WLC not pass DHCP past bridged units
I have a WLC 5508 with LWAP 1242 with wireless bridges connected to the APs I cannot get DHCP to pass through the bridge to the PC connected to the bridge.
Some third-party WGBs need to operate in non-DHCP relay mode. If problems occur with the DHCP assignment on devices behind the non-Cisco WGB, use the following commands:
–config dhcp proxy disable
–config dhcp proxy disable bootp-broadcast disable
The default state is DHCP proxy enabled.
the above commands introduced from 7.0.116.0.
Similar Messages
-
AP 1231G Not Passing DHCP to clients
Hello My company AP 1231G is not passing the DHCP address to the client from the DHCP server can you please advise on my config listed below
basicly the AP is on its own VLAN 10.1.123.1 and the DHCP server is 10.1.10.2 -- trying to use iphelper to pass DHCP to clients and the AP is on static IP 10.1.123.2--
! Last configuration change at 13:15:56 +0800 Fri May 25 2012 by root
! NVRAM config last updated at 13:15:56 +0800 Fri May 25 2012 by root
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXXXXXXX
clock timezone +0800 8
ip subnet-zero
no ip domain lookup
ip domain name XXXXXXXXXXXXX
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
dot11 ssid XXXXXXXXXX
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii XXXXXXXXXXXXXXXXXXXXXXX
dot11 arp-cache optional
username root privilege 15 password XXXXXXXXXXXXXXXXXXXXX
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid XXXXXXXXXXX
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
channel 2432
station-role root access-point
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.123.2 255.255.255.0
ip helper-address 10.1.10.2
ip default-gateway 10.1.123.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
snmp-server view dot11view ieee802dot11 included
snmp-server view ieee802dot11 ieee802dot11 included
snmp-server community public RO
snmp-server community private view undefined RW
bridge 1 route ip
line con 0
terminal-type teletype
line vty 0 4
terminal-type teletype
sntp server 114.80.81.13
sntp broadcast client
endRoan:
Where is your DHCP server configured (swtich, firewall, 3rd party server..etc)?
Does it work correctly if the AP IP on same subnet and ip-helper is not being utilized? -
WET200-WET200 Bridge not passing DHCP Requests
Hi,
We have setup a bridge between two of our offices using two WET200's in adhoc mode. Everything is connected fine and the signal strengh is good. All traffic pass's over the bridge correctly but DHCP requsts/replys seem to be failing to traverse the bridge. Our DHCP server is hosted on site A and the computers on site B fail to obtain thiers IP's from the dhcp over the bridge requiring us to use static IP's.
Firmware is currently the latest.
Has anyone managed to resolve this issue?
Thanks
NickMr. Muir,
What version of firmware are you running on the wet200's?
If the latest, have you downloaded a fresh copy of the 2.0.3.2 and backed up your configs/ reflashed the firmware/ factory reset the device/ and reloaded the configuration.
I would try this on both devices and let us know if your still having the same issue. -
5508 WLC not releasing DHCP addresses
Have a WLC 5508 running 7.0.230 with internal DHCP server. Timeout is 3600 seconds. The IP addresses never seem to be released.
The controller will show 70 clients but 254 addresses will be assigned. Has anyone else experienced this problem?#Check "Lease remaining time" change in this value on the WLC for the clients that are not currently connected and already connected to it. Watch if its getting removed/refreshed once the lease time is expired.
#Cross reference with cli as well.
#If its an open wlan, client pass by will get an ip, so what admin seeing could be new client keep coming in and its an expected behavior.
#Find if time is static or client's dhcp entry doesn't remove once lease time expired.
#Per design, WLC doesn't release the internal dhcp ip when the client sends deauth to WLC, however, it should when the timer gets expired for clients that were currently not connected. -
1142 Autonomous AP not passing DHCP address to clients
Hi there,
I do hope someone can help me out here because I am having a nightmare with a single AP.
Setup is as follows:
5 existing APs already on site, all working correctly plugged into a 48 port 2960, (non poe).
customer wants to add another AP to extend capacity.
Installed AP, (config attached) mirrored switchport settings, (below) and fired it up.
Outcome: if you are on a static IP or have received DHCP through another AP then everything works as it should. But DHCP requests are never fulfilled if connected through this AP. (this goes also for a laptop with an existing DHCP address if you go through the \release \renew process) DHCP is served by a server living on the switch.
The AP lives on VLAN 2, hence native .2 on both ends, and wireless clients should recieve a VLAN 1 address. All the other APs, (1131s) are working without a problem and this is driving me NUTS! Have been through configs and every screen of the GUI but cant find any difference in set up. Apart from different AP models the new one is on a pwrinj4 while the others are on pwrinj3's.
Switchport settings:
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
AP Config
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
aaa authorization network default local
aaa session-id common
dot11 vlan-name *** vlan 1
dot11 vlan-name *** vlan 2
dot11 ssid ***
vlan 1
authentication open
authentication key-management wpa optional
wpa-psk hex ***
username manager privilege 15 password ***
username user privilege 0 password ***
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
channel 1
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
no dfs band block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
interface dot11Radio 0
ssid ***
no shutdown
interface dot11Radio 1
ssid ***
no shutdown
power inline negotiation injector installed
interface BVI1
ip address 10.25.97.245 255.255.255.0
no ip route-cache
ip default-gateway 10.25.97.1Hi Scott,
Yes, the only difference is as this is a 1142 I was instructed to put it onto one fo the Gb ports. I tried the Ap on a known working port to rule out switch config to no effect.
Here is the extended switch config:
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
Not sure about the spanning tree settings on the others: I didnt set those up and am a great believer in the "if it aint broke, dont fix it" maxim! -
Access Points Not Passing DHCP to Clients
I have a 50+ access point deployment, all in a single VLAN (DMZ), across a dozen buildings. We recently experienced wierdness of the following sort. Clients would request DHCP request, DHCP servers would forward requests, which would not get passed from the AP to the clients. We could verify that DHCP and all other parts of network were fine. I had to cold boot each AP to clear the condition. I could find nothing in this mix of 350s and 1200s or the spectrum that would indicate an obvious attack... Couldn't find where to start looking for any tables that were full, or any real place to look for some other reason for this. Yet after cold boot- all is well.
Any thoughts, in case it happens again?Hi Guys,
I am having a similar problem to you, however i can get authentciated via LEAP, but dont seem to get an IP adderss from the radius server.
My setup is very simple as i am at the design stage. We have a Cisco AP 1200 (2.4 and 5.0 GHZ) and we are using FUNK steel belted RADIUS server. LEAP authentication works fine and i can see the association on the AP. The wirless client (HP W400 integrated Wireless cards) shows that it has been authenticated successfully too. However no IP is being received. We have a IP Pool configured on the SBR server and the SBR server shows that it has issued an IP address.
Next step was to place a sniffer and capture the packets. The capture shows the radius requests and challenges and in the very last ACCEPT packet we can see that the SBR has issued an IP address.
I am confused as i cant see anything on AP that would block the IP address. There are also a few attributes showing as "unknown" in the sniffer trace, so im not too sure wgats going on.
Can anyone help. The IOS is 12.2 (13) JA -
Vlan traffic is not passing through Wireless Bridge
Hi,
Recently we have placed wireless bridge in our network (Cisco AIR-BR1410A-E-K9 model). Now after installing the bridge we are facing the issue like only the management interface traffic is reachable through bridge, but not able to reach other vlan traffic.
like management range is in vlan 1 (which inlcudes AP' Switch and router) and the bridge IP's are also in Vlan 1.
Switch port is kept in trunk mode both ends of bridge. still other vlan traffic is not reachable, do we have to place any special configuration for this ?
all the business users are in Vlan 3
all the sale team users are in vlan 123.
now problem is other end switches are reachable for me through bridge that is in vlan 1, but vlan 3 and vlan 123 are not reachable for me.users are not getting IP's, when we assigned the static ip address and tested still it is not working.
i am attaching my wireless bridge configuration in the discussion, please help on this issue.
Root Bridge ---- Non--Rootbridge--- Cisco Switch--Cisco Switch..
now i am able to those two switch also, but not able to reach the vlan 3 users who are connected to that switches.Hi,
infrastructure-ssid has been placed at both end still not able to get IP's to the devices.
I am not able to attach txt files in the reply, could you please let me know your email ID so that i will send the config files to your ID. -
1 port on 2960 wont pass DHCP onto client
I am stumped on this one. I have a PoE 2960 that connects a few phone/workstation pairs to the network. All of them work correctly except for one...
For example, the good / working configs look like this on the interfaces:
interface GigabitEthernet1/0/45
description _X211
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
And.....
interface GigabitEthernet1/0/38
description _X208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
The port that is not passing DHCP info onto the client is this one:
interface GigabitEthernet1/0/12
description _X209
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
What am I missing? This worked fine until last week when this site was connected via a trunk to another site (they used to connect via IPSec tunnel, but now have a dedicate link). As far as I can tell, that should not have effected this...and if it did effect this why didn't it effect any of the other ports?
The complete show run:
Building configuration...
Current configuration : 10102 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ...
boot-start-marker
boot-end-marker
no logging console
enable secret 5 ...
enable password 7 ...
no aaa new-model
clock timezone EST -5
switch 1 provision ws-c2960s-48lpd-l
ip name-server 10.1.0.10
ip name-server 10.0.0.10
vtp domain ...
vtp mode transparent
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 8,16,21,48,52,100-101,104,112,120,128,500,900,999
interface Port-channel1
description ...
switchport access vlan 500
interface FastEthernet0
no ip address
interface GigabitEthernet1/0/1
description PHONE_x204
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/2
description PHONE_x212
switchport access vlan 16
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/3
description voice vlan 52
switchport access vlan 16
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/4
description RUCKUS_WAP
switchport trunk native vlan 104
switchport mode trunk
interface GigabitEthernet1/0/5
switchport mode trunk
interface GigabitEthernet1/0/6
description PHONE_x205
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/7
switchport access vlan 16
interface GigabitEthernet1/0/8
switchport access vlan 21
switchport mode access
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
spanning-tree portfast
interface GigabitEthernet1/0/9
description PHONE_x206
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/10
switchport access vlan 16
interface GigabitEthernet1/0/11
switchport access vlan 16
interface GigabitEthernet1/0/12
description ..._X209
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/13
description PHONE_x208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/14
description HP_OFFICEJET_PRO_8600
switchport access vlan 21
switchport mode access
interface GigabitEthernet1/0/15
switchport access vlan 16
interface GigabitEthernet1/0/16
description PHONE_x203
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/17
switchport access vlan 16
interface GigabitEthernet1/0/18
description PHONE_x202
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/19
switchport access vlan 16
interface GigabitEthernet1/0/20
switchport access vlan 16
interface GigabitEthernet1/0/21
switchport access vlan 16
interface GigabitEthernet1/0/22
description ..._X212
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/23
switchport access vlan 16
interface GigabitEthernet1/0/24
switchport access vlan 16
interface GigabitEthernet1/0/25
switchport access vlan 16
interface GigabitEthernet1/0/26
switchport access vlan 16
interface GigabitEthernet1/0/27
switchport access vlan 500
channel-group 1 mode on
interface GigabitEthernet1/0/28
switchport access vlan 16
interface GigabitEthernet1/0/29
switchport access vlan 500
channel-group 1 mode on
interface GigabitEthernet1/0/30
switchport access vlan 16
interface GigabitEthernet1/0/31
description SNAPBACK
switchport access vlan 500
interface GigabitEthernet1/0/32
switchport access vlan 16
interface GigabitEthernet1/0/33
switchport access vlan 16
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/34
switchport access vlan 16
interface GigabitEthernet1/0/35
description PHONE_x201
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/36
description PRINTER__OFFICES
switchport access vlan 21
interface GigabitEthernet1/0/37
switchport access vlan 16
interface GigabitEthernet1/0/38
description ..._X208
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/39
switchport access vlan 16
interface GigabitEthernet1/0/40
switchport access vlan 16
interface GigabitEthernet1/0/41
switchport access vlan 16
interface GigabitEthernet1/0/42
description CARD_ACCESS_SYSTEM
switchport access vlan 48
interface GigabitEthernet1/0/43
description SIP_PHONE
switchport access vlan 52
interface GigabitEthernet1/0/44
description PANASONIC_PHONE
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/45
description TECH_TBD_PHONE_X211
switchport trunk native vlan 16
switchport mode trunk
switchport voice vlan 52
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
spanning-tree portfast
interface GigabitEthernet1/0/46
switchport access vlan 16
switchport mode access
interface GigabitEthernet1/0/47
description RUCKUS_WAP
switchport trunk native vlan 104
switchport mode trunk
interface GigabitEthernet1/0/48
description site-to-site-link
switchport mode trunk
interface GigabitEthernet1/0/49
interface GigabitEthernet1/0/50
interface TenGigabitEthernet1/0/1
interface TenGigabitEthernet1/0/2
interface Vlan1
ip address 10.0.1.254 255.255.255.0
interface Vlan48
ip address 10.0.48.254 255.255.255.0
interface Vlan52
ip address 10.0.52.254 255.255.255.0
interface Vlan101
ip address 10.0.101.254 255.255.255.0
interface Vlan128
no ip address
interface Vlan500
ip address 10.1.0.7 255.255.255.128 secondary
ip address 10.0.0.126 255.255.255.128
ip default-gateway 10.0.101.1
no ip http server
no ip http secure-server
logging 10.1.0.10
banner login ^CC
UNAUTHORIZED LOGIN PROHIBITED
^C
line con 0
exec-timeout 15 0
password 7 ...
logging synchronous
login
line vty 0 4
exec-timeout 15 0
password 7 ...
logging synchronous
login
length 0
line vty 5 15
exec-timeout 15 0
password 7 ...
logging synchronous
login
ntp clock-period 22519016
ntp server 198.60.73.8
endI removed the line:
switchport trunk native vlan 16
From that port, but I am still not receiving DHCP info on the client.
As a workaround I have set a static IP on the phone. I am still unable to get the workstation (in this case a laptop) to get on the network even setting a static address. I put it onto the wireless for now to get them up and running.
This is quite odd. Any idea what I could try to adjust on that port? -
Guest LAN and DHCP Options not passing through
Managed to get the Guest LAN up and running for wired clients and all's working well. Users are sat behind a proxy and if I force the use of a appropriate wpad file I can get the WLC auth to happen and then push off to the proxy.
I'm trying to use option 252 in DHCP to present the WPAD url. Only issue that happens is that while the DHCP server on the egress interface is handing out addresses to clients on the ingress interface correctly, the WLC doesn't appear to be handing through the option 252 I have set in DHCP. I've used network monitor to see what the dhcp request process is dishing out in terms of options, and all look good if I'm not behind the WLC.
Anyone know if theres a limitation on the WLC that prevents DHCP options being passed through to the guest LAN?
TIAWhen configured as a DHCP server, some of the firewalls do not support DHCP requests from a relay agent. The WLC is a relay agent for the client. The firewall configured as a DHCP server ignores these requests. Clients must be directly connected to the firewall and cannot send requests through another relay agent or router. The firewall can work as a simple DHCP server for internal hosts that are directly connected to it. This allows the firewall to maintain its table based on the MAC addresses that are directly connected and that it can see. This is why an attempt to assign addresses from a DHCP relay are not available and the packets are discarded. PIX Firewall has this limitation.
For more information please refer to the link-http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml -
DHCP Server is not passing out DHCP Leases
I can't seem to figure out why DHCP server is not passing out DHCP lease a client?
Also I can't seem to figure out why NVI0 interface is UP? I have setup another box similarly and NVI0 is down on that and the DHCP server is working fine on that too. Strange!
I am working on CISCO 881 VPN Router...Please have a look at it and let me know. Thanks
Here is the configuration in the box...
sh run
Building configuration...
Current configuration : 6543 bytes
! Last configuration change at 17:09:54 CST Fri Sep 14 2012 by XXXXX
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXX
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone CSTime -6
clock summer-time CST recurring
crypto pki trustpoint TP-self-signed-3079619067
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3079619067
revocation-check none
rsakeypair TP-self-signed-3079619067
crypto pki certificate chain TP-self-signed-3079619067
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303739 36313930 3637301E 170D3132 30393134 31393231
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373936
31393036 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100993C D622004B F3AEA1E5 81106C28 36EC52D0 5435ABC3 8912095F 3641168A
B67D97AF AEB43CF3 00A00EB5 702FA355 9F58EBEF F42294DC 0E32CF40 E17D372A
3BC36401 55EDBA5C 910B7A51 89D709A8 7EAB3FF0 E4C99D34 CBE3F316 069C0E16
BC284055 35E3D762 463DABF6 852C4E7A D2EF45A4 21F08689 4DF17870 9E2A6C27
1BFB0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A506F70 6C617276 696C6C65 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 64EA4CAE 2029E4C2 702584C6 B5732464
5C9DA38A 301D0603 551D0E04 16041464 EA4CAE20 29E4C270 2584C6B5 7324645C
9DA38A30 0D06092A 864886F7 0D010104 05000381 81006C27 96E06B83 04DBDA81
EEB0AF35 84ED370E A8C9694E F9B9326D 69CB1043 9C396D7B 760D252F 4881926D
878E434F 9AFC3E6D A5BF43F2 E619D6EC F45C039A 5FFB478F A99F7EE5 274E37D5
11976FDE 823FD1A9 700203E5 67A329B3 F4CF45F0 245757C8 E2349276 B13414D1
017616FA 38A40BA8 42545AC5 C7676D21 29E4F491 CADB
quit
ip source-route
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.100.101
ip dhcp excluded-address 192.168.1.254
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool Internal_Network
network 192.168.1.0 255.255.255.0
dns-server 192.168.100.254
default-router 192.168.1.254
ip cef
ip domain name yourdomain.com
ip name-server 192.168.100.254
no ipv6 cef
license udi pid CISCO881-K9 sn FTX1604828T
username XXXXX privilege 15 secret 5 $1$QEcR$96cmvs/h/.05G6BnorcWG/
username XXXXX secret 5 $1$PQQ1$3.Vin0i/2uZ/KD0xEJ8GC.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group YYYYYYY
key XXXXX_XXXXX_XXXXX
pool VPN-Pool
acl VPN-Access-List
crypto isakmp profile vpn-isakmp-profile-1
match identity group YYYYYYY
client authentication list vpn_xauth_ml_1
isakmp authorization list vpn_group_ml_1
client configuration address respond
virtual-template 2
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN_INTERFACE
ip address 192.168.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
interface Vlan1
description VLAN1_INTERFACE
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool VPN-Pool 192.168.1.151 192.168.1.200
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.100 21 192.168.100.3 21 extendable
ip nat inside source static tcp 192.168.1.100 80 192.168.100.3 80 extendable
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip access-list extended VPN-Access-List
permit ip 192.168.1.0 0.0.0.255 any
permit tcp host A.B.C.D host 192.168.1.100 eq ftp
permit tcp host A1.B1.C1.D1 host 192.168.1.100 eq ftp
permit tcp host A2.B2.C2.D2 host 192.168.1.100 eq ftp
permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.100 eq ftp
permit tcp host A3.B3.C3.D3 host 192.168.1.100 eq ftp
permit tcp any host 192.168.1.100 eq XXX
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner motd ^C XXXXX-XXXXX VPN Router ^C
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 124A50424A5E5550
transport input telnet ssh
scheduler max-task-time 5000
endHi Jennifer,
I have gotten it resolved. Per your suggestion, I have turned on debug ip dhcp events and found that POOL EMPTY message. After little research, I found out that I have made a mistake in my excluded-address range.
I have had it as
ip dhcp excluded-address 192.168.1.1 192.168.100.101
It should have been
ip dhcp excluded-address 192.168.1.1 192.168.1.101.
It was a typo.
Thank you for the suggestion.
Srini -
Cisco 300 - VLAN DHCP packets not passing
I am seeing a problem with our Cisco 300 switches. We use these switches as access switches, with a stacked 3750-G at the core, two 2960-S at the distribution layer, and about 10 300 Series switches at the access layer (10 port and 28 ports, all PoE).
We use Voice VLAN (VLAN 14) for our Mitel phones – there is a DHCP server on the Mitel system. Phones come up, get tagged VLAN 14 (LLDP), Traffic flows (including Broadcast for DHCP etc…). The system works, and has worked for months.
One day, suddenly, I find that all the Mitel phones on a particular access switch are not working. I look on the Mitel system and the lease on DHCP has expired, and the phone is stuck on renewing its DHCP IP address. I run port mirroring on the switch for VLAN 14 to see what is happening. The phones are stuck on DHCP discover, and I see the DHCP Discover broadcast packets on the switch but nothing else, no DHCP offer packets – hence the phone stuck at boot cycle.
I then do a port mirror from another access switch (that is currently working) – I can see the broadcast packets from the Mitel phones on the broken switch, but on this switch I can also see the DHCP offer packets from the Mitel system. I run two port mirrors simultaneous from the two switches (one working, one not) and I can see that the DHCP offer packets are not coming through to the broken switch. Panic ensues – I look at the distribution layer and there is no problem what so ever.
For some strange reason, the Cisco 300 28 port has stopped passing DHCP broadcast packets on a particular VLAN, even though they are being sent. I power cycle the switch – and hey presto, DHCP offer packets are coming through, and the phones get an IP address and boot properly.
I wipe the sweat off my brow, note the issue down and carry on my daily duties.
Forward a couple of weeks later, and to today. I have another phone that is showing the same symptoms, luckily it is the only phone on this particular Cisco 300 28 port. The same issue is occurring as described above. I gather as much diagnostic information I can then reboot the switch – but still no joy. I then remember that this switch is not directly attached to the distribution layer and instead gets trunked to another Cisco 300 28 port. I give that a reboot and 5 minutes later, DHCP broadcast offers are passing and the phone boots.
I am listing this problem as not just a ‘one off’ now, and is recurring. It has happened to two of my 300 28 port switches.
All Switches running 1.1.2.0.
No link to up time – first instance of the problem, switch was up for 14 days – second instance (another switch) uptime of 39 days
LLDP is working fine on the switches, as is Voice-VLAN (Port is tagged and broadcasts out DHCP Discover which is seen by other devices throughout network)
Nothing in the log file on the access switch
Nothing on the Dist/Core regarding STP – Spanning tree set up is fine throughout
Has anyone else experienced same? I’m hoping this is a bug that is getting fixed.
Many Thanks
TimHello Tim
Brayton Hackworth had a similar post as yours, found here;
https://supportforums.cisco.com/message/3684179#3684179
Brayton is using the Mitel 5330 phones where the LLDP no longer fed VLAN information to the phone network. But, he reverted to use a DHCP server to provide the VLAN information.
Unfortunately, I (personally) cannot test any Mitel resources (since I don't have them) so my labs usually only consist of either 7900 series or SPA500/900 series phones.
The best thing I can really recommend to you is to make a package of data consisting of;
Topology which consists of;
Modem type
Router including IP
All devices including IP of switches
Servers / relevant workstations
# of attached devices and # of users on the LAN
Switch config file + show tech on a notepad
Syslog output from the switch
Working PCAP
PCAP showing failure
PCAP legend showing what IP address are who (unless topology contains all IP)
Where the PCAP is taken from and method
We then can create a service request for you and pass it for review.
-Tom -
WLC 2106 does not send DHCP request
Hi,
I've several WLC2106 running 4.1(185) and all is working fine.
Now we started to migrate some of them to 4.2(207) but client didn't received anymore DHCP reply.
DHCP server is a Microsoft server with the address configuren under the dynamic interfaces parameter.
With the same config and 4402 all is working fine.
With the same config and 4.1.x with WLC2016 all is working fine.
It seems something changed from 4.2.
Any idea ? Here the log of DEBUG DHCP PACKET
00:22:fb:89:d1:dc DHCP received op BOOTREQUEST (1) (len 312, port 1, encap 0xec03)
00:22:fb:89:d1:dc DHCP processing DHCP DISCOVER (1)
00:22:fb:89:d1:dc DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
00:22:fb:89:d1:dc DHCP xid: 0x5cbacd54 (1555746132), secs: 3, flags: 0
00:22:fb:89:d1:dc DHCP chaddr: 00:22:fb:89:d1:dc
00:22:fb:89:d1:dc DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
00:22:fb:89:d1:dc DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
00:22:fb:89:d1:dc DHCP requested ip: 169.254.122.145
00:22:fb:89:d1:dc DHCP successfully bridged packet to DS
00:10:18:3d:9c:2b DHCP received op BOOTREQUEST (1) (len 268, port 1, encap 0xec00)
00:10:18:3d:9c:2b DHCP dropping packet (no mscb) found - (giaddr 0.0.0.0, pktInfo->
Many thanks
LuigiIn 4.1, disabling DHCP proxy did just that, it disabled the "proxy". If you ever look at your dhcp lease of a wireless client, it comes from a dhcp server of 1.1.1.1 (virtual IP of the controller). With proxy disabled, the address will no longer be masked.
In 4.2 and beyond, disabling dhcp proxy actually disables the DHCP Relay that is the process of the controller sending the dhcp requests to a specified server.
So if in 4.1, you had "dhcp proxy" disabled, in 4.2 and beyond, you are actually disabling the relay as well.
If this is indeed the case, enable dhcp proxy, or add an IP Helper adress to your router for this vlan, just like you would normally do for Wired clients. -
MSS report not passing values from portal to selection screen fields
Hello Gurus,
We have a problem with Sickness Absences report in MSS which is a Z copy of the standard report RPTABS20.
The problem is when the manager defines the selection criteria and selects the other period dates and under Organizational View - selects All Organizational Units and highlights one org unit and report results, then the report displays the employees which are currently not part of same org unit as selected in selection criteria. But these employees were present in this org unit in past when they took leave, which comes under the same period as given on selection screen. So in a way it seems to be right. But the requirement is to only display the employees which are currently present in this org unit.
The report seems to be working fine in backend where we specified the same date range and org unit on selection screen.
On our investigation in portal we came to know that the org unit field on selection screen PNPORGEH is not getting filled with org unit number selected on portal.
On further investigation in debugging we came across the fm HRWPC_RPT_START_REPORT which calls fm HRWPC_RPT_FCODE_EXEC which in turn calls fm HR_HIS_EXECUTE and it executes the report with following code:
SUBMIT (repos-repid) AND RETURN
USING SELECTION-SET repos-varit
WITH pnpindex IN objid_ranges
WITH pnptimed eq ' '
WITH pnpbegps eq act_begda
WITH pnpendps eq act_endda
WITH pnpbegda eq act_begda
WITH pnpendda eq act_endda
WITH p_super eq space.
Looks like the standard code is not passing the org unit to the selection screen of the report.
Request you to kindly guide if this is a SAP standard problem or the report is not configured properly ?Please check steps as mentioned here
http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=199820849
and report variant, check your evaluation paths if it is being refreshed correctly, click twice to refresh.
check tje note 1431691
When the report is launched from
the portal, the program is reading the table:T77eo for the object
type-'O' , since there are no entries for the object 'O' in the table,
the switch INREL is not set, therefore the structure pchobjid is not
filled while calling the report as shown below. Now I know the
rootcause, but I don;t know the reason behind the table: T77EO not
having entries for object "O".
==============================================================
SUBMIT (fcode_rec-progname)
USING SELECTION-SET fcode_rec-variant
AND RETURN
WITH pchplvar EQ act_plvar
WITH pchotype EQ act_otype
WITH pchobjid IN pchobjid
WITH pchsobid IN pchsobid
WITH pchobeg EQ act_begda
WITH pchoend EQ act_endda
WITH pchbegda EQ act_begda
WITH pchendda EQ act_endda.
try to use PNP database for seleciton only these paramters are passed to backend! -
Cisco Airespace WLC2006 doesn't pass DHCP to client
I'm installing a new WLC2006 and the AP1020's are connected via the switched backbone and not to the controller. I upgraded the WLC to V3 code. Wireless clients do not receive DHCP addresses for their respective VLANs. If I connect wired to the switch, I get DHCP from whatever VLAN I'm configured for.
I then backed down to 2.2.143.22 and still no success. I then backed down to 2.2.127.9 and things work correctly!
Has anyone else seen this problem? This is the first time I've tried the newer code. Also, the checkbox to require DHCP for the clients would uncheck itself after I checked it and applied the change.Hi Adam
Have you applied a DHCP server to either the vlan interface on the WLC?
The AireSpace kit seems to intercept DHCP requests (i.e. not just bridge them onto the LAN).
I've seen it fail sometimes until you turn on 'DHCP Override' and specify the IP address of the DHCP server under the SSID configuration... not sure why this happens...
Regards
Aaron
Please rate helpful posts.. -
Could not complete the paste command because there is not enough memory (RAM)
Hi,
Anybody can help me please? i am getting this message again and again. i tried to restart system and re install Photoshop no luck.
"could not complete the paste command because there is not enough memory (RAM)"
will be great if i get reply asap.
Thanks,
ZiaThere are no mind readers or clairvoyants in these user forums. Give us a break and provide plenty of details.
BOILERPLATE TEXT:
If you give complete and detailed information about your setup and the issue at hand, such as your platform (Mac or Win), exact versions of your OS, of Photoshop and of Bridge, machine specs, what troubleshooting steps you have taken so far, what error message(s) you receive, if having issues opening raw files also the exact camera make and model that generated them, etc., someone may be able to help you.
Please read this FAQ for advice on how to ask your questions correctly for quicker and better answers:
http://forums.adobe.com/thread/419981?tstart=0
Thanks!
Maybe you are looking for
-
i have an apple account, but i created a new one because none of the passwords i use worked on it (i hadnt been on in a while) so i set up another account with the same email and a new password on January 27. i have chevcked my emails every day sinc
-
Adding field in webdynpro iView
Hi, I want to add some extra field and column in existing webdynpro iView.Someone can help me to achieve it? Thanks, Kundan
-
80 GB on dropbox but only 250 GB HD
i seem to be in a constant battle trying to keep my 250 GB HD from filling up. right now i am showing a 80 GB dropbox folder and i am wondering if there is anything i can do about this. i mean, presumably i can take some of this data OFF dropbox and
-
Maybe someone can help me. I am waiting so that the new iMac is finally order and configurable. There is November and December - but Apple has the year forgotten and which have no order and configuration is possible, is the hope of 2012 probably disa
-
How to trigger 'save' event without pressing SAVE button
Hi, i want to execute my 'save' event without press the SAVE button. I want to simulate press the button with abap code and sy-ucomm = 'SAVE'. Is there a function module for this functionality Thanks Reward Points