WLC and Remote DHCP

I am having trouble getting DHCP working for a site connected using FlexConnect.
Here is my setup. I have a single 5508 Controller at one site using the 10.3.0.0 network. All AP's at that site are in local mode and use the local DHCP server, 10.3.0.2. Everything works fine there. Each site uses a different SSID as well.
At my second site, 10.4.0.0, all AP's there connect back to the controller at the site above and are in FlexConnect mode. The AP's work fine and the clients work fine there but they get an IP address on teh 10.3.0.0 instead of the 10.4.0.0 network. If i setup the SSID at this site to override the DHCP server settings and tell it to use 10.4.0.2, which is our local DHCP server, the clients dont get an address at all.
Is this simply a matter of setting an IP Helper address on the router where the WLC is located or is there more to it than that?

Hi and welcome to CSC
Correct, FLEXCONNECT mode is a lot like an autonomous access point. The traffic generated on a AP in flex mode stays local to the switch. Which means, DHCP happens local as well. You should put a helper on the local switch where the AP lives. Clients will get the IP address from the local location.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

Similar Messages

One WLC for Headquarter and Remote Site

Hi
I have a question about the WLC remote deployment.
We have the following design at the moment:
Headquarter
- Network 192.168.49.0 /24
- WLC 4402 Version 4.2.61.0
-- 3 x LAP1252
-- Layer 3 LWAPP
-- SSID wep
-- SSID wpa
- Windows PDC with Active Directory, DHCP Server and local Data Storage
- ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
Remote Site
- Network 192.168.50.0 /24
- 2 x LAP1252
-- SSID wep
-- SSID wpa
- Windows PDC with Active Directory, DHCP Server and local Data Storage
- ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
Connection between Headquarter and Remote Site
- 2 Mbit ADSL
The problem is, that the wireless clients on the remote site get an ip address out of the headquarter DHCP Range 192.168.49.0 /24. The users on the remote site
most of the time only use the local data server in the remote office. With the actual design the hole traffic is switched over the 2 Mbit ADSL connection the the
WLC in the headquarter and back to the remote site. That works but it is not that performant.
The problem could be solved with HREAP, but what I think is, that it is not possible to have the same SSID at headquarter and remote site with different VLANs.
How can I achieve, that the clients on the remote site connect to the same SSID (wep or wpa), get an ip address from the remote site DHCP server (192.168.50.0)
and the traffic is switched localy.
I hope you understand what the problem is.
Thanks in advance for your help!

Yes, putting the remote AP's in HREAP mode will allow the same WLANs to be available on the AP's but the traffic would be locally switched at the AP instead of being tunneled back to the controller. After you put the AP in HREAP mode you then would configure which VLAN you want traffic for each WLAN to be dumped onto for that AP.

Clients unable to connect and get DHCP - LAP1142N AP and 5508 WLC

Hi,
I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.
Now for the issue: The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.
Attached is a running config from one of the APs
I've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. However, I wanted to post this to see if there is any further assistance I can get on this. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
Thanks for any help.

Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
What is Mobility Anchor?
A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature.

WLCs 5508, HA enabled and Internal DHCP

Hi:
Designing a new project for a customer in which a pair of WLC-5508 and a bunch of AP-3602I will be deployed.
Controllers running 7.4 image, and I'd also like to use them as internal DHCP servers for clients in different WLANs
As for the redundancy mechanism I'd go for activating HA (AP-SSO) but I know HA and internal DHCP server can't coexist.
So, my question is: does anyone know if Cisco is thinking of implementing both features in any new version to come? The goal would be the Active controller handing over all leases database in case of active to standby switchover.
Thx!
Juan.

As you already know that HA and DHCP both cannot coexist on WLC. Till now there is no plan of cisco to implement this.

Routing and Remote Access VPN DHCP error

I have a strange problem.
I have a client that is using Server 2012 Standard.
On this server they have Routing and Remote Access configured for VPN client access. Their users that are working outside the office connect to the VPN to access the internal network.
The VPN works fine for the most part. Recently however, it has started having issues.
Periodically (about once every 8 days) I will hear from them that they cannot connect and that they get error 720. I will check the server and the server will have the following errors in the event log:
Warning: No IP address is available to hand out to the dial-in client.
If you check DHCP the server is running fine and will hand out local addresses but it will not hand out addresses to VPN clients. Also the addresses that it HAS previously handed out to VPN clients will not show in the address leases.
The solution strangly enough is to disconnect and reconnect a the VPN client connection that the server has connecting it to a offsite server that it does a SQL sync with.
Any ideas as to what might be causing this? If need be I can post more detailed logs but I am not sure what logs even to post or what data to collect.
Any help is greatly appreciated.

I am experiencing the same issue on a Windows 2008R2 SP1 RAS server. The above statement About increasing the lease time on DHCP does not resolve the problem.
I am also Searching for a Solutions to this issue.
Up to now I have done the Following :
1. Increased the scope/ cleared IP's in DHCP.
2. Ensure that the DHCP server is accessable.
3. Created a Manual Scope on RRAS configurations settings (then clients can connect but cannot access resources on the network). Changing Back to DHCP, you recieve the same 720 Error.
4. Stop and started the DHCP services on the DHCP Server.
5. Stop and Started RRAS Services on RRAS server.
The Only Indication is, that DHCP for some reason does not lease out Addresses to the RRAS server..

WLC Internal and External DHCP

I am currently using the Internal DHCP component within my 5508 Controller with software version 7.0.166.0. This seems to be working fine as the Vlan Routed interface connected to it via the Dynamic Trunk Port is functioning as l have the ip-helper command setup on this specific vlan interface..
My issue now is that we have a isolated ADSL Network which is configured off our Core 6513 but just as a Layer 2 Vlan so no traffic can be routed to other vlans.
With our new WIFI environment which consists of the 5508 Controller and numerous 3502 AP's we wont to utilize this ADSL vlan with our new WIFI environment.. This ADSL Vlan has a dedicated Linksys Router which is currently running DHCP and assigning addresses to clients at the moment..
What l want to do is configure the 5508 controller to use this ADSL vlan aswell but to also keep using the Linksys Router aswell for DHCP..
I have setup a new dynamic interface and added the ADSL Vlan ID to the Trunk port of the 5508 and also setup its own SSID. But for some reason l cannot get both the internal and External DHCP servers to work at the same time ? If l enable DHCP Proxy option on the 5508 the internal DHCP server works and when l disable DHCP Proxy the ADSL Vlan DHCP works through the 5508 but not the internal DHCP Server ??
Can l get both the internal and external DHCP servers to work in harmony or should l be focusing on using one method over the other ?

Hey Scott l have just tried configuring another scope for the L2 Vlan but it doesn't seem to be working when l add the ip address of the management interface which is the internal DHCP Server to the dynamic interface of this adsl network l have setup l dont seem to get a ip address within this scope ?
I am just wandering seeing it is just a L2 vlan without a routed interface would this be the problem and would need to set this up with the "ip helper-address" of the management interface ?
Cheers SG

Unplugging all network devices from Fios router prevents DVR freezing and remote control lock ups.

All,
I recently had a Verizon tech visit my house due to constant DVR and remote control freezing. TV content was freezing whether it was locally recorded, pulled from another DVR in the house, or On Demand. On a hunch after the tech tested everything and was about to leave, he unplugged my gigabit switch from the Fios router. Lo and behold everything started running perfectly. Since to the tech, the problem was solved, he closed the case and was on his way. The probem is of course I have more devices than the built in router switch provides ports for. My network is compised of an 8 port Netgear gigabit switch downstream from the Fios router with two wireless access points (with their own built in gigbait switches) connecting to the Netgear gigabit switch. There are no loops in the switch topology. I've tried changing out the router, the gigabit switch, removing the wireless acces points individually as well as plugging the access points directly into the Fios router switch (one at a time with no Netgear switch in the middle) and all scenarious cause the DVR/remote control freeezing to come back. The only devices I can plug into the Fios router without causing freezes are PC's....anything with it's own switch essentially brings the network to it's knees. If anyone has an idea how to get my network back in one piece AND make the DVR's/remotes behave, I'd greatly appreciate the help!
My Fios equipment:
MI-424WR GEN-3I rev I (eye) running firmware 40.19.36
5 Motorola HD-DVRs all QIP 7232-2 running software release 1.9.1 platform build 25.39 (Oct. 22, 2012)
Specific config:
75/35 Fios connecting via ethernet from ONT. Set-top boxes connect to Fios router coax port via powered splitter.
*All SNR/dB mesasurements taken by the tech from the set-top boxes and router are well within spec.
Fios router provides DHCP addressing. Wireless N access points are configured for roaming with the same SSID and non-overlapping channels. Access points are not providing routing or IP adressing...all layer 3 and up services still provided by Fios router
Diagram:
ONT
|
Fios Router ---------Cable Splitter---------Set Top Boxes
|
Netgear Switch
|           |
WAP1    WAP2

WayfarerII wrote:
... DVR ... remote ... freezing ... TV ... whether ... locally recorded, pulled from another DVR ...
... tech ... unplugged my gigabit switch from the Fios router ... and ... everything started running perfectly ...
... config:
75/35 Fios ... via ethernet from ONT ... Set-top boxes connect to Fios router via powered splitter ...
ONT
|
| cat5
|
Fios Router ---------Cable Splitter---------Set Top Boxes
|
Netgear Switch
|           |
WAP1    WAP2
I am inclined to echo several of the "tns" comments, particularly with respect to your splitter. My layout is based on a standard 8-port splitter of the type usually supplied in a VZ install. In addition I do have a ChannelPlus device that functions as a powered splitter, but its use is limited to distribution of secondary TV signals to older analog TVs. My first point then is that this may be an offender as "tns" has suggested.
In addition, I'd describe your wiring as "non-standard" (red-colored items in the above diagram)  As you're no doubt aware, with 75/35 you don't really need Cat5e from the ONT (your original diagram). It seems the highest tiers do require it, but in "standard" installations this run is coax directly to an 8-port non-powered splitter (below diagram), then from that splitter via coax to all STBs and CableCards, other TVs, et.), and also to the Actiontec.   Subsequent feeds from the Actiontec to wired devices (including WAPs) are via Ethernet (typically Cat 5e).
In fact I don't immediately see how your STBs get additional services such as On Demand and IMG with the wiring shown in your diagram (perhaps someone can help me out here). In "standard" installs the Actiontec must be connected via coax to the ONT to provide such services to other network clients. I don't see that requirement being met here.
For starters I'd recommend that you change your service from WAN Ethernet to WAN coax. This can easily be accomplished over the telephone. Then I'd run coax directly from the ONT to the Actiontec as in my revised diagram below (blue-colored items). If your setup can manage with this arrangement, I think it will help greatly with the "freezing" issue.
ONT - - - - - - coax - - - - -
                                         |
Fios Router --- coax--- Standard 8-Port Splitter --- coax --- Set Top Boxes
|cat5
Netgear Switch
|cat5          |cat5
WAP1 WAP2
Subsequent Note: You provided additional info while I was composing a response, and I'd like to offer another comment. Structured wiring "panels" of the type usually available are pre-configured to provide data, phone and video. This usually means that one is in certain respects limited by the ideas of the panel designer. I have what can be called a structured wiring layout, but it really is composed of individual small custom networks for each service (automation, security, video, data, telco, etc.), configured so that all wiring terminates in "home run" fashion at a central panel (a few details here: http://forums.verizon.com/t5/Home-Networking/Cmon-Show-Us-Your-Network/m-p/481733#M765 ). This layout makes it easier to make adjustments (and there have been quite a few over the intervening years). I'm thinking that in your case you may have to abandon the powered splitter (presumably) built into the panel in order to avoid your present fix.
Subsequent Subsequent Note:   From your description it seems that you are using more than a single "whole house" DVR to supply programming to other devices. This is a bit puzzling to me because somewhere along the line I recall reading that only a single whole house DVR was allowed on the network. Can you elaborate a bit?

ISE 1.2 With WLC and AD

Hi everyone,
What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
The wireless network is configured with 2 SSID (Staff and Guest)
Active Directory, DNS, DHCP, and NTP configured & synced.
ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
Please provide your thoughts and assistance.
Regards

You have to implement dot1x and radius between your NAD and ISE device.
Using the switch 3850, that are the steps:
username RADIUS-HEALTH password radiusKey1 privilege 15
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
!this password will be used to communicate with ISE and to verify reachability
!between ISE and Switch
aaa server radius dynamic-author
client 172.16.1.18 server-key 7 radiuskey
client 172.16.1.20 server-key 7 radiuskey
ip domain-name lab.local
ip name-server 172.16.1.1
dot1x system-auth-control
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 50
switchport access vlan 10
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip access-list extended ACL-ALLOW
permit ip any any
!the comm between radius and ise will occur on these Port
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
ip radius source-interface Vlan100
logging origin-id ip
logging source-interface Vlan100
logging host 172.16.1.20 transport udp port 20514
logging host 172.16.1.18 transport udp port 20514
snmp-server community ciscoro RO
snmp-server community public RO
snmp-server trap-source Vlan100
snmp-server source-interface informs Vlan100
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
!defining ISE servers
radius server ISE-RADIUS-1
address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
automate-tester username RADIUS-HEALTH idle-time 15
key radiusKey
Please be sure that NTP servers and time are synchronized.
enable dot1X on windows machine, or using cisco NAM.
you can enable debugging on aaa authentication to see the events.
you have to create this user on ISE (RADIUS-HEALTH).
3850#test aaa group radius username password new-code
and observe the result. You are supposed to have user authenticated successfully.
You Must also have define these device in ISE on the radius interface.
ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE.
administration-->network resources -->Network Devices-->Add
input the name
input the Ip address for radius communication
select the authentication settings and field the corresponding shared secret radius key
select snmp settings and select version 2c.
snmp community : ciscoro
you can customize the polling interval if you want and that all.
you are supposed to received message communication between your NAD and ISE.
After you can do the procedure for WLC device.
I will fill it after you have passed the first steps (3850 authentication).

HREAP and Remote Office VLAN

We have a corporate office which we have a 5508 WLC and 2 WiSMs (v7.0.116) and WCS (v7.0.172) and rolling out remote offices which will have 2 or 3 APs (1142N). I setup the first remote office with wireless using HREAP and its working well. Configuring the WLAN for the remote office we select an interface we created with the VLAN at the remote office and now that we are preparing for the next remote office can I use the same VLAN for the second office? For example, we are using local switching for a WLAN using VLAN 6 and will need the same at the second remote office.
Thanks for any help.
Jeff

if you are user FlexConnect, and are on 7.2 or better code on the WLC.
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954
If you are not using FlexConnect, which you said you weren't, the traffic doesn't get locally switched. it all is handeld at the WLC.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

WLC 5508 Internal DHCP server issues

Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name                   Port Vlan Id IP Address         Type        Ap Mgr        Gu
est
guest                                        1    301      10.255.255.30    Dynamic   No              No
management                          1    100      172.17.1.30        Static          Yes            No
service-port                              N/A N/A      192.168.0.1       Static         No               No
virtual                                        N/A   N/A      10.0.0.1              Static         No               No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID               Status    Interface Name
1        LAN                                    Enabled   management
2        Internet                               Enabled   management
3        Managment Assets          Enabled   management
4        Guest                                  Enabled   guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
       MAC                IP         Lease Time Remaining
00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central       <<<<<<<<<
H-REAP Authentication............................ Central       <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100           <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100

Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu

Server 2003 routing and remote access not passing VPN traffic

I've inherited a network that has two IP scopes that are routed through a Windows 2003 server with Routing and Remote Access. I can ping both sides (we'll call them HQ and Plant) internally. My firewall has an IP from the HQ IP scope and when
I connect via VPN, I can see all the devices on the HQ network including the network card that is in the routing server for that "side". However, if I'm connected via VPN, I cannot get to any of the IPs on the Plant side, not even the card
in the routing server. The buck stops on the server.
I should mention, that the firewall assigns IP addresses that are on the HQ scope, so all VPN connections will have an address from that side.
I'm lost on how to get this set up so my VPN traffic coming in from the HQ side can be routed to the Plant devices.

Hi,
To be honest, your statement confused me a bit.
VPN is used for external client get access to internal resource. When we setup VPN server, we usually have two NICs. We need choose a NIC that will be used when client initiate
a connection request. I prefer to call it external NIC card. The internal one will work as DHCP relay agent. So this is a single way connection. You cannot dial from internal to external.
If I misunderstood you, please elaborate what you are trying to do.
Hope this helps.

Routing and Remote Access Server 2012 r2 Help

Hi all, I just setup a new 2012 R2 server with DHCP, DNS and Routing and Remote Access. When a user logs in to the VPN the DHCP is assigning the wrong IP address. My DHCP Scope is 10.0.10.100 to 10.0.10.199 but it's setting it to 169.254.X.X.
How do I fix this.

169.254.x.x are APIPA addresses which are allocated when the guest cannot see the DHCP server/allocator. Basically there is something wrong with your RRAS setup.
You should never run a remote access server on a DC. It will give you all sorts of name resolution problems. As soon as a client connects, the server acquires an additional IP for the VPN connection and the DC is multihomed. That has been a problem
since NT days and still is.
Bill

Routing and Remote Access fails to install

Hello, I recently installed Windows Server 2008 beta 3 onto my new computer, which went smothly. I have ADDS, DHCP, DNS, IIS, Terminal Services, and Network Policy and Access Service installed and they all work perfectly. However, I recently tried to install Routing and Remote Access, but I got the following error message when I finished the configuration wizard: "Installation of the Routing and Remote Access Service failed because: Class not registered (80040154). Whats causing this, and how do I fix this?

I also have this trouble of an error when installing Routing and Remote Access "class not registered..."
It is a Windows Server 2008 RTM clean install.
Added machine to our Windows 2003 domain and then after reboot added Windows Powershell.
Logged in as domain admin and then when tried to add routing and remote access got the message described by everyone else.
Like others I need to know how to get over this problem.

WLC Guest Network DHCP run out of IPs??

Hello,
I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.
I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.
WLC4402
6.0.202.0
Thanks in advance!

That would be good, but right now there is not automated process to remove those clients.
If you are good with scripting, you could setup a script to pull the clients list, then parse it based on the authentication. Once you have that you can then do a client deauthenticate, and wipe the IP address lease as well.
Unfortunately, I can't be too much help as I don't really know scripting.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

OEAP and remote lan anchoring

Hi all,
can someone explain how to configure anchoring on a 'remote lan' wlan for the OE-solution?
That's my setup:
- DMZ:
2504-CTR with code 7.3.101.0
- Internal
5508-CTR with code 7.3.101.0
I've configured two WLAN's and anchored it to the internal Controlller => everything works fine
I also want to use the Remote Lan Port on the OEAP600. I've created a new WLAN on the DMZ-CTR and choosed Remote Lan from the drop down menu. On the internal CTR I've created also a new WLAN, choosed Guest Lan from the menu and mapped the egress-interface to an existing Wired-Interface.
When I now want to configure the anchor on the newly created remote lan on the DMZ-CTR, the problem is, that the menu is only showing 'remove', there is nothing with 'mobility anchor' or something like that.
So how can I create the EoIP-tunnel for the remote lan?
Thanks, Florian

They removed that feature starting on v7.2. I was told from TAC that it was broke and that it was decided to be removed. I have remote lans configured on v7.3, but it was because it was in place when the WLC's were running v7.0.x. They told me not to do the reverse tunnel like what your trying to do, but open the FW to the internal WLC and have that WLC manage the OEAP's.
I don't line the idea that they did this, because it does work but now I can't add, modify or delete the remote LAN.
Sent from Cisco Technical Support iPhone App

WLC and Remote DHCP

Similar Messages

Maybe you are looking for