WLC2100 not issuing DHCP to clients

I've got a 2106 that I'm installing for a customer and having issues with it assigning DHCP to WiFI clients. What's odd is that this was working at one point at home during testing. Only difference at this point is LAN hardware at the customer location.
Simple config- single flat vlan on Cat2960G switch, ASA5505 serving up DHCP for the network. Wired clients are receiving DHCP fine.
Mgmt IP
192.168.0.10/24
Mgmt Gateway
192.168.0.1
Mgmt VLAN
0
Mgmt Int port
1
Mgmt DHCP server
192.168.0.1
AP Mgr Int IP
192.168.0.11
Virtual GW IP
1.1.1.1
RF group name
rfgrp1
SSID
xxxx
Client Static IP?
no
Country Code
802.11a/b/g status
enabled
Radio resource mgmt status
enabled
I've run dhcpd debug on both the controller and the ASA and I see the DHCPD requests on the controller, but I never see them hitting the ASA.
I don't have the specific version of code it's running, but I know it's 6.0. One of my local Cisco account engineers found some Cisco CSC bugs referencing this issue. One TAC cas even referenced stripping all security off the WiFi, connecting the client and then reimplementing the security again.
Anyone have any suggestions? I'm hoping to head back over there again this afternoon to do some more troubleshooting and hopefully solve this for them.
Thanks!
Mike

In this case, the controller is not currently configured as DHCP server, although I may be trying that this afternoon.
I've currently got DHCP proxy enabled and am pointing it to the ASA5505 (192.168.0.1)- I thought I mentioned that in my previous post.
Please keep in mind this was working fine at one point in my lab while I was testing it, then I shut it down for a couple weeks while I waited to install it at the customer site. I've even tried resetting back to factory defaults and reconfiguring it to see if I'd accidentally misconfigured something.
I don't have the exact version, but I do know that I'm running a 6.x code rev. I'm probably going to just upgrade to 7.0 this afternoon and see if that makes a difference. If not, I'll try enabling the internal DHCP server, but I don't want to do that if I don't need to. Just one more thing to worry about managing for the customer.
Thanks,
Mike

Similar Messages

AP 1231G Not Passing DHCP to clients

Hello My company AP 1231G is not passing the DHCP address to the client from the DHCP server can you please advise on my config listed below
basicly the AP is on its own VLAN 10.1.123.1 and the DHCP server is 10.1.10.2 -- trying to use iphelper to pass DHCP to clients and the AP is on static IP 10.1.123.2--
! Last configuration change at 13:15:56 +0800 Fri May 25 2012 by root
! NVRAM config last updated at 13:15:56 +0800 Fri May 25 2012 by root
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXXXXXXXXX
clock timezone +0800 8
ip subnet-zero
no ip domain lookup
ip domain name XXXXXXXXXXXXX
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
dot11 ssid XXXXXXXXXX
   authentication open
   authentication key-management wpa
   guest-mode
   infrastructure-ssid optional
   wpa-psk ascii XXXXXXXXXXXXXXXXXXXXXXX
dot11 arp-cache optional
username root privilege 15 password XXXXXXXXXXXXXXXXXXXXX
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid XXXXXXXXXXX
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
channel 2432
station-role root access-point
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.123.2 255.255.255.0
ip helper-address 10.1.10.2
ip default-gateway 10.1.123.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
snmp-server view dot11view ieee802dot11 included
snmp-server view ieee802dot11 ieee802dot11 included
snmp-server community public RO
snmp-server community private view undefined RW
bridge 1 route ip
line con 0
terminal-type teletype
line vty 0 4
terminal-type teletype
sntp server 114.80.81.13
sntp broadcast client
end

Roan:
Where is your DHCP server configured (swtich, firewall, 3rd party server..etc)?
Does it work correctly if the AP IP on same subnet and ip-helper is not being utilized?

DHCP not issuing DNS to client.

My xServer is using OSX Server 10.4.10 and is our networks DHCP server. When I set a client machine to automaticaly get its settings it correctly gets its IP address, Subnet Mask and Gateway. However it will not connect to the internet until I add the DNS settings manually.
I cannot find any reason why this should be. This must be some stupid setting I am missing, any help would be very kind.

It is a new server and I have been trying to configure it. It does not work properly and I have turned to these forums in the hope that somene here would be able to tell m what I have done wrong. Kostas I don't really understand why you are asking me this.
Wjat I have should be a ver simple thing to configure I a have a network which is going to use the xServe as its Gateway, DCHP Server and mail server. I have allocated the mailserver the internal I address of 192.168.101.40 and my ISP has given me an ip of 62.49.189.82 for the WAN side. At the moment it seems to work, except for three things, which may be related(DNS, FTP & Host names), my plan was to fix the first and see if the others goes away.
The first problem is that client machines are not recieving the DNS settings and so they cannot connect to the internet unless I manually provide them with the ip address of the xServer.
I have submitted a couple of screenshots via pdf documents to show you my settings, and I will be very greatful if you can see what I have done wrong. Have I provided enough information for someone to be able to help me. Most of the settings I have made I copied from my old machine (A Cobalt Qube) which the xServe replaces. Until the Qube failed it worked without any problems for 5 years. I don't understand why it is that this server seems so much more difficult to configure than the Qube.
Apple has a good reputation for providing easy to configure machines, this software seems to have bypassed the QC check on software design.

Access Points Not Passing DHCP to Clients

I have a 50+ access point deployment, all in a single VLAN (DMZ), across a dozen buildings. We recently experienced wierdness of the following sort. Clients would request DHCP request, DHCP servers would forward requests, which would not get passed from the AP to the clients. We could verify that DHCP and all other parts of network were fine. I had to cold boot each AP to clear the condition. I could find nothing in this mix of 350s and 1200s or the spectrum that would indicate an obvious attack... Couldn't find where to start looking for any tables that were full, or any real place to look for some other reason for this. Yet after cold boot- all is well.
Any thoughts, in case it happens again?

Hi Guys,
I am having a similar problem to you, however i can get authentciated via LEAP, but dont seem to get an IP adderss from the radius server.
My setup is very simple as i am at the design stage. We have a Cisco AP 1200 (2.4 and 5.0 GHZ) and we are using FUNK steel belted RADIUS server. LEAP authentication works fine and i can see the association on the AP. The wirless client (HP W400 integrated Wireless cards) shows that it has been authenticated successfully too. However no IP is being received. We have a IP Pool configured on the SBR server and the SBR server shows that it has issued an IP address.
Next step was to place a sniffer and capture the packets. The capture shows the radius requests and challenges and in the very last ACCEPT packet we can see that the SBR has issued an IP address.
I am confused as i cant see anything on AP that would block the IP address. There are also a few attributes showing as "unknown" in the sniffer trace, so im not too sure wgats going on.
Can anyone help. The IOS is 12.2 (13) JA

RV220W not showing DHCP Leased Clients (LAN)

I have notice that when I click on Networking -->LAN -->DCHP Leased Clients (LAN) I get 0 results found, but If I click on Status-->Avaiable LAN Host I see all my clients, most (all but 1) are listed as "unknown" under the Name.
How do I get them to show up under the DCHP Leased Clients (LAN)?

Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center.
First, Thank you for purchasing a Cisco product. I am sorry to here that you are still having the issue. I am going to follow-up with the agent that was working your case and work on determining what is causing your issue.
If you need anything, please let me know. You can reach me at emoyers at cisco . com
Eric Moyers
Cisco Network Support Engineer
1-866-606-1866

WRT54GL Not issuing DHCP to Laptops

Hello
I have a WRT54GL V1.1 with Firmware v 4.30.2
I have it serving 2 TIVO boxes wirelessly with it serving up a DHCP IP address
It is not broadcasting the SSID
I have 2 XP Dell Laptops that will connect to the service but do not get a IP address.
Any thoughts?
Thanks
Mark

Open an Internet Explorer browser page.In the address bar type - 192.168.1.1
Leave the username blank & in password use admin in lower case...
Click on "Wireless" tab and make sure SSID broadcast is set to Enable...If it is disable Enable it, if it is Enable changed the network name/ssid and give it a new name...leave the security to wep and see if you can locate your new SSID on your tivo...
WPA does not work because your old adapters does not support WPA...

Clients not receiving DHCP IP address from HREAP centrally Switched Guest SSID

Hi All,
I am facing a problem in a newly deployed branch site where the Clients are not receiving DHCP IP address from a centrally switched Guest SSID. I see the client status is associated but the policy manager state is in DHCP_REQD.
The dhcp pool is configured on the controller itself. The local guest clients are able to get DHCP and all works fine, the issue is only with the clients in the remote site. The Hreap APs are in connected mode. Could you please suggest what could be the problem. Below is the out of the debug client.
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Adding mobile on LWAPP AP 3c:ce:73:6d:37:00(1)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Reassociation received from mobile on AP 3c:ce:73:6d:37:00
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'Guest-ACL' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific IPv6 override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying IPv6 Interface Policy for station 10:40:f3:91:7e:24 - vlan 81, interface id 13, interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 Applying site-specific override for station 10:40:f3:91:7e:24 - vapId 17, site 'APG-MONZA', interface 'vlan_81'
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 3c:ce:73:6d:37:00 vapId 17 apVapId 1
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*apfMsConnTask_3: May 24 13:26:49.372: 10:40:f3:91:7e:24 apfMsAssoStateInc
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Idle to Associated
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 49) in 28800 seconds
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sending Assoc Response to station on BSSID 3c:ce:73:6d:37:00 (status 0) ApVapId 1 Slot 1
*apfMsConnTask_3: May 24 13:26:49.373: 10:40:f3:91:7e:24 apfProcessAssocReq (apf_80211.c:4672) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Associated
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4183, Adding TMP rule
*apfReceiveTask: May 24 11:35:53.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 3c:ce:73:6d:37:00, slot 1, interface = 13, QOS = 3
ACL Id = 255, Jumbo F
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 IPv6 Vlan = 81, IPv6 intf id = 13
*apfReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 Sent an XID frame
*apfMsConnTask_3: May 24 13:26:49.401: 10:40:f3:91:7e:24 Updating AID for REAP AP Client 3c:ce:73:6d:37:00 - AID ===> 1
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 12) in 10 seconds
*osapiBsnTimer: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:4897) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Associated to Disassociated
*apfReceiveTask: May 24 13:28:59.315: 10:40:f3:91:7e:24 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: May 24 13:29:09.315: 10:40:f3:91:7e:24 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Sent Deauthenticate to mobile on BSSID 3c:ce:73:6d:37:00 slot 1(caller apf_ms.c:4981)
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsAssoStateDec
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 apfMsExpireMobileStation (apf_ms.c:5018) Changing state for mobile 10:40:f3:91:7e:24 on AP 3c:ce:73:6d:37:00 from Disassociated to Idle
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:ce:73:6d:37:00]
*apfReceiveTask: May 24 13:29:09.316: 10:40:f3:91:7e:24 Deleting mobile on AP 3c:ce:73:6d:37:00(1)
*pemReceiveTask: May 24 13:29:09.317: 10:40:f3:91:7e:24 0.0.0.0 Removed NPU entry.

#does the client at the remote site roams between AP that connects to different WLC?
#type 9 is not good.
*pemReceiveTask: May 24 13:26:49.373: 10:40:f3:91:7e:24 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
#Does your dhcp server getting hits.
#Also, get debug dhcp message & packet.
#Dhcp server is not responding.
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: May 24 13:28:49.315: 10:40:f3:91:7e:24 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

Clients not getting DHCP in VRF

Good morning -
We have devices in the global routing table (not in a VRF) getting DHCP addresses without issue. The SVI is configured as such:
interface Vlan2301
description BLUE
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description RED
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
Clients in BLUE are getting DHCP but clients in RED are not. If I statically assign an address I have connectivity and can reach the DHCP server (which is also DNS server; with a static IP in VLAN 2512 I can do name resolutions for example).
I am at a bit of a loss. Is there anything special I need to do for VRF IP HELPER-ADDRESS configuration? A capture on my firewall interface shows the DHCP server is trying to reply - it is like the helper-address is not forwarding the dhcp reply (or is not getting it)
11:11:52.915180 IP (tos 0x0, ttl 254, id 17478, offset 0, flags [none], proto UDP (17), length 337)
    10.217.5.1.67 > 10.4.16.222.67: BOOTP/DHCP, Request from xx, length 309, hops 1, xid 0xb53a220c, Flags [none]
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
11:11:52.918761 IP (tos 0x0, ttl 124, id 28096, offset 0, flags [none], proto UDP (17), length 344)
    10.4.16.222.67 > 10.217.5.1.67: BOOTP/DHCP, Reply, length 316, xid 0xb53a220c, Flags [none]
          Your-IP 10.217.5.12
          Server-IP 10.4.16.222
          Gateway-IP 10.217.5.1
          Client-Ethernet-Address xx [|bootp]
Any ideas?

Good morning -
I have a pair of 6513 in a VS40 (VSS quad sup) connected via L3 MEC to a VSS pair of 4500X. Active to Active and Standby to Standby connected in a L3 MEC port-channel that is also a vnet trunk:
(Core)
interface Port-channel5
description Distribution Uplink
no switchport
vnet trunk
ip dhcp snooping limit rate 100
ip address 172.20.68.1 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
spanning-tree guard root
(4500 Distribution)
interface Port-channel1
description Core Uplink
vnet trunk
ip arp inspection trust
ip address 172.20.68.2 255.255.255.252
ip ospf message-digest-key 1 md5 XXX
The interfaces are all using LACP mode Active inside the channels
On the 4500 we have a global routing table and a vrf. Both have helper addresses pointing to the DHCP server which is extranet service behind the 6513 Core.
interface Vlan2301
description Global Routing Table
ip address 172.19.68.1 255.255.255.0
ip helper-address 10.4.16.222
interface Vlan2512
description VRF
vrf forwarding RED
ip address 10.217.5.1 255.255.255.0
ip helper-address 10.4.16.222
DHCP for the Global Routing Table subnet works. DHCP for the VRF does not.
What is interesting is if we shut down the link that is connected to the standby 4500 (Te2/1/1) DHCP starts to work for the VRF.
Using <debug ip dhcp server packet detail> at the 4500 here is what I am seeing.
When both links are up and DHCP is failing for the VRF:
Mar 10 20:02:02.419: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:02:10.473: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:02:10.473: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:02:10.474: DHCPD: client's VPN is RED.
Mar 10 20:02:10.474: DHCPD: using received relay info.
When I shut the Te2/1/1 link down in the L3 MEC at the 4500 DHCP starts to work for the VRF RED:
Mar 10 20:04:41.354: DHCPD: BOOTREQUEST from 0100.1a6b.3a56.13 forwarded to 10.4.16.222.
Mar 10 20:04:41.369: DHCPD: Reload workspace interface Port-channel1.2002 tableid 3.
Mar 10 20:04:41.369: DHCPD: tableid for 172.20.68.2 on Port-channel1.2002 is 3
Mar 10 20:04:41.369: DHCPD: client's VPN is .
Mar 10 20:04:41.369: DHCPD: forwarding BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:41.369: DHCPD: broadcasting BOOTREPLY to client 001a.6b3a.5613.
Mar 10 20:04:41.369: DHCPD: no option 125
Mar 10 20:04:44.808: DHCPD: Reload workspace interface Vlan2512 tableid 3.
Mar 10 20:04:44.808: DHCPD: tableid for 10.217.5.1 on Vlan2512 is 3
Mar 10 20:04:44.808: DHCPD: client's VPN is RED.
It is like there is a bug that is treating the L3 MEC as a L2 MEC when both links are present; or the VNET trunk is not being processed correctly.
Has anyone else used a L3 MEC with a VRF and a DHCP helper with success? Is this a bug?
03.05.01.E is the code we are running on the 4500X-32(SPF+)
This is also with TAC but I thought I would share with the community in case anyone else has a similar environment or if Cisco experts want to comment.

Router not issusing DHCP addresses to AP clients

So I have configured a DHCP pool on my router to issue DHCP leases to wireless clients in my network - the clients can see the SSID broadcasting and can connect successfully. The only problem is that they don't receive an IP address.
IPCONFIG shows the 169.254 etc address...the network status shows "Limited or no connectivity" when hovering over the icon.
We used to have the clients receive their leases from a server which worked with the IP helper command...is there something simple I'm missing here?
Thanks in advance.

Please see below...
Last configuration change at 16:18:21 UTC Thu Jul 10 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname XXX
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
ip cef
ip dhcp excluded-address 10.26.129.1
ip dhcp excluded-address 10.26.129.253
ip dhcp excluded-address 10.26.129.254
ip dhcp excluded-address 10.26.129.2
ip dhcp pool guest
network 10.26.129.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 10.26.129.1
interface Tunnel5
ip address 172.17.5.4 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 12.1xx.xx.xx
tunnel destination 199.4x.xxx.xx
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Data Networks
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.1
description Main Data VLAN
encapsulation dot1Q 1 native
ip address 10.27.129.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0.3
description DMZ VLAN
encapsulation dot1Q 3
ip address 10.28.129.2 255.255.255.0
interface GigabitEthernet0/0.20
description Guest VLAN
encapsulation dot1Q 20
ip address 10.26.129.1 255.255.255.0
ip access-group 121 in
interface Serial0/0/0
description XXX
ip address 12.1xx.xx.xx 255.255.255.252
ip nat outside
ip virtual-reassembly in
encapsulation ppp
service-module t1 cablelength short 440ft
service-module t1 timeslots 1-24
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 12.1xx.xx.xx
ip route 10.10.0.0 255.255.255.0 172.17.5.5
ip route 10.10.200.0 255.255.255.0 172.17.5.5
ip route 10.27.130.0 255.255.255.0 172.17.5.5
ip route 10.27.131.0 255.255.255.0 172.17.5.5
ip route 10.28.129.0 255.255.255.0 10.27.129.1
ip route 129.155.20.0 255.255.252.0 10.27.129.1
ip route 129.155.84.0 255.255.252.0 10.27.129.1
ip route 129.155.168.0 255.255.248.0 10.27.129.1
ip route 172.17.0.0 255.255.255.0 172.17.5.5
ip route 172.17.2.0 255.255.255.0 172.17.5.5
ip route 172.17.3.0 255.255.255.0 172.17.5.5
ip route 192.168.2.0 255.255.255.0 172.17.5.5
access-list 2 permit 12.2xx.xx.xx
access-list 2 permit 10.27.129.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 permit 10.27.131.0 0.0.0.255
access-list 2 permit 10.27.130.0 0.0.0.255
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 2 permit 10.10.200.0 0.0.0.255
access-list 2 permit 12.2xx.xxx.xxx 0.0.0.7
access-list 2 permit 172.17.5.0 0.0.0.255
access-list 2 permit 199.4x.xxx.xxx 0.0.0.15
access-list 2 permit 10.26.129.0 0.0.0.255
access-list 121 permit tcp any host 10.27.129.31 eq 67
access-list 121 permit udp any host 10.27.129.31 eq bootps
access-list 121 permit ip any any
access-list 121 permit ip 10.26.129.0 0.0.0.255 host 10.14.0.6
access-list 121 deny   ip 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 121 deny   ip 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 121 deny   ip 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 121 deny   icmp 10.26.129.0 0.0.0.255 192.168.0.0 0.0.255.255
control-plane
line con 0
login local

DHCP not issuing IP's, SIU Problems

Upgraded to 10.5 server from 10.4.11 Server and I am having a few problems.
Number 1
I am trying to get NetBoot Running again but none of my systems are recognizing the server. I have checked the logs and everything is looking great except that I see DHCP requests coming through (MAC address' are in the log) but the server is not distributing the IP to the machines. The log file reports the subnet is not right.
Number 2
I am trying to create factory restores for new macs. When using SIU I am having trouble getting the program to recognize that there are usually two DVD's that come with macs for restores. I tried having the unit select packages but that does not come up with anything. When I run the image workflow it does not even ask for the second disk which has a lot of bundled software. Any help would be appreciated!

I was having various DHCP problems, it was telling me the start IP wasn't within the range, although it clearly was - try making a new subnet with the same details then restart the service.
Also check directory utility on the client machines, if they are running leopard too, I noticed a but where if it was set to automatically discover the server via DHCP the search policy for authentication had to be set to a custom path not automatic, else the clients were getting self signed IP's instead of DHCP assigned.

Why available Lan Host not showing up in the DHCP Leased Client table for RV180

I just purchased the RV180 and am puzzled as to why lan host with ip address of 192.168.1.102 not showing up in the DHCP leased clients list.
I have 4 static ip addresses with the last 3 digits ending in 101, 102,103 and 200 listed in the static DHCP and available local network list, but 102 is not in the DHCP leased clients list. The other 3: 101,103 and 200 are.
Should it not be there also?

Thanks Marty,
There is nothing different about 102 than the other hosts.
I did talk to tech support at Cisco this morning and I was told that I should not use the static DHCP under Networking LAN. Instead, I should set the static IP at the device level.
So under Static DHCP, the list is blank, but the IP address will show up under Available LAN Hosts and listed as Static as Type.
I thought this is a bit strange since it is Static DHCP and should be under Static DHCP (?)
George

AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
Ingo

Hi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo

WLC 5760 with internal DHCP server, clients no get IP address

Hi all,
I have 2 Cisco 5760 WLC (active-standby) IOS-Xe 03.03.03SE with one WLAN.
sh wlan summary
Number of WLANs: 1
WLAN Profile Name SSID VLAN Status
1 Invitados_ADSL Guest 905 UP
sh vlan
VLAN Name Status Ports
1 default active Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
Te2/0/4, Te2/0/5, Te2/0/6
100 VLAN0100 active Te1/0/1, Te2/0/1
101 Planta_1 active
905 Internet active Te1/0/2, Te2/0/2
The DHCP server is internal.
Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
The workaround done by me to solve the issue is “clear ip dhcp binding *”.
Some days later the problem appears again.
I see this bug with a similar problem:
NGWC blocks DHCP traffic if wireless broadcast disabled
CSCun88928
Description
Symptom:
Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
Conditions:
Seen on 3.3.2 IOS-XE
Workaround:
Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
OR
Enable "wireless broadcast" globally
My DHCP configuration is:
ip dhcp relay information trust-all
ip dhcp snooping vlan 905
ip dhcp snooping
ip dhcp excluded-address 172.16.0.1 172.16.0.19
ip dhcp excluded-address 172.16.1.250 172.16.1.254
ip dhcp pool Invitados
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 212.66.160.2 212.49.128.65
lease 0 8
I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
DHCP Snooping and Trust Configuration on CT5760
ip dhcp snooping vlan 100, 200
ip dhcp snooping wireless bootp-broadcast enable
ip dhcp snooping
interface TenGigabitEthernet1/0/1
description Connection to Core Switch
switchport trunk allowed vlan 100, 200
switchport mode trunk
ip dhcp relay information trusted ip dhcp snooping trust
interface Vlan100
description Client Vlan
ip dhcp relay information trusted
My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
Thanks in advance.
Regards.
D

Yes, test it with the command you mentioned
ip dhcp snooping wireless bootp-broadcast enable
HTH
Rasika
**** Pls rate all useful responses *****

DHCP Connected Clients

Hello!
I would like to ask if there is any possibility to detemine all active computers connected to network. I have Windows Server 2008 r2 with DHCP and wold like to know who is connected at given time. All clients have reserved IP addresses, so in DHCP manager
i always see them, even if they are not connected.
So, can DHCP display only active computers (currently connected)?
Thank you!

"Even if machine is not currently connected reservation is still active..."
This sounds wrong, to me. This does not occur in my environment. Are you using DHCP reservation, or, static?
you need to understand that DHCP is not a Microsoft product (Microsoft did not invent DHCP), so Microsoft can't really make DHCP do anything very special (or else Microsoft are creating some other product which is not DHCP then...)
DHCP is designed for DHCPclients to initiate the conversation with the DHCPserver. If the DHCPclient never initiates the conversation with the DHCPserver (e.g. because the DHCPclient machine is turned off or removed from the network), the DHCPserver has
no way of knowing what is happening.
Which is also why DHCPserver, prior to issuing a lease to a DHCPclient, will issue a ping, to ensure that proposed IP address is not already in use by some rogue machine (stolen address = bad_address).
DHCP reservation, will be marked as active / inactive, depending on what and when DHCPserver perform regular checks, from memory, this is not real-time checking, it is, I think, maybe daily checking.
DHCPserver needs to be able to issue ping and receive response for all that to work correctly.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Remote Desktop - The Remote Desktop administrator software does not match the installed client software version.

Hi,
I just upgraded to Mavricks and get this when I try to launch Remote Desktop:
The Remote Desktop administrator software does not match the installed client software version.
I tried removing the application and reinstalling it to no avail. Any suggestions?
Thanks.
-David J. Eisen

Hi coold88!
I have an article for you that addresses your issue:
Remote Desktop 3: How to install Remote Desktop Administrator software after the client software has been updated
http://support.apple.com/kb/HT3596
You will want to make sure you have the latest version of the software as well:
About Apple Remote Desktop 3.7
http://support.apple.com/kb/HT5896
Thanks for using the Apple Support Communities. Have a good one!
-Braden

WLC2100 not issuing DHCP to clients

Similar Messages

Maybe you are looking for