Cisco Wireless :: 5508 Controller And Changing Windows Dhcp Server
Dec 5, 2012
We have a 5508 controller authenticates with WPA2-enterprise to 3 possible AAA servers. Today I tried migrating our DHCP server from a Windows 2003 machine to Windows 2008 R2. Migration went smoothly and all wired clients could get IP's. Reservations intact, scopes intact, etc.. you name it. I though it was a great success.
Fast forward about an hour when people started coming into work for the day. Calls started coming in about their laptops not able to connect to the network. I double checked with a spare laptop in our IT department and also my iPhone. Same issue. Seems the only thing I changed today was the DHCP server (from 10.1.1.1 to 10.1.1.2).
After racking my head on it for awhile, I re-enabled the "old" dhcp server (10.1.1.1) and disabled it on the new (10.1.1.2). Instantly wireless clients were able to connect.
Am I missing some configuration step in the 5508 controller when moving DHCP servers? I do plan on running 2 DHCP servers (10.1.1.2 and 10.1.1.10) for redundancy once I get the primary one moved over and working correctly.
I want to decommision the older 2003 server. Its time to raise the domain functional level.
I have a 5508 WLC controller at the HQ with the employee ssid ,the dhcp scope on the ssid is 10.120.0.0/16 network.
However,I want this same ssid to be brodcasted to a remote site using HREAP access point but with different dhcp scope 10.102.0.0/16.
I have tried creating another interface for the remote site with a different dhcp scope(10.102.0.0) but the controller wont allow me create another wlan with same ssid that existed before to apply the new interface created for.
All controllers are in version 7.2.111.3.C1 is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
I have two 5508 controllers configured with an internal dhcp scope. The scopes on each controller are a /22. I need to expand the scope to provide more addresses. Is there an easy way to add a second dhcp scope without making changes to the existing scope? If so how will the clients devices be able to access that ip address range?
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) - Mobility Group: Same configs at both ends SSID Anchor : Anchor SSID on local and local SSID on Anchor. AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
We just got a new 5508 wireless controller and the question we have is : can we get wireless users to authenticate to an Active Directory server to get access to the network? I know we can get the authentication done with an RSA server, but what about plain AD?
My Network is running Windows Server 2003 and with more than 150 Users. But last week, I notice that a program is changing my DHCP server IP Address scope.
I am trying to setup a guest vlan. I set up an interface for the guest vlan on my 4402 controller. I assigned the guest vlan interface an IP of 192.168.2.10 with a 24 bit subnet mask.
This vlan will go to my DMZ where there is no DHCP server so I need to setup the internal DHCP server. I created a new scope but I'm having trouble with what to put in the Network field for the DHCP scope. The pool addresses are 192.168.2.100-200. with a 24 bit subnet mask.
Every time I try to apply the configuration I get an "error in setting DHCP scope network and netmask".
I've tried using:
192.168.2.10 192.168.2.255 192.168.2.254
as entries for the Network setting but no go. The docs say to enter the IP address used by the management interface with subnet mask applied.
I was assuming they meant the interface for the guest vlan.
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
Recently I came across a wireless design whcih I ws not able to understand.The design is:
1. Two wireless LAN Controllers 5508, each with 25 AP license. AP load (5APs per Contorller) shared between the WLCs and congured with Backup Controller option.
2. The design has a Data Center Switch 3560x series, on which the two WLCs, Cisco Prime Infrastructure and Cisco MSE were connected. I've attached the design here.
3. The Data Center Switch is configured with DHCP pool for the wireless clients. The IP Address of the Data Center Switch is : 10.xx.xx.2 and Default Gateway is: 10.xx.xx.1
4. On the WLC, the Management Interface is configured with the IP Address: 10.xx.xx.21 for Controller 1 adnd 10.xx.xx.22 for Controller 2. But, their DHCP Server is configured with IP Address: 10.xx.xx.1 but not with 10.xx.xx.2 .
This means, all the DHCP requests are pointing towards the Gateway of the Data Center Switch.Is this the correct configuration?I have seen the Wireless Clients getting the IPs allocated from the DHCP Pool, even though the Management Interface's DHCP server configured with Gateway IP address 10.xx.xx.1 .
The DHCP configuration for the Data Center Switch is:
ip dhcp pool xxxxxx network 10.164.220.0 255.255.254.0 default-router 10.164.220.1
The Management Interface configuration on the WLC is:
Interface Configuration Interface Name................................... management MAC Address...................................... 2c:54:2d:72:b5:40 IP Address....................................... 10.164.220.21 IP Netmask....................................... 255.255.254.0 IP Gateway....................................... 10.164.220.1 External NAT IP State............................ Disabled
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching. - I have an LWAP connected to the WLC in HREAP mode. - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server. - Only one scope for Guest Interface is setup on the WLC.
Problems: 1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine. 2. DHCP does not release the ip addresses assigned to clients even after they are logged out. 3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the V LAN configured on the management interface.
************Output from the Controller******************** (Cisco Controller) >show sysinfo Manufacturer's Name............. Cisco Systems Inc.Product Name................ Cisco Controller Product Version................. 7.0.116.0Bootloader Version................ 1.0.1Field Recovery Image Version..................... 6.0.182.0Firmware Version..... FPGA 1.3, Env 1.6, USB console 1.27Build Type.......... DATA + WPS + LDPE [code]...
A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged: Internal DHCP Server.
The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
In this case, the APs will not be in the same subnet as the Managment Internet.Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)?
My 5508 WLC which runs version 7.4 is configured as a DHCP server for the AP management and here's my problem: My AP can get to the address, and can ping the address of the WLC management,But my AP prompts the following log: [code]
In the switch dhcp we can use to do the WLC option43 specified address, but in this case how the address specified WLC, the AP can be registered up?
i have 5508 WLC and 1242 LAP . i 5508 connects to core switch and LAP connects to access switch, and there is L3 link from core swtich to access switch , so i have to use HREAP to let my WLC to control my APs.in my access switch i set ip helper-address to my WLC in the client vlam, then all the wireless clients cannot get ip address from the WLC.but if i set ip helper-address to another DHCP server , the wireless clients can get ip address .so i dont know why WLC cannot be the DHCP server of the wireless client?
I have 2 units Cisco WLC 5508 running software version 7.0.220 with 70 over units Cisco AP 1262N and 1242AG. Some of wireless clients having problem to get the correct IP address from the DHCP server. There are 2 units of Microsoft DHCP. Both DHCP server ip have been configured on the Interface at the WLC. The core switch also being configured with ip helper. I've attached the debug output of one of the wireless client during the problem.
I am using a WLC 5508 and its internal DHCP server. I cant find anywhere I can setup option 43. However, the access points are connected in just fine. Do I need to worry about setting up a seperate DHCP server to get option 43 setup properly?
I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
Our company has 8 4404-100 Cisco wireless controllers and each WLC has 8 W LANs configured. They are all working fine. However, the WLAN ID sequence is not consistent. I'm wondering if it's possible to change the WLAN ID on these WLCs without (or slightly) impacting the users. I don't want to re-configure all the WLAN profiles.
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
My Windows xp computer can't connect to the DHCP server correctly and thus can't connect to the internet. It is connected through an Ethernet cable to a wireless router. All other computers on the same network connect fine to the router, both wired and wireless.This all started after I left my computer alone for a few hours and came back with it not coming out of idle. After shutting it off and turning it back on, it would not connect to the DHCP server.It assigned me the autoconfig address 169.254.189.73 because it couldn't connect to the DHCP server. I even tried a static IP but even that wouldn't fix it. I have tried the same ethernet cable in another computer and it worked fine so I know that it is because of my computer.I have tried renewing and releasing the connection using ipconfig in the command prompt but that did nothing. The settings are all the same as the other computers running through the same router. I have tried shutting down all the other computers and reconnecting the trouble one but again still nothing.The last thing I'm not sure about is the network adapter driver. I have reinstalled it but I'm not sure if the driver is correct. I have an NVIDEA nforce 10/100 Mbps Ethernet adapter. I attempted to reinstall but I'm not sure I selected the correct generation when I downloaded the driver installer. My computer says nothing about the generation of the adapter so I just chose the newest generation. My adapter is integrated in the motherboard.
I have a machine with Windows Server 2003 running an Exchange Server in a office with 5 workstations attached. The server is being used for a basic outlook calendar across the various workstations, nothing major. Our current ISP provides us with a Static IP address. The party that installed and configured the server set it up to run the DHCP server on the server PC itself. As in, the machine running windows server is also running a software DHCP server for the entire network. THE SETUP: As of right now we have a wall port (internet access) with a cable running to a 8 port unmanaged netgear switch that has cables hooked up to the 5 workstations as well as the server itself. Pretty simple.THE QUESTION: How do I configure the ISP static settings on the DHCP Server portion of the Server PC? We may be getting a new ISP with a dynamic address OR a new static address. WHAT I'VE TRIED: I've tried configuring the IP address on the Server PC the way I would via the NIC adapter settings but it already has a internal IP address from the DHCP Server running on that PC so changing that was no good.
I'm totally new to using Windows Server 2003 (or any windows server edition) but I do have a basic understand of networking. I have a machine with Windows Server 2003 running an Exchange Server in a office with 5 workstations attached. The server is being used for a basic outlook calendar across the various workstations, nothing major. Our current ISP provides us with a Static IP address. The party that installed and configured the server set it up to run the DHCP server on the server PC itself. As in, the machine running windows server is also running a software DHCP server for the entire network. As of right now we have a wall port (internet access) with a cable running to a 8 port unmanaged netgear switch that has cables hooked up to the 5 workstations as well as the server itself. How do I configure the ISP static settings on the DHCP Server portion of the Server PC? We may be getting a new ISP with a dynamic address OR a new static address.
I've tried configuring the IP address on the Server PC the way I would via the NIC adapter settings but it already has a internal IP address from the DHCP Server running on that PC so changing that was no good. I guess what I'm basically looking for is a screen like this (I hope you're familiar with the configuration pages of Linksys Routers) url...
I'm having a problem with a WLC 5508 and a LDAP on windows server 2008, I already config everything on the WLC, but when a user try to authenticate I have this debug result:
I have trouble with a Cisco 892 Router from my Internet service provider.
Last week we switched from a virtual Router to a hardware Router. But after plugging it in our LAN Switch, the Windows DHCP Server stopped leasing IP's. I got many BAD_ADDRESS with MAC like e1:80:10:ac, e2:80:10:ac, e3:80:10:ac, e4:80:10:ac, e5:80:10:ac, ea:80:10:ac, eb:80:10:ac, ec:80:10:ac and so on.
I do not have access to the Router config, so I can not dump the config to you. We have a flat LAN, single SUB-Net(172.16.0.0/16) and no VLAN, no Spanning Tree. A Keep it Simple, Stupid(KISS) System.
A tech guy from service provider, is telling us, the error is not there fault and my switch is not correctly configured. But this is ********. For years we had a another Cisco Router from the precursor ISP and for 2 years the virtual Router from our current ISP. No trouble with my DHCP. But after plugging the new Router in, my DHCP stopped working.On the 892 is no running DHCP, but something interferences with my Windows Server 2008 R2 SP1 DHCP Server.
I've got my AnyConnect setup to get an IP from our Windows DHCP server just fine. It grabs the IP, mask, and DNS just fine. But I can't ping any of the lan devices or do any DNS lookups. I need it to work this way since we have a ton of site-to-site's with remote offices and getting them all to adjust their firewalls to allow another subnet is a nightmare.
I have split-tunneling enabled. I'm sure it's a nonat command that I'm missing, but not sure what.
Before connecting to VPN: Home user-------------------> ASA 5510 --------------> Office Lan 192.168.1.0/24 10.10.1.1/24
After they connect to AnyConnect Home user-------------------> ASA 5510 --------------> Office Lan 192.168.1.0/24 10.10.1.1/24 10.10.1.45/24
I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch. Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch. Can I put the AP's on a different VLAN (10) without having any issues? I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
Cisco 5508 Series Wireless Controller for up to 100 APs 802.11a/g/n Ctrlr-based AP w/CleanAir; Ext Ant; E Reg Domain..For Mobility i want to settup the device such that the SSID would be the same with thesame security key and in different subnet.