Cisco SPA with problem of DHCP Options 66

Dear all,

I have a problem of my phone Cisco SPA for the autodeploiement.

If I manually enter the page configuration and paste "[- pwd - password user uid] http:///dms/def/spa$PSN.cfg" in the profile rule. Everything works perfectly.

However, we would like to do in the provision of zero touch, I add the "[- pwd - password user uid] http:///dms/def/spa$PSN.cfg"DHCP Options 66. " The SPA phone seems impossible to get the 66 Options parameter. It shows that "/ spa$ PSN.cfg" in the rule of profiles.

I'm sure that the DHCP server works perfectly.

Can anyone help on this?

Kind regards

Desmond

You cannot use the custom during initial deployment (zero touch) password. DHCP can be used to deliver key to the device in this way.

Ok. What are the options you have?

You my use of the configuration file, compiled with SPC type -target option. It encrypt the file by using the password from each device Mac so you need no password given to the device - device can calculate the password required their Mac. It provides just basic security level - insensitive user, like me, know the algorithm used for password generation so that it can calculate the password and decrypt the file.

You can use HTTPS with mutual certificate authentication to deliver XML or SPC configuration form. All phones have the unique client certificate, then you can be sure that the request has been issued by the unit. It offers a high level of security.

There are also a few other possibilities, but disclosed so that information on the goal you want to hit, so I can't list.

Just note that DHCP will meet anyone, in addition, the answer may broadcast (therefore handed to anyone, even without prior request). If you deliver critical data via DHCP, you can consider them publicly available. Security resulting is without security.

Tags: Cisco Support

Similar Questions

A SG300 Cisco SMB Switch will support DHCP Option 156?

Hi all

Is it possible to configure the 156 on a Sx300 Cisco DHCP scope option? Its for Shoretel IPT... I noticed that the option is not available through the user interface. But I tried the other day on a switch with the latest firmware via the CLI and it almost worked but I couldn't switch to accept the exact string that I needed... For example below (the Cisco classic):

the option ascii 156 'ftpservers = 172.16.250.21, country = 7, language = 4, layer2tagging = 1, vlanid = 100 '.

Guidance gratefully received...

Thanks in advance

Matt

Hi Matthew, the options supported on the DHCP server are as follows:

1,3,4,6, 12, 15, 44, 46, 50, 51, 53. 54, 55, 56, 58, 59 and 61.

-Tom
Please mark replied messages useful

LWAPP AP - DHCP Option 43

Hello

I'm working to deploy a group of 1242AG APs with a 12-4402. I'm looking to use LWAPP and run the WC in mode layer 3 with deployed on a different subnet access points.

I tried to assign an address (and 43 DHCP option for the IP address of management WC) via the server DHCP of Cisco IOS, but so far this has not been successful.

I was unable to provide option DHCP 43 to the APs. Here is the configuration that I tried to use.

Router DHCP configuration

dhcp WLAN IP pool

network 192.168.1.0 255.255.255.0

Option 43 f1:07:c0:2e:a8:2e:01:2e:c8 hex (TLV = 241 7 192.168.1.200)

.

Can someone help me maybe?

Jon thx.

Try this...

IP dhcp pool

network

default router

DNS server

the option 60 ascii 'String VCI'

Hex option 43

----------------------------------------

assuming that your TLV 192.168.1.200 management interface

ex: option 43 f104c0a801c8 hex (without colon)

Channels VCI-

Cisco Aironet 1130 series = "Cisco AP c1130"

Cisco Aironet 1240 series = "Cisco AP c1240"

Cisco Aironet 1200 Series = "Cisco AP c1200"

Microsoft DHCP - Option 43 Setup Server

I have the scope properly configured insofar as the 241 Option with Option 43 and the VCI in for both the series 1130 and 1200 AP however, how can you do this job if your subnet has 1200 and 1130's inside? Basically if I have two 241 options set, the 1130 comes by first allowing the 1130 s associated, but not the 1200. If I remove the Option 241, the associated 1200 1130. Basically, how can I get both working properly the scope?

Thank you

Raun

Hi Pierre Roussy.

Here is some additional info;

This section contains an example configuration DHCP Option 43 on a Windows 2003 Enterprise DHCP server for use with the lightweight access points. For other implementations of DHCP server, see DHCP Server documentation to configure DHCP Option 43. In 43 of the Option, you must use the IP address of the management interface of the controller.

--------------------------------------------------------------------------------

Note that DHCP Option 43 is limited to a single access point type by DHCP pool. You must configure a separate DHCP pool for each access point type.* *.

This doc.

http://www.Cisco.com/en/us/docs/wireless/access_point/1200/installation/guide/120h_g.html

The DHCP OPTION 43 to light Cisco Aironet Access Points Configuration example

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml#T1

I hope this helps!

Rob

DHCP option to set the controller IP for Access Points (Airespace)

Hello world.

Does anyone have an idea to specify the controller using DHCP options.

We use:

-Controller AIR-WLC4404-100-K9

-AP-1010-AP-5312 poinst access

-Server dhcp DHCPd ISC 3.0.1

Newspapers on DHCP server indicates that access points become the IP addresses, but the controller information are not "read" / "included".

In the productive environment, controllers will be redundant.

So far, we couldn't sucsessful with eighter of these configurations:

Block i. using VTL:

http://www.Cisco.com/en/us/products/HW/wireless/ps430/products_quick_start09186a00805100f5.html#wp49287

subnet 10.50.107.0 netmask 255.255.255.0 {}

option subnet-mask 255.255.255.0;

routers option 10.50.107.1;

option domain-name-servers 10.20.51.11, 10.20.51.12;

option vendor-class-identify Airespace 1200;

the option dhcp-client-identifier 0xf1, 8, 10.20.51.254, 10.20.51.249;

DDNS-updates

DDNS-rev-domainname "in - addr.arpa.";

DDNS-domain name "xxyy.local.";

default-lease-time 28800;

range 10.50.107.101 10.50.107.200;

}

II. using the DHCP Next-Server option:

subnet 10.50.107.0 netmask 255.255.255.0 {}

option subnet-mask 255.255.255.0;

routers option 10.50.107.1;

option domain-name-servers 10.20.51.11, 10.20.51.12;

Next-server 10.20.51.254;

III. use of Header Information Option 43 described such in DHCP Manual:

WLAN-apc code 60 option = text;

ip address wlan code option 43 = controller;

subnet 10.50.107.0 netmask 255.255.255.0 {}

option subnet-mask 255.255.255.0;

routers option 10.50.107.1;

option domain-name-servers 10.20.51.11, 10.20.51.12;

option wlan-apc "Airespace.AP1200"

option wlan controller - 10.20.51.254;

IV. using header to the DHCP server information:

class "-classes of suppliers ' {}

vendor-class-identifier option match; }

{"Airespace.AP1200" subclass "-classes of suppliers '}

Next-server 10.20.51.254;

}

Does anyone have a working (using the SAI?) configuration or advice?

Best regards

Jarle Steffensen

Yes, finally got it work.

I just followed this guide:

http://www.Cisco.com/univercd/CC/TD/doc/product/wireless/control/C44/DEP.PDF

and it worked the first time :)

Problems HotSync - Bluetooth option missing in connections

After installing Windows 7 RC, 64-bit, I had to HotSync my Tungsten E2 with Bluetooth, rather than use the cable. I bought and installed an Azio Bluetooth dongle (and included the Toshiba Bluetooth software) without a hitch. However, when I created my HotSync options I found that I couldn't choose Bluetooth because the option was not simply present on HotSync Manager/connections. VERY frustrating.

Buried deep in a another thread on this forum was the solution: go to control panel | Programs, remove the Bluetooth drivers and restart. The device is installed with the Windows drivers again. As if by magic, the Bluetooth option appeared on the HotSync Manager Connections window and everything was good.

Of course, some computers come with the included Bluetooth option. For those with x 64 Windows AND have the third-party Bluetooth drivers (other than Windows) AND are having HotSync problems because there is no way to activate the Bluetooth option, the hotfix may be similar - uninstall the drivers and use the native Windows drivers instead.

I suspect that this issue can come down more, that those who do not always have HotSynced with Bluetooth is now required to do it because they are moved to x 64 Vista or Windows 7. Palm does not have this problem on one of their pages to support - that I could find.

YES! It worked for me: "buried deep in a another thread on this forum was the solution: go to control panel | Programs, remove the Bluetooth drivers and restart. The device is installed with the Windows drivers again. As if by magic, the Bluetooth option appeared on the HotSync Manager Connections window and everything was good."

THANK YOU SO MUCH!

The EA8500 supports DHCP Option 60/61?

Hello

I was wondering the EA8500 can be used with sky fiber Pro service to the United Kingdom? Obviously I would need to extract the username of the SR101/102 and then intend to use the modem Openreach VDSL2 with the EA8500 (btw brilliant router) but after some research, I understand the router needs to support DHCP option 60 & 61 in order to connect with the sky. The EA8500 does it take?

See you soon

psycho

Linksys engineering has notified me that the EA8500 is not compatible DHCP Option 60/61.

Filed a feature request in support of these DHCP Options. Lets hope it is approved and included.

RV042 150 DHCP Option

Hi people

I have a RV042 VPN router with the latest firmware v4.2.1.02.

This router is connected to the main site through a VPN Tunnel.

Now, I want to configure a DHCP Option if I can put an IP phone

behind the RV042. The IP phone should receive an IP by DHCP

the RV042 and of course, the IP address of the Director with the

Option of 150.

I can configure DHCP and it works fine but I can't find where I

or can configure Option 150.

Does anyone know ho it works?

Thank you for your help...

Kind regards

Pascal

Unfortunately RV042 isn't compatible DHCP Option 150.

Cisco ACS with external DB - EAP - TLS

Hi guys,.

I understand how the EAP - TLS exchange works (I think), but if I have a client (with or without wire) that uses EAP - TLS with a CBS, I confirm the following.

Let both users and computer certificates are used:

1. customer and ACS are with each of the other automatic certificates to ensure they are known to each other. The eap - tls Exchange.

2A. At any given time and I'm assuming until the successful eap - tls message is sent to the client, the ACS to check if the user name or computer name is in the AD database?

2B. Wot is the parameter that is checked on the AD database?

I read here that it can be: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/peap_tls.html#wp999517

Client certificates

The client certificates are used to identify with certainty the user in EAP - TLS. They have no role in the construction of the TLS tunnel and are not used for encryption. A positive identification is made by one of three ways:

CN (or name) comparison-compare CN in the certificate with the user name in the database. More information on this type of comparison is included in the description of the subject field of the certificate.

Comparison of SAN-compare the San in the certificate with the user name in the database. It is only supported from the ACS 3.2. More information on this type of comparison is included in the description of the field another name of the subject of the certificate.

Binary comparison - compare the certificate with a binary copy of the certificate stored in the database (only AD and LDAP for that). If you use the binary comparison of certificate, you must store the user certificate in a binary format. Also, for the generic LDAP and Active Directory, the attribute that stores the certificate must be the standard LDAP attribute named "usercertificate".

3. with the foregoing, if options 1 or 2 are used (CN or SAN comparison), I guess it's just a check between a value out the CERT of the ACS and checked with AD, is that correct? With option 3, GBA exercise a complete comparison of the certificate between what the client and a "cert stored client" on the AD DB?

Please can someone help me with these points.

I'm so lost in this kind of things :)) I think.

Thx a lot and best regards,

Ken

TLS only * handle * is complete/successful, but because the user authentication fails.

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: State = SSLv3 client SSL read Exchange of keys A

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: State = SSLv3 read Certificate SSL check

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: SSL = SSLv3 read state completed A

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: State = SSLv3 write change cipher spec A SSL

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: SSL = SSLv3 write finished State has

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: State = SSLv3 data embedded SSL

CryptoLib.SSLConnection.pvServerInfoCB - process of TLS data: State SSL = SSL handshake completed successfully

EAP: EAP - TLS: handshake succeeded

EAP: EAP - TLS: authenticated handshake

EAP: EAP - TLS: CN using the certificate as an authentication identity

EAP: State EAP: action = authenticate, username = 'Jousset', the user identity is "jousset.

pvAuthenticateUser: authenticate "jousset" against CSDB

pvCopySession: assignment session group ID 0.

pvCheckUnknownUserPolicy: Group of session ID is 0, the call pvAuthenticateUser.

pvAuthenticateUser: authenticate "jousset' against the Windows database

External DB [NTAuthenDLL.dll]: Cache of Creating Domain

External DB [NTAuthenDLL.dll]: Domain for loading Cache

External DB [NTAuthenDLL.dll]: no UPN Suffixes found

External DB [NTAuthenDLL.dll]: could not get the domain controller for dwacs.com trust, [error = 1355]

External DB [NTAuthenDLL.dll]: could not get the domain controller for enigma.com trust, [error = 1355]

External DB [NTAuthenDLL.dll]: could not get the domain controller for acsteam.com trust, [error = 1355]

External DB [NTAuthenDLL.dll]: could not get the domain controller for vikram.com trust, [error = 1355]

External DB [NTAuthenDLL.dll]: domain loaded cache

External DB [NTAuthenDLL.dll]: could not find the user jousset [0 x 00005012]

External DB [NTAuthenDLL.dll]: user Jousset is not found

pvCheckUnknownUserPolicy: assignment session group ID 0.

Unknown user "jousset" was not authenticated

If EAP-failure (RADIUS Access-Reject (is sent, no EAP-Success(Radius Access-Accept).))

And no matter how port will not be allowed to pass traffic unless the NAS device gets an EAP-Success(Radius Accept) for the user.

HTH

Kind regards

Prem

Using Cisco AP as router and DHCP server

I'm a newbie in the technology of Cisco wireless. I have a lot of Cisco wireless access point. One of them (1142AG-K9 Cisco) I want to set them up as a DHCP server and will forward traffic to the public ip address as it will route the traffic to 203.82.203.50 (Ip provided by ISP) and will lease ip as associated devices 192.168.10.0 pool.

Even though I know that it is possible using a router on the AP. But it is possible using a single access point?

If so, how?

Help, please.

Hi, the AP cisco are just basic layer 2 devices such as a hub or Layer 2 switch, it does not any layer 3 as a wireless router.

The Cisco access point supports to have a VLAN or subnet configured or more VLANS or subnets and will pass all traffic to a layer 3 devic so that traffic can be routed to the need.

The Ap can't stand to have an addrees ip configured on the bvi1 for the management.

Also the build in the ap dhcp option is very limited and will only know the ip address to wirless clints that connect to it on an ssid linked to its management interface in this case that the bvi1 and all them VLAN othe or subnets shall not use an external dhcp server.

Sent by Cisco Support technique iPhone App

How to make "In line with text" as default option

I use 5.6 Pages to deal with certain documents that have a lot of pictures. When I paste an image of the document, the default option of "skin" for the image is "automatic", I have to manually change the "inline with the text" option each time and drag it to the right place, it's extremely frustrating. Is it possible to put "in line with text" as default option when I paste a picture?

Hello RCN,

Click in the text where you want the image to be inserted.

Dough.

If the focus is on the text, the image will be stick like 'Move with text;' if emphasis is placed on an object (eg. an image that does not move with the text), the image will stick like "rest on the Page.

Kind regards

Barry

Re: Imagem om my Toshiba with problems

Hello world

When I start my laptop, the picture on the screen appears with problems, cannot read letters and some traces in the vertical. When windows start, displays a blue screen with a memory error but I can read because it disappears very quickly.

I thing (I'm not sure) that may be a problem with the graphics card. I removed the ram cards and switch, but problems remain.

Any ideas?

Hello

Yes, BSOD is the product of a software or hardware problem.
Since you have a few vertical lines on the screen, the graphics chip could be affected.
Seems only service technicians would be able to help by the way: what laptop do you have?

With explanations wireless security options

Hello team,

I would like to have your base of knowledge up-to-date with the types of security options available in IEEE and security options supported on the NETGEAR router with detailed description. The current article which is available on your KB Portal is bad enough. That's what I get when retrieved from the security options...

http://KB.NETGEAR.com/app/answers/detail/A_ID/112/

and

http://KB.NETGEAR.com/app/answers/detail/A_ID/13205

I would like to refine your article with all the security options available from WEP, WPA - PSK [TKIP], mixed, WPA2-PSK [AES] etc. I'm not sure if your knowledge base team consider my request or not. Even if they think it will I get any deducted after the publication of my article in your support portal.

Thank you best regards &,.

NetRags

@NetRags I'm going to go ahead and pass on to management.

Thank you!

Question of DHCP Option 50

I understand that the DHCP 50 option is for the customer asked the IP address.

I have 3 questions about this...

1. the DHCP server on the router maintains the MAC--> IP mapping during 24 hours right?

What happens if I ask a non assigned a different IP address in the 24 hour window? My request will be granted each time?

What happens if I ask for an IP address not assigned different after the 24 hour window? I guess that my request will be granted every time in this case.

2. always in the window of 24 hours, if the requested IP address is leased to another network device, but the device has long been disconnected,

I get the requested IP address?

2 do all versions of routers support this option?

Depends on the implementation of the DHCP server. The RFC does not say how to handle 50 option. The DHCP server can but should not affect the requested IP address. It can completely ignore this option.

So:

How long the server retains the mapping? Depends on the server. It may or may not remove the mapping after the lease has expired (which I assume is the 24 hours, that you reference).

Ask a different IP address during the valid lease? Depends on the server. The server may grant each time. Another server can refuse each time.

I think it is more common to not to grant the request. Internally the DHCP server manages static IP mappings and pool all the same except the static IP mapping has an unlimited lease duration. As long as a request from a computer comes that already has a mapping (static or pool) he always attributes known IP address and the other does not.

After the expiry of the lease? Depends on the server. A DHCP server keep the maps even after the expiry of the lease. The simple purpose of this is that if you have a fairly large pool that gets not exhausted you basically assignments to static IP addresses to DHCP clients. Even if a client releases the lease (because the computer is stopped) or the lease expires, he will always keep this information. Next time (for example, you turn on the computer after the weekend) it will always go to the same IP. But again, it is up to the implementation of the server. Other servers follow other policies and do differently.

Address IP lease request? N ° never. The DHCP server must not assign an IP address that has been rented elsewhere. There is no reliable way to make sure that the DHCP server as other devices is indeed off. If a unit is stopped, it must release the DHCP lease. If it is not the case, the IP address is blocked until the lease expired. The only case that a transfer could occur is if the DHCP server has been reset and lost its DHCP lease table. In this case, the DHCP server does not know before granted leases.

Supported? All DHCP servers must be able to receive DHCP requests include this option. It is the implementation of the DHCP server if the DHCP option is really accepted or not. Some servers may completely ignore this option.

My Microsoft Wireless Mouse 5000 new scrolls only in one direction in Quicken. This seems to be the only program with problems. All the answers?

My Microsoft Wireless Mouse 5000 new scrolls only in one direction in Quicken. This seems to be the only program with problems. All the answers?

Hi retiredinflorida,

Welcome to Microsoft Vista answers Forum!

It is a known issue using IntelliPoint from Microsoft and Quicken software drivers. Both parties are aware of the problem and as soon as a hotfix or patch for this problem is available it will be displayed on the Quicken Web site so check with their website on a regular basis.

However, if the Microsoft Wireless Mouse 5000 problems in other applications, you can check the links below.

The Microsoft wireless mouse does not work as expected if:

You may want to consider this link to fix the problem: http://support.microsoft.com/default.aspx?scid=kb; EN-US; 838398

In the case want ot uninstall and reinstall the mouse drivrs use this link: http://www.microsoft.com/hardware/windows7/support.mspx

Hope this information is useful.
Let me know if it worked.

Thank you, and in what concerns:
Aziz Nadeem - Microsoft technical support.
Visit our Microsoft answers feedback Forum
http://social.answers.Microsoft.com/forums/en-us/answersfeedback/threads/ and let us know
what you think