On SG500 DHCP scopes

I have a SG500 switch I use L3 mode and try to put in place a few different VLANS for different things.  I am trying to use the switch to function as a DHCP server on the VLANs, and it seems to work fine.  However, I have a VIRTUAL LAN that has an external DHCP server and have not configured a pool for this range.  However, clients who connect in this VLAN get a DHCP NAK from the switch when try to pull an address (in addition to the OFFER they get legitimate DHCP server) and it has really fouls things up.  Is it possible to prevent the switch to send a DHCP NAK on this VLAN?  Remove the IP Address of the interface for this VLAN is not an option because it is the way out of all other VLANS.

Hi Christophe,

1.4.1 firmware was released on 8 May and should address issues DHCP. Please feel free to comment if you have tested.

Kind regards

Aleksandra

Tags: Cisco Support

Similar Questions

  • Default DHCP scope

    How can I change the 192.168.1.x for 172.16.2.x's default DHCP scope?

    My router is WRT610N.

    The IP address of the router is still the 192.168.1.1. You will need to change the LAN IP address.

  • 6248 VLAN do not receive the DHCP scope

    I created two new DHCP scopes in my windows server 2003:

    192.168.2.0 - public, and
    192.168.3.0 - VOIP.

    This DHCP server is connected to a Dell powerconnect 2708, which is connected to our new powerconnect 6248P via fiber point-to-point.

    In the new computers on network on the default 1 VLAN are correctly attributed IPs as they connect.

    I issued the following commands to the 6248 CLI:

    Enable
    Configure
    database of VLAN
    VLAN 20
    VLAN 30
    output

    Configure
    range of interface ethernet 1/1-g1/g2
    switchport mode general
    VLAN allowed switchport General add 20
    switchport General pvid 20
    l2relay DHCP
    output

    Configure
    range of interface ethernet 1/1-g3/g6
    switchport mode general
    VLAN allowed switchport General add 30
    switchport General pvid 30
    l2relay DHCP
    output

    interface ethernet 1/g11
    switchport mode general
    VLAN allowed switchport General add 20
    VLAN allowed switchport General add 30
    l2relay DHCP
    output

    Configure
    interface vlan 20
    name 'PUBLIC '.
    Routing
    IP 192.168.2.1 255.255.255.0
    IP helper 192.168.1.150
    output

    Configure
    interface vlan 30
    name "VOIP."
    Routing
    address 192.168.3.1 255.255.255
    IP helper 192.168.1.150
    output

    IP routing

    I also added all traffic on VLAN 20 and 30 of VLAN on ports 1/g11 (6248) and port 2 (2708). VLAN 1 access was removed from ports 1/1/g1-g6 (6248)

    Everything seems to have been set correctly, but I can't get a response from the DHCP server on all ports attached to VLAN 20. The powerconnect 2708 switch is unable to pass the baton to the server? Is it possible that something falls in the point to point?

    I would greatly appreciate any comments or suggestions, thanks!

    The 6248 has no default gateway. It wont let me put 192.168.1.1 because he does not reside in the same subnet as the 6248 (192.168.99.1)

    The 2708 has listed 192.168.1.1 as its default gateway.

    At this point, the network has too many complexities for me to unravel. I am very happy that at least I solved for DHCP when we finally migrate our server to the new location.

    Once the server is up, and the gateway/firewall are directly connected to the 6248; I will review the correct configuration of this network.

    Some advice to those who might have a similar problem: check your management VLAN. It may not be the same VLAN 1 if you plan to routing to work from VLAN 1 to nowhere else because the VLAN management cannot be routed. Also check static routing of your access point, make sure the front door has a return of the ips of your VLAN, IE: 192.168.2.0 255.255.255.0 gateway_ip

    That's all for now. Thank you to all who have contributed

  • WLC primary and secondary - Config DHCP Scope

    Hi all

    WLCs: AIR-CT2504-K9

    We have therefore two 2504 s each in separate locations. Inside of each of the Access Points, we have configured one of the controllers of the WLC primary and the other as the secondary WLC tab HA. So my question has to do with the internal DHCP configured in each of the controllers scope.

    We only use the internal DHCP server of the WLCs for our Public Wi - Fi network. And I was wondering if I should configure the DHCP scope even in two controllers, or if they are supposed to be different?

    For example:

    Elementary WLC - extended DHCP: 10.12.202.110 - 10.12.202.200
    Secondary WLC - extended DHCP: 10.12.202.xxx - 10.12.202.xxx?

    The way in which access points are configured, they should only be attached to a controller or another. So that the way its set up it shouldn't be some APs on a single controller and some of the other. They should all be attached to the WLC even at any time. So, given that I can configure the same scope on both controllers?

    Any ideas or suggestions would be greatly appreciated!

    Thanks in advance,
    Matt

    Yes, you can set up this way, as long as you don't expect not so much operational WLC & customer service at the same time.

    If you think to expand this network of comments, I suggest you stay away from using DHCP internal like these WLCs has ever made to use as complete apart from entire DHCP servers in large scale networks.

    HTH

    Rasika

    Pls note all useful responses *.

  • Edit excluded in the existing DHCP scope addresses

    Can someone tell me please how to change the range of excluded in an existing DHCP scope addresses? There is a current range start and end for the addresses to be excluded, I would modify this range. Please notify. Thank you.

    Hello

    Do it before configuring the pool so you don't have all yet to scratch because change the excluded range has no effect on an existing pool.

    Concerning

    Alain

    Remember messages useful rate.

  • function of guard of source IP and dhcp DHCP scope of exhaustion (customer parodies other customers)

    Hello world.

    A dhcp server assigns ip address based on the mac address by equipment of the customer field in the dhcp packets.

    A potential attack is when a crowd of thugs mimics different mac addresses and causes the dhcp server to assign ip addresses until no ip address is left for legitimate host.

    For example, a host with mac1 h1 is designated by the ip address of the dhcp server as:

    199.199.199.1 mac1

    DHCP server has this entry in its database.

    Using hacking tools such as Yersinia or Gobbler can create a DHCP discover messages every time that create another mac for material scope of the client to the dhcp server, thereby causing a dhcp server to assign ip addresses because they are of legitimate dhcp to dhcp server discover messages with matching each another Mac in hardware of client addresses.

    You could use dhcp snooping and it will avoid that (exhaustion of dhcp scope) and configure the switch to check if the CBC mac fits the hardware address of the client in the dhcp message. But when even we can creat spoofed discover messages where mac src in the ethernet header will match the client hardware address in dhcp discovery message. It did not always overcome the problem.

    You might say use IP source guard characteristic but it really will prevent this problem from happening?

    Let me illustrate:

    H1 - f1/1SW - DHCP server

    Let's say that we have configured dhcp snooping on sw1 and f1/1 is untrusted port.  Switch a suite dhcp binding

    199.199.199.1 mac1 vlan1 f1/1

    Then, we configure source ip guard in order to validate the mac src and src ip against the dhcp bindings. When you configure keep source ip first, it will allow dhcp only if a host can request ip address and dhcp binding can be built. After that IP keep source will validate ip or mac src src or both against the binding.depending dhcp on how configure us source ip guard.

    In our case, we have configured source ip guard in order to validate the mac src and src ip against the dhcp binding.

    A dhcp connection is already created as:

    199.199.199.1 mac1 vlan 1 f1/1

    Now, using hacking tools Yersinia or Gobbler on h1, we create our first spoofed dhcp discovery message where mac src = mac2 ethernet header and client harware address = mac2 in dhcp discovery message. As the switch is configured with the function of guard of source ip and therefore allows dhcp discover message to pass through. DHCP server after you receive the message dhcp assigns another IP from the pool. The dhcp server has now after the entries:

    199.199.199.1 mac1

    199.199.199.2 mac2.

    We continue to spoofed dhcp to craft discover messages as described above and are dhcp server keep ip address assignment until exhausts the entire pool.

    So my question is how ip source guard in conjunction with dhcp snooping doesn't stop this attack does not happen? (IE DHCP scope exhaustion)

    I really appreciate your comments.

    Thank you and have a week.

    Hi Sara,.

    Ask was quite interesting. As far as I know that whatever it is port snooping untrusted won't let your fake dhcp server.

    You can take this query in the Sub forum of experts mentioned that is specific for dhcp snooping and source of guard.

    https://supportforums.Cisco.com/message/3689811#3689811

    Please assess whether the information provided is useful.

    By

    Knockaert

  • [RVS4000] DHCP scopes?

    Is it possible to implement separate staves on the RVS4000? I have another router on my network, but I want her to be transfer requests DHCP to the SVR. the RVS would of course learn how to assign IP addresses based on the origin of the request.

    See the attachment for more details...

    RVS4000 allows you to create several VLANs, which each will have a separate DHCP scope.

  • DHCP NAK on wrong VLAN on SG500

    I have a 52 SG500 L3 mode with IPV4 addresses configured on 2 VLANS (1 & 2).

    DHCP server is running on the switch, and that only one pool is configured (for the subnet on the LAN VIRTUAL 2).

    When executing a capture of packets to test something with DHCP, I noticed that when a customer of the VLAN 1 sent a DHCP INFORM, the switch has responded his address IPV4 1 VLAN with a DHCP NAK.

    Curiously, it seems to only respond to only a single client with DHCP NAK. All other DHCP INFORM requests (several in the screenshot) seem to be ignored by the switch.

    Is there a reason why the switch would meet a DHCP INFORM on a subnet for which no DHCP pool is configured? Is there a way to stop this behavior?

    DHCP snooping * is * turned on the switch on the two VLAN 1 & 2.

    Thank you

    -Matt

    Looks like the same problem discussed in this thread of message:

    https://supportforums.Cisco.com/discussion/12196801/DHCP-scopes-SG500

  • Can I have 2 Airport Extreme with running in a single wired network DHCP server

    Hello friends,

    Just a teenager from the windows world crawling as a child in the MAC world.

    I'm curious to know if we can have 2 extreme airport, acting as 2 DHCP servers in the same local network. I really doubt if it is possible, but still want to have Advisor by experts. I am considering a wired LAN. If possible, please help me understand how this can be done in detail.

    Thank you.

    In fact, you can. The key is to assign different DHCP scopes for each base station in the same IP address space.

    For example, you could assign the range 10.0.1.2 through 10.0.1.99 to a base station and have the other on: 10.0.1.100 via 10.0.1.200.

    You set the DHCP scope or range using AirPort Utility, as follows:

    • Run the AirPort Utility.
    • Select the base and then station, select change.
    • Select the network tab.
    • Select Network Options...
    • The range is set with the option "IPv4 DHCP Range".

    But the question would be why would you?

  • Hi, is it possible to configue dhcp divide in SERVER 2008 SP2

    In my company we have 2DC Server 2008 SP2, (DC1-DHCP server, DC2-planning set as a second dhcp server to the extent of split)

    I couldn't find delay subnet configuration feature in advanced or in one of the DHCP scope options

    Please help me,
    If I could set dhcp split carried between server 2008 sp2

    or is there another acting redundancy dhcp server 2008 SP2.

    Thank you
    Erin

    Support is located in the Windows Server Forums:
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

  • Two on 250M sonicwall DHCP servers

    I have two VLANS (voice and data) and I want to activate the DHCP server on sonicwall for each subnet (VLAN).

    Absolutely, has created for each interface dhcp scopes. Just make sure that your bet is correct.

    Kevin

  • PC 6248: Obtaining DHCP address for incorrect subnet.

    I recently inherited a Dell PowerConnect 6248, which I am not familiar with, and I'm trying to use it as a switch Layer 3.

    I have a 10 of VLAN with a network 10.10.10.0/24 and 11 VLAN with an associated network of 10.10.11.0/24.

    When I statically assigned addresses on the clients on the ports configured for these VLANs. I can ping other subnets, and traffic is routed correctly.

    I also support IP configured in the world pointing to my DHCP server, and I installed the DHCP scopes for the associated networks VLAN 10 and 11.

    When I connect a device to a port configured with VLAN 10, I get a the network 10.10.10.0/24 DHCP address.

    However, when I connect a device to a port configured with VLAN 11, I receive a DHCP address also in the 10.10.10.0/24 when he should be in the 10.10.11.0/24 network.

    The VLAN, routes and extended DHCP appear to be properly set up everywhere. Yet once, when customers use statically assigned addresses their VLANs and adequate networks, traffic is routed normally. But I'm getting DHCP addresses for the incorrect subnet for clients connected to the local network VIRTUAL 11.

    Any help is greatly appreciated!

    Looks like you're real close how it works, we just miss something in the configuration.

    When you configure the port for VLAN 11, which command do you run? Once it is configured for that VLAN, we can confirm that by simply running a show on this interface command.

    It may be useful to see the configuration running on the whole, this will help us to look for any possible changes, we can offer you.

    If you could give us a screenshot or the decrease in the size of the DHCP scope settings, we can help those look too.

    Thank you

  • Quirk - DHCP gets no internet, static works fine

    So, I work in this domain environment and 99% of everything is peachy-keen. But every now and then someone will complain that they have no internet access. This happens maybe to one user in 40 perhaps once per month - tops. It is not critical. Just very weird.

    Most of workstations is Windows 7 since the client was not looking forward to using Win 8 with Autocad. Windows Server 2008 R2 server running DNS, DHCP and VPN. No DHCP rogue server. We checked.

    When checking the workstation, I note that the user can get on the file server. They can ping the DNS server and gateway name or IP and get a correct answer, but when you try to ping google.com, no response.

    My usual dose is just set them static above the DHCP scope. Forget about it for a week. Come back and reset them on DHCP and everything will be fine.

    Someone ran to something like that? Any suggestions on what you should check?

    In a domain environment, different rules apply to your DNS settings. Given that the current forum aims to answer questions for the home user, you should transfer your query in a Technet forum.

  • WLC5508 problem with dhcp and flexconnect local switching

    Hello
    I have a new WLC 5508 with firmware 8.0.133.0 (suggested one right now) and I'm trying to set up a WLAN with flexconnect and local switching, but when I try to connect a client it is not getting an IP address.

    Here's what I did:
    -put the AP mode flexconnect
    -support vlan in the AP has allowed
    -local switching license and only in wlan
    -spread the vlan from AP to the local gateway
    -put the IP helper on local and pointed the wlc management ip gateway
    -set up a scope for the vlan Server dhcp internal WLC
    -set up a working group with the vlan-wlan association flexconnect

    Here is what I checked:
    -l'AP obtains an IP address in dhcp in the vlan, and a lease for that appear in the DHCP Server internal to the WLC
    -If I put the interface vlan on a switch in DHCP it gets the ip address of the same way
    -If I set the static IP address in the wireless client it ping the local gateway and navigate normally
    -J' tried the deactivation/activation proxy DHCP in the management connected to the WLAN interface, but nothing happened
    -J' tried Central DHCP activation of treatment with no luck

    It seems a dhcpdump on the wireless client client ask for an IP address, but get no response, as if it were the DHCP request is be filtered or diverted somehow.

    All you other ideas?

    DHCP on the controller is not a real dhcp server, see it that way. The management interface is used when defining aid ip and proxy dhcp must be enabled for internal dhcp. In your configuration, dhcp only works for the AP and should not work for any cable customer. You should be able to use the IP helper pointing to your WLC management interface but also make sure that you create an interface on the WLC for the local subnet and assign the interface to a correct address, even if it is not actually using it. Then in the new dynamic interface of this local subnet, you create, make sure that the primary dhcp is the ip address of the controller management. I think it works.

    I would really use a true if possible dhcp server or even put a dhcp scope on the interface of L3 on the production site.

    -Scott

    Please evaluate the useful messages *.

  • Cisco WLC 2504 internal DHCP does not work properly

    Hi all

    I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2

    a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?

    These are my interfaces:

    Interface of the PA-Manager:

    My DHCP scope:

    Advanced DHCP:

    I forgot something? Is there anyone using DHCP for its access points?

    Thank you!

    Hello

    On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.

    Let me explain briefly how AP-Manager works on WLC:

    1. Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
    2. Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
    3. Joints access point controller using the less loaded interface AP Manager.

    With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.

    I drop a post here sometimes there is which might help:

    https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...

    Thank you

    PS: Please do not forget to rate and score as correct answer if this answered your question

Maybe you are looking for

  • Satellite A100 - 521 RAM upgrade only works with original RAM in place

    I am trying to upgrade the memory to 2 GB, as described in the user manual. The computer does not start with the two new modules inserted. It will start with 1 GB installed in each slot until the original 256 MB module is inserted in the drive on the

  • write to the file at the end of the program

    I am trying to acquire data of resistance on a DAQmx channel. The data are acquired in a while loop. I need the program to keep storing data in a table that develops according to the incoming data and writes all data in a file when the program ends.

  • How to prevent the updates for Office Standard 2007

    I'm running on windows xp. I use office 2007 standard. After a computer breakdown recent when I reinstalled office 2007 standard I am able to update 2003 documents. However, after sending updates by microsoft I can't open word 2003 documents. It says

  • NSIS error EIB opencpn 3

    the race of opencpn3 nsis_error

  • Free version?

    We have a very small network and have been using the free version of Foglight since we have less than 100 knots. We must install Foglight Server on a different machine, but can only look for the free trial of 30 days for the full version. Is there a