I recently installed 2 wlc 5508 with the latest software 7.3.101.0. I am not able to activate the Internal DHPC Server. The following message appears: "Error in setting dhcp scop leasetime".
View 5 RepliesI am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching. - I have an LWAP connected to the WLC in HREAP mode. - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server. - Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the V LAN configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name............. Cisco Systems Inc.Product Name................ Cisco Controller Product Version................. 7.0.116.0Bootloader Version................ 1.0.1Field Recovery Image Version..................... 6.0.182.0Firmware Version..... FPGA 1.3, Env 1.6, USB console 1.27Build Type.......... DATA + WPS + LDPE
[code]...
A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged: Internal DHCP Server.
The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.
In this case, the APs will not be in the same subnet as the Managment Internet.Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)?
I wanto delete the Evalution License and i want to activate the permanent license. find the attached snapshot of License.
View 7 Replies View RelatedThe two controllers are having two internal DHCP servers with the same range in LAN (enx1,enx2). but i have specified which is primary DHCP server(enx3) in WLAN interface.
Now if a new user added into network, will he get IP address from primary dhcp(WLC) or AP connected WLC.
if two users connected to 2 diff AP's which are connected to 2 WLC will get the same IP address? since having same address pool configured.
We created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
I am having an issue with internal and external clients. When we have the nat ip configured on the controller we cannot connect internal ap's at all. When we take the nat ip out it works fine. We are on code 7.0.220. I have tried the following command <config network ap-discovery nat-ip-only disable> and it did nothing.
View 1 Replies View RelatedWe have a 5508 with 7.4.100.0 vor Internal APs and OEAPs. till now every thing is ok. Now we have to connect an AP (local) in a remote office, connected to the WLC by a VPN Tunnel. The problem is that the AP in the remote office uses the NAT Address to connect to the WLC, so the traffic goes over the Internet, not trough the VPN Tunnel. On the controller I have the following setting:
AP Discovery - NAT IP Only ................. Disabled
On the AP:
AP Link Latency.................................. Disabled
How to force the AP to use the internal IP Address of the WLC?
Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones. What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server?
View 13 Replies View RelatedI wish to change ARP table or any else to get a WOL functionnality.
I found how to activate telnet server, but I don't have the right login and password.
Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC. (Or i guess its not as the router use the same ip range as ASA does inside).
I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside". So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
I tried to change the inside range of the ASA but if I change the inside IP i loose connection. (Had to restore factory-default useing the console).
I guess I could setup another range using the console, but how?
setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
I have 2 networks: inside users (vlan 1) and external users (vlan)
My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
I have 2 SSID, one for inside, other to outside. Inside is working very well.
To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
Managemente interface (vlan 1 inside): 192.168.3.119/24
Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
I alredy checked the DHCP Proxy in Advanced option.
See the output of the debug client:
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
[Code].....
I am trying to setup a guest vlan. I set up an interface for the guest vlan on my 4402 controller. I assigned the guest vlan interface an IP of 192.168.2.10 with a 24 bit subnet mask.
This vlan will go to my DMZ where there is no DHCP server so I need to setup the internal DHCP server. I created a new scope but I'm having trouble with what to put in the Network field for the DHCP scope. The pool addresses are 192.168.2.100-200. with a 24 bit subnet mask.
Every time I try to apply the configuration I get an "error in setting DHCP scope network and netmask".
I've tried using:
192.168.2.10
192.168.2.255
192.168.2.254
as entries for the Network setting but no go. The docs say to enter the IP address used by the management interface with subnet mask applied.
I was assuming they meant the interface for the guest vlan.
How to clear dhcp lease in WLC 6.0.199 from the IP leased from internal server?
View 1 Replies View RelatedI've got a new CT2504 controller with software version 7.0.220.0 Regarding to [URL]I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3 vlan401 Interface IP can not be used as internal DHCP server IP It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129
[code].....
I just bought a Linksys 320N router to replace another competitors router. I am trying to connect to my VPN server from outside my network. I have the external ip to my network. I setup the new 320N router just like the old router. set dmz ip to internal ip of vpn server, set port forwarding to 1723, both, internal ip of vpn server, I have a way to test the vpn while i am inside my network. So, I can watch the VPN server log and see the request come into the server and it times out with the Linksys 320 N hooked up. If I have the old router hooked up, the vpn establishes a connection.
View 9 Replies View RelatedI had an Linksys WRT54GS and this wireless is connected to a switch in an internal enviroment but i want connect guest users without them see my internal network and can't access to any internal server....how can i configure this?
View 1 Replies View RelatedI've just recently started to get this error, and I'm not sure why (I have no expierence with routers whatsoever). I have noticed, that whenever this happens though, that my NAT type for my xbox goes strict.
View 4 Replies View RelatedI have a problem with my router, WRT54G2. I was upgrading my firmware when my computer froze up, so I had to exit. Afterwards, I could not connect to the web based setup page anymore. I did a factory reset and installed it again with Network Magic and set up my wireless key. It is working now however, I cannot get into the web based setup page. Whenever i go to 192.168.1.1 and enter my info, it just says 500 Internal Server Error. I was always able to access this page, now I can't, so I assume it's not working because of the interrupted firmware update. I do alot of mac filtering and I limit the amount of IP addresses my router gives out so if anyone hacks my security key, they still won't be able to connect, so accessing my router setup page is important to me. I have reset (hold down reset button for 30 secs - 1 minute) the router many times and still nothing. I mean, the router still works. My brother and I can still connect with our laptops, I just can't get to the web based setup page.
View 7 Replies View RelatedHow do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies View RelatedI am setting up officeexten. I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
1. does the mobility group need to match the same on the internal wlc ?
2. Now do i need a NAT transnational on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?
3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support office extend?
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
I am biulding a wireless network with 5508 WLC and trying to use ISE as radius server and also to redirect the web-login to it.I was trying to understand that to achieve the external web-login, do i need to use the raduius-nac option under advanced on the guest wireless where i am trying this out. and if not, where do i actually use it?So far what i have understood that i do need to have preauth ACL on the Layer 3 security, but the issue is there is no hit reaching the ISE.
View 9 Replies View RelatedWe just got a new 5508 wireless controller and the question we have is : can we get wireless users to authenticate to an Active Directory server to get access to the network? I know we can get the authentication done with an RSA server, but what about plain AD?
View 9 Replies View RelatedRecently I came across a wireless design whcih I ws not able to understand.The design is:
1. Two wireless LAN Controllers 5508, each with 25 AP license. AP load (5APs per Contorller) shared between the WLCs and congured with Backup Controller option.
2. The design has a Data Center Switch 3560x series, on which the two WLCs, Cisco Prime Infrastructure and Cisco MSE were connected. I've attached the design here.
3. The Data Center Switch is configured with DHCP pool for the wireless clients. The IP Address of the Data Center Switch is : 10.xx.xx.2 and Default Gateway is: 10.xx.xx.1
4. On the WLC, the Management Interface is configured with the IP Address: 10.xx.xx.21 for Controller 1 adnd 10.xx.xx.22 for Controller 2. But, their DHCP Server is configured with IP Address: 10.xx.xx.1 but not with 10.xx.xx.2 .
This means, all the DHCP requests are pointing towards the Gateway of the Data Center Switch.Is this the correct configuration?I have seen the Wireless Clients getting the IPs allocated from the DHCP Pool, even though the Management Interface's DHCP server configured with Gateway IP address 10.xx.xx.1 .
The DHCP configuration for the Data Center Switch is:
ip dhcp pool xxxxxx
network 10.164.220.0 255.255.254.0
default-router 10.164.220.1
The Management Interface configuration on the WLC is:
Interface Configuration
Interface Name................................... management
MAC Address...................................... 2c:54:2d:72:b5:40
IP Address....................................... 10.164.220.21
IP Netmask....................................... 255.255.254.0
IP Gateway....................................... 10.164.220.1
External NAT IP State............................ Disabled
[code]....
my laptop sometimes gives a 500 internal server error when I try to go to any website. our other wireless devices such as our phones don't do this while the laptop is.
View 2 Replies View Relatedi see there is an option to "allow password change" or "force password change" for guest roles in the NGS. But when i created a guest account using this guest role, after webauthentication , there is no prompt to change password. Is this the intended behaviour or is there anything else that i need to configure. Looking at it, i am not sure how the NGS would allow a "guest user" to really overwrite the password by allowing password change. ? is that not a security risk as well for the NGS ? my setup has 5508 anchor controller and NGS communicating via RADIUS.
View 7 Replies View RelatedI have been unable to get IPSec working between my WLC 5508 and a server 2008 NPS radius server. Any luck configuring this? I have opened tickets with both Microsoft and Cisco, but so far have not been able to configure it properly.
View 2 Replies View RelatedI am trying to follow the Fips guide for the WLC5508 and it wants to encrypt the connection to the Radius, either with PSK key wrap or IPsec. I have the options for Ipsec only as the Windoes NPS does not support Key wrap from what a previous user confirmed for me here on the board.. But then found another post that states that the 5508 does not support IPsec?
View 5 Replies View RelatedMy 5508 WLC which runs version 7.4 is configured as a DHCP server for the AP management and here's my problem: My AP can get to the address, and can ping the address of the WLC management,But my AP prompts the following log: [code]
In the switch dhcp we can use to do the WLC option43 specified address, but in this case how the address specified WLC, the AP can be registered up?
I would like to know if microsoft 2008 server RADIUS server could be use for authentication on Cosco 5508 instead of Cisco ACS.
View 4 Replies View RelatedI have nated my 172.81.15.0 255.255.255.0 into my internal server 10.1.10.164 , i can ping the out side server but the internal server is not accessible from out side static (Database-Servers,interface-sms) 172.81.15.2 10.1.10.164 netmask 255.255.255.255icmp permit 172.81.15.0 255.255.255.0 interface-smsroute zemen-sms 172.81.15.0 255.255.255.0 10.131.199.201 1access-list Database-Servers-in extended permit tcp host 10.1.10.164 host 10.185.62.144 eq 9090access-list Database-Servers-in extended permit tcp host 10.1.10.164 host 10.185.62.144 eq wwwicmp permit host 10.185.62.144 interface-smsi can ping the out side server 10.185.62.144 with out a problem . from the server 10.185.62.144 i can ping untill 172.81.15.2 and it will not ping the natted server 10.1.10.164. as u seen the accesslist ping is permitted.
View 1 Replies View RelatedThe RV082 is a great unit, however when VPN clients connect the QuickVPN Client has a setting to use the Remote DNS settings of the RV082. The RV082 has no way of linking or using a user-defined DNS. I have an internal DNS Server that I would like the VPN Clients to query on internal name lookups (kindof the point of having client vpn, so they can access internal network shares etc. On the diagnostic page the ping and name resolution can only check external DNS and internal IP's. Wouldn't it make sense to at least make the RV082 aware of internal DNS Servers? Then the Ping and DNS lookup would be able to test both zones? Is this something that can be looked at by Linksys Developers for this product? The WRV210 (a cheaper and lower level model) has this functionality.
View 8 Replies View Related