cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
0
Helpful
3
Replies

End Users can not log into domain accroos WAN...

bmckinley
Level 1
Level 1

Just recently we segmented our WAN, and Remote LANs. We have 4 branch offices and about 3 home users that before had no trouble access network resource at our main office. Previously our WAN was one big network, no routing only bridging, they were all on the same IP range. To change that we gave each location including the WAN a seperte IP range and setup routing. At present all the remote branches can access network resources fine, end users there have no problems. The only issue is with home users. Before I go any further you need to know that the entire WAN is wireless, and only wireless users have this problem. As I mentioned each branch has it's own segment as well as the Wireless. We have Cisco's ACS setup and all wireless AB, and AP can authenticate fine, the problem comes in when wireless end users are trying to connect to the Domain, in the LEAP process, it authenticates the user and then it hangs when trying to get a DHCP address. If I manually change the IP to static the end user then hangs at finding Domain Controller. At the main office my wireless users do not have this problem while they are in the building. I'm sure it is just a setting somewhere that we're missing but I need to get if fix ASAP. Any help would be greatly appreciated.

Thanks

3 Replies 3

tomanderin
Level 1
Level 1

don't know anything about wireless and apologies if way off the mark, but the common issue is the router has not been configured to forward the end users broadcasts. This can be achieved using the "ip helper address"

thisisshanky
Level 11
Level 11

Have you checked the radius (ACS) server logs to see any useful information ? Are the clients using latest Aironet client utility?

Also for DHCP and Netbios traffic to go across subnets or routers, you would need a DHCP relay agent, or "ip helper-address" command on the immediate lan router which is the default gateway for the remote user. You can also open specific ports used by Netbios for browsing, using the command "ip forward-protocol udp " command.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

bmckinley
Level 1
Level 1

It was the IP Helper address that we forgot. Works fine now...

Thanks..

Review Cisco Networking for a $25 gift card