Wireless Anchor: DHCP Origination?

Similar Messages

• 2500 wireless guest anchor, dhcp performance

  Hello,
  I just read that starting from version 7.4, the 2500 controller can be used to terminate guest anchor tunnels.
  This is great news, but i have a question regaring the performance of the internal DHCP server when used in guest environments.
  Can it be used and if so, what is its performance ? (ie requests / second)
  regards,
  Geert

  Take a look at the data sheet and it will give you a general understanding of the max client count which is 500 and the throughput which is 500mbps unless you run 7.4 and have LAG enabled which gives you 1gig.  I would only use this for small installs and if its a pretty medium to large guest network, then stick with the 5508.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Extending Wireless Network - DHCP Issues

  I have an Airport Extreme 802.11n and I want to extend the range of it with my Airport Express 802.11n. I found the "Designing Airport Networks Using Airport Utility" from the Apple support page. "Extending the Range of an 802.11n Network" on page 46 says to manually set up. Under "wireless" when I check the box to "Allow this network to be extended" I get a dialog box that says, Correct the 2 problems below before updating this Apple device. Those problems are DHCP Beginning Address 10.0.1.2 and DHCP Ending Address 10.0.1.200. The Airport Extreme has the IP Address of 10.0.1.33. It says the DHCP range you have entered conflicts with the WAN IP address of your wireless device. If I limit the beginning address to start at 10.0.1.34 should that solve my issue? Any help is appreciated.
  Thank You!

  Sorry but I should have read your original post closer.
  Since you already have a router distributing IP addresses, you don't need the AEBS doing that. Configure your AEBS so that it is acting as a bridge (not sharing a single IP address).

• IOS 5.0.1 wireless Bug - DHCP

  We discovered an interesting issue yesterday on our network, and upon much searching, I didn't see anyone else with the same conclusion.
  Allow me to start by describing the issue.  It's happened on a few occassions in our network over the past several months (we recently started allowing Apple iOS devices on our network as Exchange Activesync clients), but I was finally able to narrow it down today. 
  Issue: Certain iOS devices when connected to the wireless network retain their DHCP Lease from their home network in the background, while connecting to the business network with a like subnet.  The IP Address that the iOS device is retaining from home is NOT in the DHCP scope of the business network, but conflicts with a static assigned IP Address on one of the corporate network services (i.e. Print Server, Email Server, File Server, Database Server) in the like subnet.  For example "User A" running an iPhone 4S with iOS 5.0.1 has an Airport Extreme at home that assigns DHCP Addresses in the 10.0.0.x scope.  The Corporate DHCP Scope is 10.0.4.x-10.0.5.x with similar subnet.  "User A" connects to corporate network via wi-fi and is assigned an IP address of 10.0.4.x (but in the background the device is reserving 10.0.0.x from home Airport Extreme.)  Address 10.0.0.x belongs to back-end email server, and whenever "User A" turns their device on, it disrupts the network connectivity for the rest of the corporate network to the email server.  "User A" turns off wi-fi on iPhone, and normal corporate network operations resume.  In the past, the issue has conflicted with a less major server, or another windows client, and so a resolution was able to be acquired by renewing the IP Address on the Windows client computer.
  The issue presents it self as one of our Windows Server machines complaining about an IP Address Conflict on the network.  Upon examining the Windows Event Viewer in the System Log, we discover an error message from the "Tcpip" service "The system detected an address conflict for IP address 10.0.0.X with the system having network hardware address 60:C5:47:XX:XX:XX. Network operations on this system may be disrupted as a result." Upon examining the mac address beginning with 60:C5:47 we discover this particular MAC Address range belongs to Apple Inc. (LINK)  This led us to search the building for the offending iOS device on which we were able to verify the Wireless MAC address.
  In a similar forum post by a user in 2009, the suggestion was that the issue lay with the Windows computer.  Well, in that particular case, it was a Home PC, and the user was able to 'work-around' the bug by renewing their DHCP lease on their other client that was reporting the issue.  In our case, since the conflict occurs with a Network Server with a staticly assigned IP and services / certificates assigned to that interface, it's not as easy as renewing the IP address to allow the Windows computer to 'fix' the issue.  I believe the issue lies in the iOS wireless driver, and needs to be addressed by Apple Development team.  I'm not sure the best way to accomplish this, so I figured I'd start in the support forum. Since there wasn't a forum for iOS, I placed the issue under iPhone for Enterprise, though this issue is reproducable with iPad and iPod Touch also.
  Here's a detailed post by Princeton University where they describe the issue in great detail. http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to-expire-keeps-using- IP-address.html#chronology How can we get greater urgency to get this bug fixed?
  I'd appreciate response / suggestions / input / feedback.
  Thanks!
  DRO4LIFE

  This is nothing a feature like DHCP Snooping, IP Source Guard and Dynamic ARP Inspection couldn't resolve.  Why on earth would this be affecting the rest of your network?  If everything is properly segmented, it shouldnt matter if that thing boots up with your e-mail servers IP address.  If it is, you are using a big *** network like a /16 and simply dishing out certain ranges to certain functions rather than using proper subnetting.  I really hope this is not the case as thats a big mistake. 
  If you have everything setup properly, I cannot see that device as affecting anything at all;  if it came up with that IP on your wireless subnet, no devices in other subnets should ever be trying to talk to that thing since that IP range is supposed to be reachable elsewhere, like your server subnet, not the wireless subnet.  Your other networks will always be forwarding traffic for your server to your server subnet, never to the wireless subnet.
  If you are at all confused about what I am saying, let me ask you this.  What is the default gateway for your Wireless devices and what is the default gateway for your Servers?  If that answer is the same, there lies your problem.  Hire a network engineer to clean up that mess.  If it is not the same, then something like proxy ARP must be turned on since that incorrect IP should not affect anything other than itself with proper layer 3 boundaries.
  If that is not an option, you should be able to use a combination of DHCP Snooping,IP Source Guard and Dynamic ARP Inspection to nip this problem in the butt if your running Cisco gear (if other gear, cross reference, I'm sure the feature exists with another name).  The only way for it to cause havok is if the offending device is producing an ARP reply for your servers IP.  If running Dynamic ARP Inspection, it should see the offender responding with an ARP for your servers IP which doesnt match what the DHCP snooping database has in it, and it will drop that ARP reply.  If by chance that offending device did try to transmit as your servers IP, IP Source Guard's dynamic PACL should have dropped that traffic since its source IP does not match what is in the DHCP Snooping database.
  I am not doubting that a bug exists here, however a robust network infrastructure would not be affected by what you describe.  Those switch features were designed to halt malicious actions, whether performed intentionally or accidentally via a bug.  A network engineer worth his/her salt would have implemented that in their design.

• Using X3500 as a Wireless Extender DHCP issue iPhone 6

  Hi
  Hopefully a simple question with a simple answer.
  Background:
  I've transitioned away from my ADSL ISP to a cable provider (VirginMedia). My new ISP comes with a cable modem (SuperHub 2 ac) and I've connected the two devices together to extend my home wireless network. The cable modem is The two routers are physically remote from each other - connected via just their Ethernet ports - via power-line technology (Devolo dLAN 1200+). The two routers have the same broadcast SSID albeit on separate channels.
  Issue:
  All devices in my house, laptops tablets, phones roam between the two wi-fi zones seamlessly *except* the iPhone 6 (iOS8.1), this works on the cable modem wi-fi - but not on the X3500 wi-fi. I also have an iPad Mini 2 (also iOS8.1) which also works - so rightly / wrongly I've ruled out iO8.1 as the issue. Oddly the iPhone 6 connects to the x3500 but doesn't obtain an IP address (the cable modem is the DHCP server). Even setting a static IP address doesn't help.
  Observation(s):
  If the X3500 is setup as a DHCP server, the iPhoen connects (and gets an IP address), but then the default gateway is incorrect (gatway is the IP address of the X3500 not the remote cable modem). I can't find anywhere to specify a default gateway in the setup.
  Question
  I'm beginning to think this is an issue with the iPhone 6 (knowing all other devices work correctly), but I just want to make sure I'm configuring the X3500 correctly. I'm specifically interested in the whether I'm using the right "Mode"ADSL / Ethernet. I've tried "Bridged Mode Only" (ADSL) and "Automatic DCHP Only" (Ethernet) but neither seem to resolve the issue that the iPhone 6 is having.
  any suggestions on how to resolve / troubleshoot would be most welcomed.
  Thanks!
  Solved!
  Go to Solution.

  Yes, there's a way for you to override the IP Address. It is on Router Address under Network Setup on the Basic Setup tab. If I'm not mistaken, one end of the Ethernet cable should be connected to the regular Ethernet port of the cable modem and the other end to the cable port of the X3500.
  But if it's just the iPhone that won't connect to the X3500, it might be okay to retain the current configuration of the router, but try adjusting the wireless security mode or set the wireless channel to 11 and observe what happens.

• Guest Wireless Tunnelling - DHCP Issue

  Hi,
  I'm attempting to implement Guest Anchor tunnelling between two WLC's but I've run into an odd issue I cannot find a clear answer to.
  We have two 5508 WLC's, both Running 7.4.100.0.
  The Guest Anchor Controller obviously resides in a DMZ, it's functionality has been proven by connecting an AP directly to it, and connecting the the guest WLAN.
  The two controllers have been configured as Mobility Peers, the Mobility Tunnel between them is up (mping and eping both successful, status is up).
  The Guest WLAN has been replicated on both controllers, I have set the Mobility Anchor on the WLAN. The Guest Anchor has itself as the mobility anchor and the Internal Controller has the Guest Anchor set.
  DHCP is provided by the Guest Anchor's internal DHCP Server. DHCP Proxy is enabled on both Controllers, with the Option 82 format set to AP-MAC. Both Controllers WLAN settings are set to DHCP Server Override, pointed to the Management IP of the Guest Anchor and DHCP Addr. Assignment required.
  The problem I'm experiencing is with connecting clients through the Internal WLC. The Client Associates to the Internal WLC and obtains a lease from the Guest Anchor and connects to the network. A few seconds later the client is dessociated from the internal controller. On every subsequent connection attempt, the client does not recieve a response to it's DHCP Requests, and hence ends up with an apipa address.
  The Message logs on two controllers return the following errors:
  INTERNAL CONTROLLER:
  *apfReceiveTask: Jun 27 14:03:25.839: #APF-4-HANDOFF_END_RCVD: apf_mm.c:1626 Handoff end received in wrong role (peer Ip: 0.0.0.0, sender:GUEST_ANCHOR_IP, Role:0) for mobile Client_MAC
  GUEST ANCHOR CONTROLLER:
  *DHCP Server: Jun 27 14:03:14.466: #DHCP-4-REQIP_NOT_PRESENT: dhcpd.c:559 Received a packet without a requested ip!.
  Has anyone else seen similar behaviour? Does anyone have an ideas what might be causing this?
  Many Thanks,
  Paul

  Hi George,
  Thanks for the reply.
  The Guest WLAN on the Internal Controller is Anchored to the WLC in the DMZ. The Guest Anchor is anchored to itself.
  There are only two controllers in the configuration, so breaking off one of the Anchors isn't really an option.
  I have tested the Guest Anchor as a Standalone WLC by connecting an AP directly to it, in that configuration DHCP works as expected.

• Problem iphone 4s with dlink 624s wireless with dhcp

  I heve a iphone 4s which is not stable in my wireless with a router dlink 624s and dhcp. Sometimes iphone runs okay, otherwise it is conect to the router but I cannot surf in the web, the iphone indicates "some problem with the server", even www.google.com doens't open in the safari, but it is connected because the simbol is present in the superior left corner of iphone.
  dhcp 192.168.0.110

  Configure the router to do DHCP automatically, try not to hard code the ip address.
  1. Try rebooting the router.
  2. See if there's a firmware update for your router.
  Read this: http://support.apple.com/kb/TS1398

• Wireless Anchor Controller Web-Authenication Redirect Page

  I configured a wireless guest anchor controller with a  custom web-authenication acceptable use policy splash  page with an email box and accept or reject button. Everything is working properly except if someone types their email in the box and hits enter instead clicking on accept it redirects the custom  page to the default Cisco page.  After entering the email on the Cisco page and click on accept it allows connectivity.     

  I opened a case and TAC had me make two different changes and it still did not resolve my problem.  I had to edit the login HTML file with the following in bold to resolve:
  Email AddressonKeypress="Javascript: if (event.keyCode==13) submitAction();">

• DMZ Anchor DHCP Issue

  Hello,
  I recently configured a DMZ Anchor controller and both control and data paths are showing 'up'.  When a user connects the the WLAN they are receiving an IP address from the foreign controller interface rather than the DMZ anchor which is configured for an internal DHCP server.  I have the guest WLAN configured with the management interface which has the controller's IP as the DHCP server.
  Any ideas?
  Thank you,
  Scott

  Could you please try enabling DHCP Proxy on Anchor Controller:-
   Controller > Advanced > DHCP > Enable DHCP Proxy
  When DHCP proxy is enabled on the Cisco WLC, the Cisco WLC unicasts DHCP requests from the client to the configured servers. Consequently, at least one DHCP server must be configured on either the interface associated with the WLAN or the WLAN itself.

• WLC 5508 HA Anchor DHCP issue

  Hi Cisco Support Community,
  I am currently notice some issues within my WiFi infrastructure.
  Our infrastructure is setup with a 8510 WLC high availability cluster (AP SSO) and a 5508 WLC high availability cluster (AP SSO) as mobility anchor within the DMZ zone.
  The issue I noticed is that if there is a switchover on the 5508 WLC high availability cluster the users wont be able to receive a DHCP IP address.
  I already read some of the other threads regarding this topic. (About Mobility Anchor: Policy Manager State = DHCP_REQD) (DHCP Anchor controller problem.)
  But unfortunately I was unable to find any solution for my issue.
  We currently have three SSID´s with anchoring active and I have noticed that only the SSID´s with layer 3 security enabled are affected by this issue.
  The one SSID with PSK and MAC Auth are not affected by this issue.
  I already checked the configuration for the SSID´s between the main controller and the anchor controller the SSID´s are configured the same except the breakout interface.
  Even the described SSID with PSK and MAC Auth configured uses the same breakout interface as one of our layer 3 security enabled SSID´s.
  The configuration works so far only in case of failover the clients connected to one of the SSID´s with layer 3 security enabled are unable to receive a IP address by the DHCP server.
  I also performed some troubleshooting for the client on the anchor side.
  I added part oft the troubleshooting outputs as workingssid.txt and notworkingssid.txt to this thread.
  Maybe one of you guys have some advice for me to address the issue.
  Thanks for your support in advance
  With kind regards
  Benedikt

  As far as your L3 roaming is concerned ,Make sure your using latest and most stable firmware for WLC,
  Make sure Mobility group are same and config on WLCs before switchover happens. Make sure if DHCP is out the network then option 43 is set and you are able to get ip from both WLC manually and able to ping. Make sure AP-manager interface virtual ip is set. Make sure SSO is enabled on both controller.
  Check the following link also.
  https://supportforums.cisco.com/discussion/11662541/layer-3-roaming-and-dhcp
  Please confirm and mark it correct answer if your issue resolved.

• Wireless and DHCP

  My colleague made a change to the wireless environment and I'm trying to understand why we observed the unexpected behavior I will now describe.
  Prior to the change, the port configuration for all of our HQ-based WAPs was this:
  interface Gix/0/z
    switchport trunk native vlan 198
    switchport trunk allowed vlan 198
    switchport mode trunk
  Vlan198 is the Vlan for the staff SSID.  The WAPs got their IP address from the same network as the staff wireless users.  Everything worked fine.
  My colleague wanted the WAPs to get their IP address from a different network (the same network that the WLCs use for the management interface).
  He changed the configuration of the switch ports for HQ-based WAPs to this:
  interface Gix/0/z
    switchport trunk native vlan 105
    switchport trunk allowed vlan 105,198
    switchport mode trunk
  After making this change, wireless users (staff SSID) were getting their IP address from the 105 VLAN.  I'm having trouble explaining this.  Regardless of how the trunk port is configured on the switch, shouldn't the tunneled traffic enter the WLC tagged with vlan 198 if its coming from the staff SSID?
  I don't know much at all about wireless so even though I can look through the management UI most of what I'm looking at is just guess work.  Please tell me if there are configuration elements from the management UI that you want to see and I'll post it to this thread.
  Regards,
  Steven

  Without changing the design of how your clients get DHCP or how the traffic flows on the network you will need to do the following:
  Log into the WLC
  Click on the Wireless tab
  Click on host name of an AP in the affected area
  Click on the FlexConnect tab
  Check the box for VLAN support (assuming it is not already checked)
  Enter 105 in the "Native VLAN ID" field
  Click Apply
  Go back to the FlexConnect tab
  Click on the VLAN Mappings button
  10. Enter 198 for the Staff SSID and click Apply
  Repeat the above steps for each AP in the affected area.
  I hope this helps.
  John

• Time Capsule - Join Wireless Network - DHCP

  So I have a Apple 1TB Time Capsule here. I have it joined to the wireless network that's existing using a Linksys WRT300n v1.1 as the router to the DSL line. The Time Capsule receives an IP address giving to it from the Linksys which is acting as a DHCP server. However, if I plug-in my printer or laptop to one of the Ethernet ports on the Time Capsule, they do not receive a DHCP address.
  If I check the setup of the Time Capsule in the AirPort Utility, on the Internet tab, then Internet Connection tab, the Connection Sharing is set to "Off (Bridge Mode)", which seems like it should pass the DHCP request from the printer or laptop to the Linksys and receive an IP back, but that doesn't seem to happen. Not sure why, wondering if anyone else has a suggestion.
  Also noticed that the Time Machine backups over the wireless are painfully slow. It took 12 hours to do a 2GB backup, no idea why, never been slow like this in the past before I was connected to the Linksys device.

  I have a similar setup (1st Generation Time Capsule). The TC is wirelessly connected to a Linksys WRT610N Simultaneous Dual Band Router.
  I have no problem seeing the TC on my network, or backing up to the TC. I however have a couple of devices in the same location as the TC in which I would like to connect via ethernet to the TC, but it is not assigning out an IP address via the wired connection(s).
  Any help would be appreciated.

• Wireless Anchor SSID for CWA ISE 1.3

  Hello Team,
  Trying to follow this guide: http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html#anc11
  We are trying to enable for a guest access with an anchored WLC.
  However when we create the SSID with mac filtering, the local WLC is putting the mac address of the client in to the excluded clients list, instead of passing on the auth to the foreign DMZ WLC anchor.
  I have created the SSID with correct anchors.
  Any Ideas? Maybe this option doesn't actually work with anchor?

  "However when we create the SSID with mac filtering, the local WLC is putting the mac address of the client in to the excluded clients list, instead of passing on the auth to the foreign DMZ WLC anchor."
  In the anchoring scenario, the AAA authentication comes from the Foreign not the Anchor as it is layer 2 authentication.
  Make sure your Local WLC is able to authenticate the user.
  Steve

• Anchor wireless setup

  Hello,
  We have been handed over a setup that involves a WLC running 7.0.230 and another WLC connected to this.
  Second WLC is having a different SSID compared to the first one.
  I was told this is known as anchor controller setup. I tried reading documentation, but due to my limited understanding couldn't understand this.
  What is anchor controller exactly means and which controller acts as the anchor ( the original controller or the second controller )?
  Secondly, following errors come up often and connections get disconnected,
  Controller ' 192.168.51.18'. All anchors of WLAN 'intuser' are down
  Message: Controller '192.168.51.18'. An anchor of WLAN 'intuser' is up.
  Please help with inputs on these. thank you all.

  Guidelines for Using Auto-Anchor Mobility
  Follow these guidelines when you configure auto-anchor mobility:
  •You must add controllers to the mobility group member list before you can designate them as mobility anchors for a WLAN.
  •You can configure multiple controllers as mobility anchors for a WLAN.
  •You must disable the WLAN before configuring mobility anchors for it.
  •Auto-anchor mobility supports web authorization but does not support other Layer 3 security types.
  •You must configure the WLANs on both the foreign controller and the anchor controller with mobility anchors. On the anchor controller, configure the anchor controller itself as a mobility anchor. On the foreign controller, configure the anchor as a mobility anchor.
  •Auto-anchor mobility is not supported for use with DHCP option 82.
  •When using the guest N+1 redundancy and mobility failover features with a firewall, make sure that the following ports are open:
  –UDP 16666 for tunnel control traffic
  –IP Protocol 97 for user data traffic
  –UDP 161 and 162 for SNMP

• Manual IP and DHCP conflicts

  My Barricade g died (SMC2804WBRP-G). I replaced it with an Airport Extreme (802.11g).
  With the Barricade g, I had manually assigned IP address to all the computers on the LAN (range 192.168.x.1-192.168.x.99). The router distributed IP addresses to the wireless clients via DHCP range (192.162.x.100-192.168.x.200)
  I've setup the AEBS to Distribute IP addresses and selected Share a single IP address (using DHCP and NAT).
  BUT, the AEBS is assigning some of the manual addresses to wireless client IP requests. Then the computer that is supposed to have a manual IP address doesn't have one. Basically, the manual and DHCP addresses are coming from the same pool and causing conflicts.
  How do I deal with manual IP addresses AND DHCP with this router?
  Thanks

  David,
  Thanks for the input. But, I may have misread my post.
  From my original post.
  'With the Barricade g, I had manually assigned IP address to all the computers on the LAN (range 192.168.x.1-192.168.x.99). The router distributed IP addresses to the wireless clients via DHCP range (192.162.x.100-192.168.x.200).'
  In other words, on the network, LAN=static IPs, Wireless clients=DHCP.
  You can have both static and DHCP on the same network.