WLC2100 not issuing DHCP to clients

I've got a 2106 that I'm installing for a customer and having issues with it assigning DHCP to WiFI clients.  What's odd is that this was working at one point at home during testing.  Only difference at this point is LAN hardware at the customer location.
Simple config-  single flat vlan on Cat2960G switch, ASA5505 serving up DHCP for the network.  Wired clients are receiving DHCP fine.
Mgmt IP
192.168.0.10/24
Mgmt Gateway
192.168.0.1
Mgmt VLAN
0
Mgmt Int port
1
Mgmt DHCP server
192.168.0.1
AP Mgr Int IP
192.168.0.11
Virtual GW IP
1.1.1.1
RF group name
rfgrp1
SSID
xxxx
Client Static IP?
no
Country Code
802.11a/b/g status
enabled
Radio resource mgmt status
enabled
I've run dhcpd debug on both the controller and the ASA and I see the DHCPD requests on the controller, but I never see them hitting the ASA.
I don't have the specific version of code it's running, but I know it's 6.0.  One of my local Cisco account engineers found some Cisco CSC bugs referencing this issue.  One TAC cas even referenced stripping all security off the WiFi, connecting the client and then reimplementing the security again.
Anyone have any suggestions?  I'm hoping to head back over there again this afternoon to do some more troubleshooting and hopefully solve this for them.
Thanks!
Mike

In this case, the controller is not currently configured as DHCP server, although I may be trying that this afternoon.
I've currently got DHCP proxy enabled and am pointing it to the ASA5505 (192.168.0.1)- I thought I mentioned that in my previous post.
Please keep in mind this was working fine at one point in my lab while I was testing it, then I shut it down for a couple weeks while I waited to install it at the customer site.  I've even tried resetting back to factory defaults and reconfiguring it to see if I'd accidentally misconfigured something.
I don't have the exact version, but I do know that I'm running a 6.x code rev.  I'm probably going to just upgrade to 7.0 this afternoon and see if that makes a difference.  If not, I'll try enabling the internal DHCP server, but I don't want to do that if I don't need to.  Just one more thing to worry about managing for the customer.
Thanks,
Mike

Similar Messages

  • AP 1231G Not Passing DHCP to clients

    Hello  My company AP 1231G is not passing the DHCP address to the client from the DHCP server  can you please advise on my config listed below
    basicly the AP is on its own VLAN 10.1.123.1 and the DHCP server is 10.1.10.2 -- trying to use iphelper to pass DHCP to clients and the AP is on static IP 10.1.123.2--
    ! Last configuration change at 13:15:56 +0800 Fri May 25 2012 by root
    ! NVRAM config last updated at 13:15:56 +0800 Fri May 25 2012 by root
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname XXXXXXXXXX
    clock timezone +0800 8
    ip subnet-zero
    no ip domain lookup
    ip domain name XXXXXXXXXXXXX
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    dot11 syslog
    dot11 ssid XXXXXXXXXX
       authentication open
       authentication key-management wpa
       guest-mode
       infrastructure-ssid optional
       wpa-psk ascii XXXXXXXXXXXXXXXXXXXXXXX
    dot11 arp-cache optional
    username root privilege 15 password XXXXXXXXXXXXXXXXXXXXX
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    ssid XXXXXXXXXXX
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    no preamble-short
    channel 2432
    station-role root access-point
    no dot11 extension aironet
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.1.123.2 255.255.255.0
    ip helper-address 10.1.10.2
    ip default-gateway 10.1.123.1
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    access-list 111 permit tcp any any neq telnet
    snmp-server view dot11view ieee802dot11 included
    snmp-server view ieee802dot11 ieee802dot11 included
    snmp-server community public RO
    snmp-server community private view undefined RW
    bridge 1 route ip
    line con 0
    terminal-type teletype
    line vty 0 4
    terminal-type teletype
    sntp server 114.80.81.13
    sntp broadcast client
    end

    Roan:
    Where is your DHCP server configured (swtich, firewall, 3rd party server..etc)?
    Does it work correctly if the AP IP on same subnet  and ip-helper is not being utilized?

  • DHCP not issuing DNS to client.

    My xServer is using OSX Server 10.4.10 and is our networks DHCP server. When I set a client machine to automaticaly get its settings it correctly gets its IP address, Subnet Mask and Gateway. However it will not connect to the internet until I add the DNS settings manually.
    I cannot find any reason why this should be. This must be some stupid setting I am missing, any help would be very kind.

    It is a new server and I have been trying to configure it. It does not work properly and I have turned to these forums in the hope that somene here would be able to tell m what I have done wrong. Kostas I don't really understand why you are asking me this.
    Wjat I have should be a ver simple thing to configure I a have a network which is going to use the xServe as its Gateway, DCHP Server and mail server. I have allocated the mailserver the internal I address of 192.168.101.40 and my ISP has given me an ip of 62.49.189.82 for the WAN side. At the moment it seems to work, except for three things, which may be related(DNS, FTP & Host names), my plan was to fix the first and see if the others goes away.
    The first problem is that client machines are not recieving the DNS settings and so they cannot connect to the internet unless I manually provide them with the ip address of the xServer.
    I have submitted a couple of screenshots via pdf documents to show you my settings, and I will be very greatful if you can see what I have done wrong. Have I provided enough information for someone to be able to help me. Most of the settings I have made I copied from my old machine (A Cobalt Qube) which the xServe replaces. Until the Qube failed it worked without any problems for 5 years. I don't understand why it is that this server seems so much more difficult to configure than the Qube.
    Apple has a good reputation for providing easy to configure machines, this software seems to have bypassed the QC check on software design.

  • Access Points Not Passing DHCP to Clients

    I have a 50+ access point deployment, all in a single VLAN (DMZ), across a dozen buildings. We recently experienced wierdness of the following sort. Clients would request DHCP request, DHCP servers would forward requests, which would not get passed from the AP to the clients. We could verify that DHCP and all other parts of network were fine. I had to cold boot each AP to clear the condition. I could find nothing in this mix of 350s and 1200s or the spectrum that would indicate an obvious attack... Couldn't find where to start looking for any tables that were full, or any real place to look for some other reason for this. Yet after cold boot- all is well.
    Any thoughts, in case it happens again?

    Hi Guys,
    I am having a similar problem to you, however i can get authentciated via LEAP, but dont seem to get an IP adderss from the radius server.
    My setup is very simple as i am at the design stage. We have a Cisco AP 1200 (2.4 and 5.0 GHZ) and we are using FUNK steel belted RADIUS server. LEAP authentication works fine and i can see the association on the AP. The wirless client (HP W400 integrated Wireless cards) shows that it has been authenticated successfully too. However no IP is being received. We have a IP Pool configured on the SBR server and the SBR server shows that it has issued an IP address.
    Next step was to place a sniffer and capture the packets. The capture shows the radius requests and challenges and in the very last ACCEPT packet we can see that the SBR has issued an IP address.
    I am confused as i cant see anything on AP that would block the IP address. There are also a few attributes showing as "unknown" in the sniffer trace, so im not too sure wgats going on.
    Can anyone help. The IOS is 12.2 (13) JA

  • RV220W not showing DHCP Leased Clients (LAN)

    I have notice that when I click on Networking -->LAN -->DCHP Leased Clients (LAN) I get 0 results found, but If I click on Status-->Avaiable LAN Host I see all my clients, most (all but 1) are listed as "unknown" under the Name.
    How do I get them to show up under the DCHP Leased Clients (LAN)?

    Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center.
    First, Thank you for purchasing a Cisco product. I am sorry to here that you are still having the issue. I am going to follow-up with the agent that was working your case and work on determining what is causing your issue.
    If you need anything, please let me know. You can reach me at emoyers at cisco . com
    Eric Moyers
    Cisco Network Support Engineer
    1-866-606-1866

  • WRT54GL Not issuing DHCP to Laptops

    Hello
    I have a WRT54GL V1.1 with Firmware v 4.30.2
    I have it serving 2 TIVO boxes wirelessly with it serving up a DHCP IP address
    It is not broadcasting the SSID
    I have 2 XP Dell Laptops that will connect to the service but do not get a IP address.
    Any thoughts?
    Thanks
    Mark

    Open an Internet Explorer browser page.In the address bar type - 192.168.1.1
    Leave the username blank & in password use admin in lower case...
    Click on "Wireless" tab and make sure SSID broadcast is set to Enable...If it is disable Enable it, if it is Enable changed the network name/ssid and give it a new name...leave the security to wep and see if you can locate your new SSID on your tivo...
    WPA does not work because your old adapters does not support WPA...

  • Clients not receiving DHCP IP address from HREAP centrally Switched Guest SSID

    Hi All,
    I am facing a problem in a newly deployed branch site where the Clients are not receiving DHCP IP address from a centrally switched Guest SSID. I see the client status is associated but the policy manager state is in DHCP_REQD.
    The dhcp pool is configured on the controller itself. The local guest clients are able to get DHCP and all works fine, the issue is only with the clients in the remote site. The Hreap APs are in connected mode. Could you please suggest what could be the problem. Below is the out of the debug client.
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Adding mobile on LWAPP AP 3c:ce:73:6d:37:00(1)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Reassociation received from mobile on AP 3c:ce:73:6d:37:00
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'Guest-ACL' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific IPv6 override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying IPv6 Interface Policy for station 10:40:f3:91:7e:24 - vlan 81, interface id 13, interface 'vlan_81'
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 3c:ce:73:6d:37:00 vapId 17 apVapId 1
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
    *apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 apfMsAssoStateInc
    *apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Idle to Associated
    *apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station:  (callerId: 49) in 28800 seconds
    *apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sending Assoc Response to station on BSSID 3c:ce:73:6d:37:00 (status 0) ApVapId 1 Slot 1
    *apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfProcessAssocReq (apf_80211.c:4672) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Associated
    *apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    *apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4183, Adding TMP rule
    *apfReceiveTask: May 24 11:35:53.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
      type = Airespace AP - Learn IP address
      on AP 3c:ce:73:6d:37:00, slot 1, interface = 13, QOS = 3
      ACL Id = 255, Jumbo F
    *apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 81, IPv6 intf id = 13
    *apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
    *pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
    *pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sent an XID frame
    *apfMsConnTask_3: May 24 13:26:49.401: 10:40:f3:91:7e:24 Updating AID for REAP AP Client 3c:ce:73:6d:37:00 - AID ===> 1
    *apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
    *apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.
    *apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station:  (callerId: 12) in 10 seconds
    *osapiBsnTimer: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
    *apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:4897) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Disassociated
    *apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds
    *osapiBsnTimer: May 24 13:29:09.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
    *apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Sent Deauthenticate to mobile on BSSID 3c:ce:73:6d:37:00 slot 1(caller apf_ms.c:4981)
    *apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsAssoStateDec
    *apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:5018) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Disassociated to Idle
    *apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:ce:73:6d:37:00]
    *apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Deleting mobile on AP 3c:ce:73:6d:37:00(1)
    *pemReceiveTask: May 24 13:29:09.317: 10:40:f3:91:7e:24 0.0.0.0 Removed NPU entry.

    #does the client at the remote site roams between AP that connects to different WLC?
    #type 9 is not good.
    *pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
    #Does your dhcp server getting hits.
    #Also, get debug dhcp message & packet.
    #Dhcp server is not responding.
    *apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
    *apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

  • Clients not getting DHCP in VRF

    Good morning -
    We have devices in the global routing table (not in a VRF) getting DHCP addresses without issue. The SVI is configured as such:
    interface Vlan2301
    description BLUE
    ip address 172.19.68.1 255.255.255.0
    ip helper-address 10.4.16.222
    interface Vlan2512
    description RED
    vrf forwarding RED
    ip address 10.217.5.1 255.255.255.0
    ip helper-address 10.4.16.222
    Clients in BLUE are getting DHCP but clients in RED are not. If I statically assign an address I have connectivity and can reach the DHCP server (which is also DNS server; with a static IP in VLAN 2512 I can do name resolutions for example).
    I am at a bit of a loss. Is there anything special I need to do for VRF IP HELPER-ADDRESS configuration? A capture on my firewall interface shows the DHCP server is trying to reply - it is like the helper-address is not forwarding the dhcp reply (or is not getting it)
    11:11:52.915180 IP (tos 0x0, ttl 254, id 17478, offset 0, flags [none], proto UDP (17), length 337)
        10.217.5.1.67 > 10.4.16.222.67: BOOTP/DHCP, Request from xx, length 309, hops 1, xid 0xb53a220c, Flags [none]
              Gateway-IP 10.217.5.1
              Client-Ethernet-Address xx [|bootp]
    11:11:52.918761 IP (tos 0x0, ttl 124, id 28096, offset 0, flags [none], proto UDP (17), length 344)
        10.4.16.222.67 > 10.217.5.1.67: BOOTP/DHCP, Reply, length 316, xid 0xb53a220c, Flags [none]
              Your-IP 10.217.5.12
              Server-IP 10.4.16.222
              Gateway-IP 10.217.5.1
              Client-Ethernet-Address xx [|bootp]
    Any ideas?

    Good morning -
    I have a pair of 6513 in a VS40 (VSS quad sup) connected via L3 MEC to a VSS pair of 4500X. Active to Active and Standby to Standby connected in a L3 MEC port-channel that is also a vnet trunk:
    (Core)
    interface Port-channel5
    description Distribution Uplink
    no switchport
    vnet trunk
    ip dhcp snooping limit rate 100
    ip address 172.20.68.1 255.255.255.252
    ip ospf message-digest-key 1 md5 XXX
    spanning-tree guard root
    (4500 Distribution)
    interface Port-channel1
    description Core Uplink
    vnet trunk
    ip arp inspection trust
    ip address 172.20.68.2 255.255.255.252
    ip ospf message-digest-key 1 md5 XXX
    The interfaces are all using LACP mode Active inside the channels
    On the 4500 we have a global routing table and a vrf. Both have helper addresses pointing to the DHCP server which is extranet service behind the 6513 Core.
    interface Vlan2301
    description Global Routing Table
    ip address 172.19.68.1 255.255.255.0
    ip helper-address 10.4.16.222
    interface Vlan2512
    description VRF
    vrf forwarding RED
    ip address 10.217.5.1 255.255.255.0
    ip helper-address 10.4.16.222
    DHCP for the Global Routing Table subnet works. DHCP for the VRF does not.
    What is interesting is if we shut down the link that is connected to the standby 4500 (Te2/1/1) DHCP starts to work for the VRF.
    Using <debug ip dhcp server packet detail> at the 4500 here is what I am seeing.
    When both links are up and DHCP is failing for the VRF:
    Mar 10 20:02:02.419: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
    Mar 10 20:02:10.473: DHCPD: Reload workspace interface Vlan2512 tableid 3.
    Mar 10 20:02:10.473: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
    Mar 10 20:02:10.474: DHCPD: client's VPN is RED.
    Mar 10 20:02:10.474: DHCPD: using received relay info.
    When I shut the Te2/1/1 link down in the L3 MEC at the 4500 DHCP starts to work for the VRF RED:
    Mar 10 20:04:41.354: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
    Mar 10 20:04:41.369: DHCPD: Reload workspace interface Port-channel1.2002 tableid 3.
    Mar 10 20:04:41.369: DHCPD: tableid for 172.20.68.2 on Port-channel1.2002 is 3
    Mar 10 20:04:41.369: DHCPD: client's VPN is .
    Mar 10 20:04:41.369: DHCPD: forwarding BOOTREPLY to client 001a.6b3a.5613.
    Mar 10 20:04:41.369: DHCPD: no option 125
    Mar 10 20:04:41.369: DHCPD: broadcasting BOOTREPLY to client 001a.6b3a.5613.
    Mar 10 20:04:41.369: DHCPD: no option 125
    Mar 10 20:04:44.808: DHCPD: Reload workspace interface Vlan2512 tableid 3.
    Mar 10 20:04:44.808: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
    Mar 10 20:04:44.808: DHCPD: client's VPN is RED.
    It is like there is a bug that is treating the L3 MEC as a L2 MEC when both links are present; or the VNET trunk is not being processed correctly.
    Has anyone else used a L3 MEC with a VRF and a DHCP helper with success? Is this a bug?
    03.05.01.E is the code we are running on the 4500X-32(SPF+)
    This is also with TAC but I thought I would share with the community in case anyone else has a similar environment or if Cisco experts want to comment.

  • Router not issusing DHCP addresses to AP clients

    So I have configured a DHCP pool on my router to issue DHCP leases to wireless clients in my network - the clients can see the SSID broadcasting and can connect successfully. The only problem is that they don't receive an IP address.
    IPCONFIG shows the 169.254 etc address...the network status shows "Limited or no connectivity" when hovering over the icon.
    We used to have the clients receive their leases from a server which worked with the IP helper command...is there something simple I'm missing here?
    Thanks in advance.

    Please see below...
    Last configuration change at 16:18:21 UTC Thu Jul 10 2014 by admin
    version 15.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname XXX
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    no aaa new-model
    ip cef
    ip dhcp excluded-address 10.26.129.1
    ip dhcp excluded-address 10.26.129.253
    ip dhcp excluded-address 10.26.129.254
    ip dhcp excluded-address 10.26.129.2
    ip dhcp pool guest
     network 10.26.129.0 255.255.255.0
     dns-server 208.67.222.222 208.67.220.220
     default-router 10.26.129.1
    interface Tunnel5
     ip address 172.17.5.4 255.255.255.0
     ip mtu 1400
     ip tcp adjust-mss 1360
     tunnel source 12.1xx.xx.xx
     tunnel destination 199.4x.xxx.xx
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    interface GigabitEthernet0/0
     description Data Networks
     no ip address
     duplex auto
     speed auto
    interface GigabitEthernet0/0.1
     description Main Data VLAN
     encapsulation dot1Q 1 native
     ip address 10.27.129.2 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    interface GigabitEthernet0/0.3
     description DMZ VLAN
     encapsulation dot1Q 3
     ip address 10.28.129.2 255.255.255.0
    interface GigabitEthernet0/0.20
     description Guest VLAN
     encapsulation dot1Q 20
     ip address 10.26.129.1 255.255.255.0
     ip access-group 121 in
    interface Serial0/0/0
     description XXX
     ip address 12.1xx.xx.xx 255.255.255.252
     ip nat outside
     ip virtual-reassembly in
     encapsulation ppp
     service-module t1 cablelength short 440ft
     service-module t1 timeslots 1-24
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 0.0.0.0 0.0.0.0 12.1xx.xx.xx
    ip route 10.10.0.0 255.255.255.0 172.17.5.5
    ip route 10.10.200.0 255.255.255.0 172.17.5.5
    ip route 10.27.130.0 255.255.255.0 172.17.5.5
    ip route 10.27.131.0 255.255.255.0 172.17.5.5
    ip route 10.28.129.0 255.255.255.0 10.27.129.1
    ip route 129.155.20.0 255.255.252.0 10.27.129.1
    ip route 129.155.84.0 255.255.252.0 10.27.129.1
    ip route 129.155.168.0 255.255.248.0 10.27.129.1
    ip route 172.17.0.0 255.255.255.0 172.17.5.5
    ip route 172.17.2.0 255.255.255.0 172.17.5.5
    ip route 172.17.3.0 255.255.255.0 172.17.5.5
    ip route 192.168.2.0 255.255.255.0 172.17.5.5
    access-list 2 permit 12.2xx.xx.xx
    access-list 2 permit 10.27.129.0 0.0.0.255
    access-list 2 permit 192.168.2.0 0.0.0.255
    access-list 2 permit 10.27.131.0 0.0.0.255
    access-list 2 permit 10.27.130.0 0.0.0.255
    access-list 2 permit 10.10.0.0 0.0.0.255
    access-list 2 permit 10.10.200.0 0.0.0.255
    access-list 2 permit 12.2xx.xxx.xxx 0.0.0.7
    access-list 2 permit 172.17.5.0 0.0.0.255
    access-list 2 permit 199.4x.xxx.xxx 0.0.0.15
    access-list 2 permit 10.26.129.0 0.0.0.255
    access-list 121 permit tcp any host 10.27.129.31 eq 67
    access-list 121 permit udp any host 10.27.129.31 eq bootps
    access-list 121 permit ip any any
    access-list 121 permit ip 10.26.129.0 0.0.0.255 host 10.14.0.6
    access-list 121 deny   ip 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
    access-list 121 deny   ip 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
    access-list 121 deny   ip 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
    access-list 121 deny   icmp 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
    access-list 121 deny   icmp 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
    access-list 121 deny   icmp 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
    control-plane
    line con 0
     login local

  • DHCP not issuing IP's, SIU Problems

    Upgraded to 10.5 server from 10.4.11 Server and I am having a few problems.
    Number 1
    I am trying to get NetBoot Running again but none of my systems are recognizing the server. I have checked the logs and everything is looking great except that I see DHCP requests coming through (MAC address' are in the log) but the server is not distributing the IP to the machines. The log file reports the subnet is not right.
    Number 2
    I am trying to create factory restores for new macs. When using SIU I am having trouble getting the program to recognize that there are usually two DVD's that come with macs for restores. I tried having the unit select packages but that does not come up with anything. When I run the image workflow it does not even ask for the second disk which has a lot of bundled software. Any help would be appreciated!

    I was having various DHCP problems, it was telling me the start IP wasn't within the range, although it clearly was - try making a new subnet with the same details then restart the service.
    Also check directory utility on the client machines, if they are running leopard too, I noticed a but where if it was set to automatically discover the server via DHCP the search policy for authentication had to be set to a custom path not automatic, else the clients were getting self signed IP's instead of DHCP assigned.

  • Why available Lan Host not showing up in the DHCP Leased Client table for RV180

    I just purchased the RV180 and am puzzled as to why lan host with ip address of 192.168.1.102 not showing up in the DHCP leased clients list.
    I have 4 static ip addresses with the last 3 digits ending in 101, 102,103 and 200 listed in the static DHCP and available local network list, but 102 is not in the DHCP leased clients list. The other 3: 101,103 and 200 are.
    Should it not be there also?

    Thanks Marty,
    There is nothing different about 102 than the other hosts.
    I did talk to tech support at Cisco this morning and I was told that I should not use the static DHCP under Networking LAN. Instead, I should set the static IP at the device level.
    So under Static DHCP, the list is blank, but the IP address will show up under Available LAN Hosts and listed as Static as Type.
    I thought this is a bit strange since it is Static DHCP and should be under Static DHCP (?)
    George

  • AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

    Hi everyone,
    it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
    Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
    : Saved
    ASA Version 9.1(1)
    hostname ASA
    domain-name ingo.local
    enable password ... encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd ... encrypted
    names
    name 10.0.1.0 LAN-10-0-1-x
    dns-guard
    ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif Internal
    security-level 100
    ip address 10.0.1.254 255.255.255.0
    interface Vlan2
    nameif External
    security-level 0
    ip address dhcp setroute
    regex BlockFacebook "facebook.com"
    banner login This is a monitored system. Unauthorized access is prohibited.
    boot system disk0:/asa911-k8.bin
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup Internal
    dns domain-lookup External
    dns server-group DefaultDNS
    name-server 10.0.1.11
    name-server 75.153.176.1
    name-server 75.153.176.9
    domain-name ingo.local
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network LAN-10-0-1-x
    subnet 10.0.1.0 255.255.255.0
    object network Company-IP1
    host xxx.xxx.xxx.xxx
    object network Company-IP2
    host xxx.xxx.xxx.xxx
    object network HYPER-V-DUAL-IP
    range 10.0.1.1 10.0.1.2
    object network LAN-10-0-1-X
    access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
    access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
    access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389 
    tcp-map Normalizer
      check-retransmission
      checksum-verification
    no pager
    logging enable
    logging timestamp
    logging list Threats message 106023
    logging list Threats message 106100
    logging list Threats message 106015
    logging list Threats message 106021
    logging list Threats message 401004
    logging buffered errors
    logging trap Threats
    logging asdm debugging
    logging device-id hostname
    logging host Internal 10.0.1.11 format emblem
    logging ftp-bufferwrap
    logging ftp-server 10.0.1.11 / asa *****
    logging permit-hostdown
    mtu Internal 1500
    mtu External 1500
    ip verify reverse-path interface Internal
    ip verify reverse-path interface External
    icmp unreachable rate-limit 1 burst-size 1
    icmp deny any echo External
    asdm image disk0:/asdm-711.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (Internal,External) dynamic interface
    object network LAN-10-0-1-x
    nat (Internal,External) dynamic interface
    object network HYPER-V-DUAL-IP
    nat (Internal,External) static interface service tcp 3389 3389
    access-group 100 in interface External
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server radius protocol radius
    aaa-server radius (Internal) host 10.0.1.11
    key *****
    radius-common-pw *****
    user-identity default-domain LOCAL
    aaa authentication ssh console radius LOCAL
    http server enable
    http LAN-10-0-1-x 255.255.255.0 Internal
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map External_map interface External
    crypto ca trustpoint srv01_trustpoint
    enrollment terminal
    crl configure
    crypto ca trustpoint asa_cert_trustpoint
    keypair asa_cert_trustpoint
    crl configure
    crypto ca trustpoint LOCAL-CA-SERVER
    keypair LOCAL-CA-SERVER
    crl configure
    crypto ca trustpool policy
    crypto ca server
    cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
    issuer-name CN=...
    database path disk0:/LOCAL_CA_SERVER/
    smtp from-address ...
    publish-crl External 44436
    crypto ca certificate chain srv01_trustpoint
    certificate <output omitted>
      quit
    crypto ca certificate chain asa_cert_trustpoint
    certificate <output omitted>
      quit
    crypto ca certificate chain LOCAL-CA-SERVER
    certificate <output omitted>
      quit
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable External client-services port 44455
    crypto ikev2 remote-access trustpoint asa_cert_trustpoint
    telnet timeout 5
    ssh LAN-10-0-1-x 255.255.255.0 Internal
    ssh xxx.xxx.xxx.xxx 255.255.255.255 External
    ssh xxx.xxx.xxx.xxx 255.255.255.255 External
    ssh timeout 5
    ssh version 2
    console timeout 0
    no vpn-addr-assign aaa
    no ipv6-vpn-addr-assign aaa
    no ipv6-vpn-addr-assign local
    dhcpd dns 75.153.176.9 75.153.176.1
    dhcpd domain ingo.local
    dhcpd option 3 ip 10.0.1.254
    dhcpd address 10.0.1.50-10.0.1.81 Internal
    dhcpd enable Internal
    threat-detection basic-threat
    threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    dynamic-filter use-database
    dynamic-filter enable interface Internal
    dynamic-filter enable interface External
    dynamic-filter drop blacklist interface Internal
    dynamic-filter drop blacklist interface External
    ntp server 128.233.3.101 source External
    ntp server 128.233.3.100 source External prefer
    ntp server 204.152.184.72 source External
    ntp server 192.6.38.127 source External
    ssl encryption aes256-sha1 aes128-sha1 3des-sha1
    ssl trust-point asa_cert_trustpoint External
    webvpn
    port 44433
    enable External
    dtls port 44433
    anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
    anyconnect profiles profile1 disk0:/profile1.xml
    anyconnect enable
    smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
    smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
    webvpn
      anyconnect profiles value profile1 type user
    username write.ingo password ... encrypted
    username ingo password ... encrypted privilege 15
    username tom.tucker password ... encrypted
    class-map TCP
    match port tcp range 1 65535
    class-map type regex match-any BlockFacebook
    match regex BlockFacebook
    class-map type inspect http match-all BlockDomains
    match request header host regex class BlockFacebook
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 1500
      id-randomization
    policy-map TCP
    class TCP
      set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
      set connection timeout dcd
      set connection advanced-options Normalizer
      set connection decrement-ttl
    policy-map type inspect http HTTP
    parameters
      protocol-violation action drop-connection log
    class BlockDomains
    policy-map global_policy
    class inspection_default
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect dns preset_dns_map dynamic-filter-snoop
      inspect http HTTP
    service-policy global_policy global
    service-policy TCP interface External
    smtp-server 199.185.220.249
    privilege cmd level 3 mode exec command perfmon
    privilege cmd level 3 mode exec command ping
    privilege cmd level 3 mode exec command who
    privilege cmd level 3 mode exec command logging
    privilege cmd level 3 mode exec command failover
    privilege cmd level 3 mode exec command vpn-sessiondb
    privilege cmd level 3 mode exec command packet-tracer
    privilege show level 5 mode exec command import
    privilege show level 5 mode exec command running-config
    privilege show level 3 mode exec command reload
    privilege show level 3 mode exec command mode
    privilege show level 3 mode exec command firewall
    privilege show level 3 mode exec command asp
    privilege show level 3 mode exec command cpu
    privilege show level 3 mode exec command interface
    privilege show level 3 mode exec command clock
    privilege show level 3 mode exec command dns-hosts
    privilege show level 3 mode exec command access-list
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command vlan
    privilege show level 3 mode exec command ip
    privilege show level 3 mode exec command failover
    privilege show level 3 mode exec command asdm
    privilege show level 3 mode exec command arp
    privilege show level 3 mode exec command ipv6
    privilege show level 3 mode exec command route
    privilege show level 3 mode exec command ospf
    privilege show level 3 mode exec command aaa-server
    privilege show level 3 mode exec command aaa
    privilege show level 3 mode exec command eigrp
    privilege show level 3 mode exec command crypto
    privilege show level 3 mode exec command ssh
    privilege show level 3 mode exec command vpn-sessiondb
    privilege show level 3 mode exec command vpnclient
    privilege show level 3 mode exec command vpn
    privilege show level 3 mode exec command dhcpd
    privilege show level 3 mode exec command blocks
    privilege show level 3 mode exec command wccp
    privilege show level 3 mode exec command dynamic-filter
    privilege show level 3 mode exec command webvpn
    privilege show level 3 mode exec command service-policy
    privilege show level 3 mode exec command module
    privilege show level 3 mode exec command uauth
    privilege show level 3 mode exec command compression
    privilege show level 3 mode configure command interface
    privilege show level 3 mode configure command clock
    privilege show level 3 mode configure command access-list
    privilege show level 3 mode configure command logging
    privilege show level 3 mode configure command ip
    privilege show level 3 mode configure command failover
    privilege show level 5 mode configure command asdm
    privilege show level 3 mode configure command arp
    privilege show level 3 mode configure command route
    privilege show level 3 mode configure command aaa-server
    privilege show level 3 mode configure command aaa
    privilege show level 3 mode configure command crypto
    privilege show level 3 mode configure command ssh
    privilege show level 3 mode configure command dhcpd
    privilege show level 5 mode configure command privilege
    privilege clear level 3 mode exec command dns-hosts
    privilege clear level 3 mode exec command logging
    privilege clear level 3 mode exec command arp
    privilege clear level 3 mode exec command aaa-server
    privilege clear level 3 mode exec command crypto
    privilege clear level 3 mode exec command dynamic-filter
    privilege cmd level 3 mode configure command failover
    privilege clear level 3 mode configure command logging
    privilege clear level 3 mode configure command arp
    privilege clear level 3 mode configure command crypto
    privilege clear level 3 mode configure command aaa-server
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
    : end
    Many thanks,
    Ingo

    Hi Jose,
    here is what I got now:
    ASA(config)# sh run | begin tunnel-group
    tunnel-group DefaultWEBVPNGroup general-attributes
    address-pool VPNPool
    authorization-required
    and DAP debugging still the same:
    ASA(config)# DAP_TRACE: DAP_open: CDC45080
    DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
    DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
    DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
    DAP_TRACE: Username: tom.tucker, DAP_add_AC:
    endpoint.anyconnect.clientversion="3.1.02026";
    endpoint.anyconnect.platform="win";
    DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
    DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
    DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
    Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
    Thanks,
    Ingo

  • WLC 5760 with internal DHCP server, clients no get IP address

    Hi all,
    I have  2  Cisco 5760 WLC (active-standby)  IOS-Xe 03.03.03SE  with  one WLAN.
     sh wlan summary 
    Number of WLANs: 1
    WLAN Profile Name                     SSID                           VLAN Status 
    1    Invitados_ADSL                   Guest                          905  UP
    sh vlan         
    VLAN Name                             Status    Ports
    1    default                          active    Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
                                                    Te2/0/4, Te2/0/5, Te2/0/6
    100  VLAN0100                         active    Te1/0/1, Te2/0/1
    101  Planta_1                         active    
    905  Internet                         active    Te1/0/2, Te2/0/2
    The DHCP server is internal.
    Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
    The workaround done by me to solve the issue is “clear  ip dhcp  binding *”.
    Some days later the problem appears again.
    I see this bug with a similar problem:
    NGWC blocks DHCP traffic if wireless broadcast disabled
    CSCun88928
    Description
    Symptom:
    Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
    In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
    Conditions:
    Seen on 3.3.2 IOS-XE
    Workaround:
    Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
    OR
    Enable "wireless broadcast" globally
    My DHCP configuration is:
    ip dhcp relay information trust-all
    ip dhcp snooping vlan 905
    ip dhcp snooping
    ip dhcp excluded-address 172.16.0.1 172.16.0.19
    ip dhcp excluded-address 172.16.1.250 172.16.1.254
    ip dhcp pool Invitados
     network 172.16.0.0 255.255.254.0
     default-router 172.16.0.1 
     dns-server 212.66.160.2 212.49.128.65 
     lease 0 8
    I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
    DHCP Snooping and Trust Configuration on CT5760
    ip dhcp snooping vlan 100, 200
    ip dhcp snooping wireless bootp-broadcast enable
    ip dhcp snooping
    interface TenGigabitEthernet1/0/1
    description Connection to Core Switch
    switchport trunk allowed vlan 100, 200
    switchport mode trunk
    ip dhcp relay information trusted ip dhcp snooping trust
    interface Vlan100
    description Client Vlan
    ip dhcp relay information trusted
    My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
    Thanks in advance.
    Regards.
    D

    Yes, test it with the command you mentioned
    ip dhcp snooping wireless bootp-broadcast enable
    HTH
    Rasika
    **** Pls rate all useful responses *****

  • DHCP Connected Clients

    Hello!
    I would like to ask if there is any possibility to detemine all active computers connected to network. I have Windows Server 2008 r2 with DHCP and wold like to know who is connected at given time. All clients have reserved IP addresses, so in DHCP manager
    i always see them, even if they are not connected.
    So, can DHCP display only active computers (currently connected)?
    Thank you!

    "Even if machine is not currently connected reservation is still active..."
    This sounds wrong, to me. This does not occur in my environment. Are you using DHCP reservation, or, static?
    you need to understand that DHCP is not a Microsoft product (Microsoft did not invent DHCP), so Microsoft can't really make DHCP do anything very special (or else Microsoft are creating some other product which is not DHCP then...)
    DHCP is designed for DHCPclients to initiate the conversation with the DHCPserver. If the DHCPclient never initiates the conversation with the DHCPserver (e.g. because the DHCPclient machine is turned off or removed from the network), the DHCPserver has
    no way of knowing what is happening.
    Which is also why DHCPserver, prior to issuing a lease to a DHCPclient, will issue a ping, to ensure that proposed IP address is not already in use by some rogue machine (stolen address = bad_address).
    DHCP reservation, will be marked as active / inactive, depending on what and when DHCPserver perform regular checks, from memory, this is not real-time checking, it is, I think, maybe daily checking.
    DHCPserver needs to be able to issue ping and receive response for all that to work correctly.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Remote Desktop - The Remote Desktop administrator software does not match the installed client software version.

    Hi,
      I just upgraded to Mavricks and get this when I try to launch Remote Desktop:
    The Remote Desktop administrator software does not match the installed client software version.
    I tried removing the application and reinstalling it to no avail.  Any suggestions?
    Thanks.
    -David J. Eisen

    Hi coold88!
    I have an article for you that addresses your issue:
    Remote Desktop 3: How to install Remote Desktop Administrator software after the client software has been updated
    http://support.apple.com/kb/HT3596
    You will want to make sure you have the latest version of the software as well:
    About Apple Remote Desktop 3.7
    http://support.apple.com/kb/HT5896
    Thanks for using the Apple Support Communities. Have a good one!
    -Braden

Maybe you are looking for

  • How do I to unlock my iPhone as I forgot my password?

    I forgot my password to unlock my iPhone.  How can I reset it?  Thanks.

  • V$sqlarea and ROWS_PROCESSED

    Hii all when I looking v$sqlare for a statement that is I suspect to create so much redo, the Statement is updating a table row (there is not index on table)but ROWS PROCESSED' value is almost 138 million but table has only 15.000 row  also execution

  • "CRVS2010 Beta - BusinessObjects.Licensing.KeycodeDecoder.dll, cannot be lo

    Creating an instance of "Report Document" writes an error in Event viewer. I debugged and found following line of code: CrystalDecisions.CrystalReports.Engine.ReportDocument reportDocument = new CrystalDecisions.CrystalReports.Engine.ReportDocument()

  • PS CS2, Maus und Tastaturprobleme

    Hallo, habe folgendes Problem: Bei meinem Photoshop CS2 (upgrade)unter Win XP prof. werden bestimmte Arbeitsschritte (z.B "bearbeiten - rückgängig")sofort im Protokoll eingetragen bzw. gelöscht, aber die Anzeige wird erst aktualisiert, wenn ich erneu

  • Reader X browser toolbar problems

    We're having some problems with Reader X in a Windows 7 32-bit environment. SOME computers, when they open a pdf in a browser windows, won't allow the print icon to work or jump to any side boomarks. It will work by right clicking on one of the side