxxxxxxxx
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
So i will explain problems what i have seen:
SSID: DTS-Group using authentication EAP with RADIUS and it working great (Authentication Type from Aironet to RADIUS is PEAP)
SSID:L6-Webauthen-test using web-auth and i had try to compare with RADIUS but ROOT CAUSE is AUTHENTICATION TYPE from Aironet to RADIUS default is PAP. (Reason Code : 66)
=> I had trying to find how to change Authentication Type of Web-Auth on Cisco Aironet from PAP to PEAP or sometime like that for combine with RADIUS.
Any idea or recommend for me ?
Thanks for see my caseHi Dhiresh Yadav,
Many thanks for your reply me,
I will explain again for clear my problems.
At this case, i had setup complete SSID DTS-Group use authentication with security as PEAP combine Radius Server running on Window 2008.
I had login SSID by Account create in AD => It's work okay with me. Done
Problems occurs when i try to use Web-authentication on Vlan45 With SSID :
dot11 ssid L6-Webauthen-test
vlan 45
web-auth
authentication open
dot1x eap profile DTSGROUP
mbssid guest-mode
After configured on Aironet and Window Radius , i had try to login with Account create in AD by WebBrowser but it Fail ( i have see mini popup said: Authentication Fail" . So i go to Radius Server and search log on EventViewer.
This is My Logfile on Radius Win 2008 :
Network Policy Server denied access to a user.
NAS:
NAS IPv4 Address: 172.16.1.62
NAS IPv6 Address: -
NAS Identifier: Aironet2702i
NAS Port-Type: Async
NAS Port: -
RADIUS Client:
Client Friendly Name: Aironet2702i
Client IP Address: 172.16.1.62
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: DTSWIRELESS
Authentication Provider: Windows
Authentication Server: xxxxxxxxxxxxxx
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
Im think ROOT CAUSE is :
PAP is the default authentication type for web-auth users on Aironet 2702i, so it can't combine with Radius Window 2008 because they just support PEAP (CHAPv1,CHAPv2....) => Please give me a tip how to change Authentication Type from PAP to PEAP for Web Authentication on Aironet
Maybe you are looking for
-
Sending an email with text Content using SMTP Adapter.
I am trying to send an email Message with the .txt attachment using SMTP adapter. I am getting an XML input and I am mapping the input Schema to Flat File Schema. I am trying to Send this Flat File(.txt attachment) in the Email. But I am receiving it
-
Hi, I have a macbook pro and iphone4, so I bought a Denon Ceol RCD N-7 that supports airplay. The system requires, that I upgrade the software on the receiver, which I have done. And I can confirm on the receiver, that I have installed the airplay on
-
Moved to correct forum by moderator Hi all, We have a problem in script where we need to increase he main window size where it is being populated with items, when we increase the main window the footer is getting over written in main window,we need t
-
My apple mail flagged messages are not showing up in the flagged folder.
my apple mail flagged messages not showing up in the flagged folder ?
-
I recently noticed that documents created in Word on a PC would, when opened with my Macbook, revert to a different font. I think I previously had these fonts on my Macbook, but suddenly they're gone--is it possible that they disappeared, and is ther