WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100
Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu
Similar Messages
-
Hi,
A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged:
Internal DHCP ServerThe controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
In this case, the APs will not be in the same subnet as the Managment Internet.
Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)?
Thanks.#DHCP proxy needs to be enabled to use internal dhcp on WLC. WLC uses virtual ip for dhcp and they're unicast. So keeping the AP on L3 doesn't work with internal dhcp. dhcp for wireless client works due to the packets are sent to WLC via capwap.
#The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.
Ans: it is expected behavior irrespective of dhcp being internal or external, it is a feature and not disadvantage.
Cons:-
#can't have dhcp reservations.
#can't have option 43 or any other dhcp options.
#DHCP service can't be restarted, WLC reboot is required if needed to so.
#If Multiple WLCs used, need to create non overlapping scope on other WLCs as well.
#Wired clients cannot get ip from internal dhcp. So need to maintain separate network & dhcp server for wired network, and this require routing.
#From WLC GUI, Can't remove the client, need to use cli.
#WLC reboot may clear the dhcp lease, though not sure 100% -
WLC CT2504: Interface IP can not be used as internal DHCP server IP
Hello all,
I've got a new CT2504 controller with software version 7.0.220.0
Regarding to
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:
(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3
vlan401 Interface IP can not be used as internal DHCP server IP
It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 400
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.2.x.135
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
Scopes are defined and Proxy is enabled.
(Cisco Controller) >show dhcp summary
Scope Name Enabled Address Range
ap Yes 10.2.x.137 -> 10.2.x.140
intern Yes 172.16.x.20 -> 172.16.x.30
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behaviour: enabled
Has somebody an explanation for this issue?
Thanks in advance,
Regard,
RobertYou can use the internal dhcp, but you need to set the primary dhcp as the management ip. So in your dynamic interface, your primary dhcp is configure with the wlc management ip address. Dhcp proxy also needs to be enabled and is enabled by default.
Thanks,
Scott Fella
Sent from my iPhone -
Configuring the 3750G WLC to use the Internal DHCP Server
I want to use the Internal DHCP Server on a 3750G WLC to hand out IP's to gueat users. I'm having issues getting the DHCP server to hand out addresses for the guest network - any suggestions would be a great help.
Configuration Details are attached.Configuring DHCP
http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1293808 -
5500 Series WLC internal DHCP Server - Exclusion?
Hi there,
We're using the internal DHCP server on our 5500 Series WLC which works fine.
However on one WLAN we ran out of addresses so changed the subnet from a /25 to a /24.
The problem is that the router/gateway is still in the middle (124/125/126) and not easily changed.
I've moved the WLC interface to the top of the subnet (251) but the router is more difficult as its externally managed/controlled.
So is there a way we can create a DHCP pool of .1 through 250 on a /24 mask but exclude 124/125/126?
Thanks
Mike
PS - Router subnet masks were changed so can see whole subnet.Mike,
The WLC isn't a fully functional DHCP server, it only allows you to define what is in scope, not what is out of scope. Now if you have a cisco router/switch, you could use that for the DHCP server and specifically exclude the necessary addresses.
HTH,
Steve -
WLC 2006 INTERNAL DHCP FOR GUESTS CLIENTS
I would like to use the internal DHCP to issue ipaddress to the guest wireless clients.
However; when i setup the wlc internal DCHP scope and try to connect to the wireless guest vlan the WLC debug DHCP reads ...forwarding to 192.168.255.2 which i have listed as the gateway to the pix
any examples on how to do this would be great.
here is what i have for the dhcp scope:
Dhcp Scope Info
Scope: Guest.Data.DHCP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Here is what i have for the wlan
WLAN Identifier.................................. 2
Network Name (SSID).............................. Guest.Data
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Interface........................................ guest.data
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
--More-- or (q)uit
Radio Policy..................................... All
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
Management Frame Protection................... Ewhen i try to assocate the dhcp scope to wireless.guest.data interface using 192.168.255.1 which is the ip of the that interface it will not let me. I would have thought since i was using the interal dhcp that the .1 address would be the dhcp scope address also. i can assign 192.168.255.0 or 192.168.255.2(gateway)if i use .0 or .2 the dhcp request (discovery) process starts and then will forward to .2 (gateway) and never assign an address. the only thing that happens is that the client wireless interface will get 255.255.255.255 for a few seconds then go away.
what i am trying to accomplish is to connect the wlc port 2 directly to a pix 506 which goes to the internet so the guest traffice is not on our vlan.
any other suggestions on guest vlans would be appricated....
Tom
Interface Name................................... wireless.guest.data
IP Address....................................... 192.168.255.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.255.2
VLAN............................................. 150
Quarantine-vlan.................................. no
Physical Port.................................... 2
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Scope: wireless.guest.data.dhcp.server
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0 -
Does option 43 matter ? WLC5508 ver 7.2 using internal DHCP server
I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43. However, the access points are connected in just fine. Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ?
Thank you.Sorry I didnt make my question clear.
I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43.
When I connect a CAPWAPP Access Point to the network, it receives IP address from the WLC 5508 DHCP service just fine. It shows up in the access points list and users can connect to it no problem.
Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly ? -
WLC 2100 and DHCP strange issue.
Hi,
i have this scenario: 1 WLC 2100 and two LW AP 3500 connected. If the access points are connected via external switch evrything works well - AP and Clients get IP address from external DHCP and this is ok but when im connecting AP 3500 directly to one of ports on WLC i need to chceck in controller web Controller -> Advanced -> DHCP -> Enable DHCP proxy - after that AP get IP addres and clients get too but ip is assigned from external dhcp but the gateway is set as controller IP address (!!!) so clients not works. I want to configure access points connected directly do WLC.
I have small setup and i have configured all in the one vlan - management dla users are in the same vlan.
And the second is - for what usage is internal DHCP server - and how to use it?When "Enable DHCP Proxy" is not enabled tha LW AP 3500 cannot get IP address if it is connected directly to LWC... when i add this option then on both LW AP 3500 - one connected to WLC and second directly to switch give me DHCP address from external DHCP but gateway sets as LWC management IP.
I made test - connected client witout "Enable DHCP Proxy":
Client IP 192.168.1.201 (correct in dhcp server logs), default GW 192.168.1.1 (correct gateway for this DHCP) correct dnses and in windws ipconfig i see "Server DHCP 192.168.1.1" all is correct.
Disconnected client and clicked "Enable DHCP Proxy":
Client IP 192.168.1.201 (correct in dhcp server logs), default GW 192.168.1.252 incorrect gateway - ip of WLC management interface) correct dnses and in windws ipconfig i see "Server DHCP 1.1.1.1" that shows that WLC modified DHCP packets... but what it try to set default GW as WLC?
WLC data:
Software Version
7.0.98.0
I can attach screenshots and any other configutation if you need. -
Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
interface bvi1
ip address 192.168.1.205 255.255.255.0
no ip route-cache
exit
It would be the ..1. subnet.
Since the dhcp pool is set as:
ip dhcp pool GeneralWiFi
network 192.168.1.0 255.255.255.0
lease 1
default-router 192.168.1.1
dns-server 8.8.8.8
exit
There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve -
Background:
Initially there were 3 SSIDs configured but all of them were assigned a single interface and this interface was configured with the controller management IP address as DHCP server so that the WLC could assign IP addresses to wireless clients, guns and printers etc.
Issue:
As part of PCI initiative, we decided to segment the traffic in multiple subnets based on type of wireless clients; so now there are 3 interfaces configured and each SSID is assigned a specific dynamic interface and each interface is configured to use the controller management IP address as DHCP server.
There are 3 scopes configured for each of the dynamic interfaces/SSIDs and DHCP proxy is enabled but wirelss clients are still being allocated IP addresses from the original DHCP scope that was associated with the dynamic interface originally assigned to all 3 SSIDs.
What am I missing here?
I verified the following:
1. Each SSID is assigned a different dynamic interface (Users, Voice and Handhelds)
2. Each dynamic interface is configured to use controllers management IP address as DHCP server
3. DHCP scopes configured with correct network information for each dynamic interface and enabledAs mentioned in my first post, I am using the management interface IP address of the controller as the DHCP server in the configuration of all the dynamic interfaces.
I have not configured the override DHCP option in the WLAN configuration becuase I have specified the internal DHCP address in the dynamic interface.
But I did check the AP group configuration and there I found that the SSID is not assigned to the correct dynamic interface even if the WLAN configuration is correct.
I will change the AP group configuration to correct this. Thanks! -
WLC 5760 with internal DHCP server, clients no get IP address
Hi all,
I have 2 Cisco 5760 WLC (active-standby) IOS-Xe 03.03.03SE with one WLAN.
sh wlan summary
Number of WLANs: 1
WLAN Profile Name SSID VLAN Status
1 Invitados_ADSL Guest 905 UP
sh vlan
VLAN Name Status Ports
1 default active Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
Te2/0/4, Te2/0/5, Te2/0/6
100 VLAN0100 active Te1/0/1, Te2/0/1
101 Planta_1 active
905 Internet active Te1/0/2, Te2/0/2
The DHCP server is internal.
Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
The workaround done by me to solve the issue is “clear ip dhcp binding *”.
Some days later the problem appears again.
I see this bug with a similar problem:
NGWC blocks DHCP traffic if wireless broadcast disabled
CSCun88928
Description
Symptom:
Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
Conditions:
Seen on 3.3.2 IOS-XE
Workaround:
Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
OR
Enable "wireless broadcast" globally
My DHCP configuration is:
ip dhcp relay information trust-all
ip dhcp snooping vlan 905
ip dhcp snooping
ip dhcp excluded-address 172.16.0.1 172.16.0.19
ip dhcp excluded-address 172.16.1.250 172.16.1.254
ip dhcp pool Invitados
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 212.66.160.2 212.49.128.65
lease 0 8
I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
DHCP Snooping and Trust Configuration on CT5760
ip dhcp snooping vlan 100, 200
ip dhcp snooping wireless bootp-broadcast enable
ip dhcp snooping
interface TenGigabitEthernet1/0/1
description Connection to Core Switch
switchport trunk allowed vlan 100, 200
switchport mode trunk
ip dhcp relay information trusted ip dhcp snooping trust
interface Vlan100
description Client Vlan
ip dhcp relay information trusted
My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
Thanks in advance.
Regards.
DYes, test it with the command you mentioned
ip dhcp snooping wireless bootp-broadcast enable
HTH
Rasika
**** Pls rate all useful responses ***** -
5508- Internal DHCP - Two SSID
Hi,
We have something strange...
We created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
Is this a limitation or do you have a clue to solve this problem ?
Thanks,
Regards,Hello,
Thanks for your reply,
In fact different clients can't connect to this SSID. But they can connect on another SSID from same WLC, so it doesnt seem to be a driver problem.
It's mapped on the correct interface, and the MFP is optionnal.
You wil find below the two WLANS configs, the first is OK, clients (laptops, iphone) can connect, on the second one the clients can't connect:
SSID OK:
WLAN Identifier.................................. 3
Profile Name..................................... DATA
Network Name (SSID).............................. XXX_UTILISATEURS
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 5
Exclusionlist Timeout............................ 30 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
SSID NOT OK:
Note that we tried to force dhcp server ip address as we thought that the problem came from the dhcp server...
WLAN Identifier.................................. 7
Profile Name..................................... Iphone
Network Name (SSID).............................. XXX_Smartphone
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... 128.10.1.20
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
I begin to believe that there is a mismatch with the WPA2-PSK key > the client has setup the WLC and SSID and gave me the WPA2-PSK...
Thanks a lot,
Best Regards,
Gerald -
Internal DHCP Server on Wireless not working
Hi community,
I'm facing some problems to setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
I have 2 networks: inside users (vlan 1) and external users (vlan)
My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
I have 2 SSID, one for inside, other to outside. Inside is working very well.
To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
Managemente interface (vlan 1 inside): 192.168.3.119/24
Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
I alredy checked the DHCP Proxy in Advanced option.
See the output of the debug client:
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug client 00:27:10:ce:38:e8
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Association received from mobile on AP a4:18:75:03:e0:c0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Global 200 Clients are allowed to AP radio
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Re-applying interface policy for client
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1851)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3883 setting Central switched to TRUE
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 In processSsidIE:3886 apVapId = 2 and Split Acl Id = 65535
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying site-specific Local Bridging override for station 00:27:10:ce:38:e8 - vapId 2, site 'default-group', interface 'externo-embratel'
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Applying Local Bridging Interface Policy for station 00:27:10:ce:38:e8 - vlan 10, interface id 12, interface 'externo-embratel'
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 STA - rates (8): 140 18 152 36 176 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 Processing RSN IE type 48, length 22 for mobile 00:27:10:ce:38:e8
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMsRunStateDec
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 apfMs1xStateDec
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Initializing policy
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_2: Mar 26 17:45:11.390: 00:27:10:ce:38:e8 192.168.3.206 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfPemAddUser2 (apf_policy.c:273) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 Sending Assoc Response to station on BSSID a4:18:75:03:e0:c0 (status 0) ApVapId 2 Slot 1
*apfMsConnTask_2: Mar 26 17:45:11.391: 00:27:10:ce:38:e8 apfProcessAssocReq (apf_80211.c:6719) Changing state for mobile 00:27:10:ce:38:e8 on AP a4:18:75:03:e0:c0 from Associated to Associated
*pemReceiveTask: Mar 26 17:45:11.393: 00:27:10:ce:38:e8 192.168.3.206 Removed NPU entry.
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Creating a PKC PMKID Cache entry for station 00:27:10:ce:38:e8 (RSN 2)
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Resetting MSCB PMK Cache Entry 0 for station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Setting active key cache index 8 ---> 0
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Adding BSSID a4:18:75:03:e0:ce to PMKID cache at index 0 for station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: New PMKID: (16)
*dot1xMsgTask: Mar 26 17:45:11.394: [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Initiating RSN PSK to mobile 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 dot1x - moving mobile 00:27:10:ce:38:e8 into Force Auth state
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Skipping EAP-Success to mobile 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Found an cache entry for BSSID a4:18:75:03:e0:ce in PMKID cache at index 0 of station 00:27:10:ce:38:e8
*dot1xMsgTask: Mar 26 17:45:11.394: Including PMKID in M1 (16)
*dot1xMsgTask: Mar 26 17:45:11.394: [0000] 61 96 e0 14 b9 0c c9 ca b2 e0 b7 0a 63 83 15 0d
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Starting key exchange to mobile 00:27:10:ce:38:e8, data packets will be dropped
*dot1xMsgTask: Mar 26 17:45:11.394: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.396: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Received EAPOL-key in PTK_START state (message 2) from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.397: 00:27:10:ce:38:e8 Sending EAPOL-Key Message to mobile 00:27:10:ce:38:e8
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-Key from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 Stopping retransmission timer for mobile 00:27:10:ce:38:e8
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.399: 00:27:10:ce:38:e8 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP a4:18:75:03:e0:c0 vapId 2 apVapId 2 flex-acl-name:
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 apfMsRunStateInc
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Reached PLUMBFASTPATH: from line 5982
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP a4:18:75:03:e0:c0, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID =
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 10, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_0: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Mar 26 17:45:11.400: 00:27:10:ce:38:e8 192.168.3.206 Added NPU entry of type 1, dtlFlags 0x0
*pemReceiveTask: Mar 26 17:45:11.401: 00:27:10:ce:38:e8 Pushing IPv6: fe80:0000:0000:0000: 893c:4ed3:f9a0:b90f , and MAC: 00:27:10:CE:38:E8 , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x..195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 0, flags: 8000
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:11.445: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 768, flags: 8000
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:14.647: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP received op BOOTREQUEST (1) (len 331,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 1 - 192.168.3.119 (local address 200.x.x.195, gateway 200.x.x.193, VLAN 10, port 1)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP xid: 0x464542f7 (1178944247), secs: 3072, flags: 8000
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP chaddr: 00:27:10:ce:38:e8
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP siaddr: 0.0.0.0, giaddr: 200.x.x.195
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP requested ip: 192.168.3.206
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 200.x.x.195 VLAN: 10
*DHCP Socket Task: Mar 26 17:45:23.590: 00:27:10:ce:38:e8 DHCP selected relay 2 - NONE
(Cisco Controller) >
What can be wrong?
Thank you in advanced.Hi Plinio,
I see your device connected twice. it connected to the first SSID successfully and I can see it got IP 192.168.3.206.
Then it tries to get an ip from the other scope!! (while as the debugs show it is already connected and in RUN state).
That is strange!!
a question: do you have DHCP required enabled under your WLAN?
Rating useful replies is more useful than saying "Thank you" -
Hi,
Apologies if this has been answered before. I did a search, but unable to find anythimg.
What I would like to do is be able to have a WLC 5508 as the local RADIUS DB and authenticator, but then be able to have an ACS server in a central location as a backup and then replicate between them.
In other words set up groups for my remote sites in the central ACS server, which then replicates only the correct group to the remote sites. This allows less adminstrative overhead, as we just update the central one.
Is this possible and how would I configure the WLC to do this ?
ThanksHi,
if I understood your request, you want to replicate user information between an ACS and a WLC right ?
That's impossible.
ACS can only replicate with other ACS running the same version. No other ways of synchronization exists.
Regards,
Nicolas
===
Don't forget to rate answers that you find useful -
Hi,
We are facing a very weird issue with one of our DHCP server. The DHCP server is Windows 2008 Server. We have configured the scope. The clients are getting the IP address from DHCP server, and the lease is showing in the DHCP console. But after some time
the Lease information gets removed from DHCP Server Console. The client still keeps that IP and we can ping that PC. Lease information keeps coming and going from Console. If I check the DHCP log file I can see that DHCP server is assigning same IP to same
host again and again.
Sometime the same IP gets assigned to other PC and IP conflict occurs. We have tried changing the DHCP server but same issue.
Please suggestHi,
You referred the issue occurred on one of the DHCP servers. Could you tell the relationship among the issued on and the others?
Can you share a snippet log file that is unusual?
Meanwhile, you can try the articles. Especially for the subtitle “The DHCP server appears to have suffered some data corruption or loss.”
Troubleshooting DHCP servers
http://technet.microsoft.com/en-us/library/cc779112(v=ws.10).aspx#BKMK_4
Maybe you are looking for
-
Hi, I've a split App and I want to refresh the a viz chart in the detail view by selecting a different item of the master view. My viz chart is built by calling the function showCharts of the detailController. I've tried to refresh the model of the v
-
IPod Causes Computer to Reboot
This happens on occasion, but it's starting to get to me... My computer will sometimes reboot when I plug in my iPod... I would like to point out a few things about my configuration. To make my computer faster, I disabled a lot of services in Windows
-
Rename custom list 2013 accessed by another custom list
When I am working with 2 custom lists in SharePoint 2013, listb refers to select columns in lista by using a lookup column in lista. I accidently changed the name of custom list #1. Due to that fact, I went into the list settings and selected the col
-
How can I use urdu in n95?
any body can help me? How can I use urdu language in n95 ?
-
Hello! I started to render a pretty easy animation 13 days ago. The animation is 4.30 minutes long, and there's no 3d involved. Only illustrations from Illustrator and some textures. After these 13 days of rendering, and finishing 4 minutes, it felt