12-05-2014 01:05 AM - edited 07-05-2021 02:04 AM
Hi,
I would like to DHCP snooping on the WLC.
Or a method to block DHCP pirate and authorized my DHCP.
Best Regards,
Julien Hernandez.
Solved! Go to Solution.
12-08-2014 01:22 AM
DHCP Address Assignment Required................. Disabled
Do you really required static client to join ? So current clients shown as 192.168.x.x may be static clients.
If you enable DHCP address assignment, all client has to get IP from your DHCP server, in that way you can control what IP a client can get.
Try that option & see what's client IP looks like.
HTH
Rasika
**** Pls rate all useful responses ****
12-08-2014 02:24 AM
Click that client & remove (Monitor -> Client - > Select client -> Remove) & see if that connects again.
If it showing again, trace the mac-address of the client & see from where you learn that MAC address.
HTH
Rasika
12-05-2014 02:19 AM
Do you have rogue DHCP servers on wireless ? If you have configure the ip-helper address on dynamic-interfaces pointing to your proper DHCP server then all wireless users DHCP packet should go to that.
Typically you would have rogue DHCP on a wired network & you can implement DHCP snooping to block them. Here is how you configure it in a wired network
http://mrncciew.com/2012/12/27/understanding-dhcp-snooping/
HTH
Rasika
**** Pls rate all useful responses ****
12-05-2014 02:43 AM
ip-helper was configured on the VLAN interface on my switch.
I must configuer ip-helper also on the WLC ?
As shown in the image attached i have clients on the network 192.168.0.0 it's not my internal network.
So i would block the DHCP pirate and authorize my dhcp DHCP
on the switch WiFi no need to set up dhcp snooping because that only WiFi.
12-05-2014 04:48 AM
I just set up the ip-helper address on dynamic-interfaces on the WLC.
I notice there are client with IP address 0.0.0.0
I make a debug client :
(Cisco Controller) >*apfMsConnTask_3: Dec 05 10:55:17.610: dot1xcb = (nil) eapolReplayCounter = 0x42484e6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 10:55:20.988: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*apfMsConnTask_3: Dec 05 10:55:29.228: dot1xcb = (nil) eapolReplayCounter = 0x42484e6a So returning from getEapolReplayCounter
*apfMsConnTask_1: Dec 05 10:55:35.557: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
*apfMsConnTask_3: Dec 05 10:55:45.079: dot1xcb = (nil) eapolReplayCounter = 0x42484e6a So returning from getEapolReplayCounter
*apfMsConnTask_1: Dec 05 10:55:52.315: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
*apfMsConnTask_4: Dec 05 10:56:11.695: dot1xcb = (nil) eapolReplayCounter = 0x4278ce6a So returning from getEapolReplayCounter
*apfMsConnTask_6: Dec 05 10:56:14.316: dot1xcb = (nil) eapolReplayCounter = 0x42d9ce6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 10:56:16.194: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*apfMsConnTask_2: Dec 05 10:56:16.966: dot1xcb = (nil) eapolReplayCounter = 0x4217ce6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 10:56:17.461: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 10:56:46.083: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*apfMsConnTask_6: Dec 05 10:56:50.746: dot1xcb = (nil) eapolReplayCounter = 0x42d9ce6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 10:57:27.302: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*apfMsConnTask_1: Dec 05 10:57:37.841: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
*apfMsConnTask_6: Dec 05 10:57:40.718: dot1xcb = (nil) eapolReplayCounter = 0x42d9ce6a So returning from getEapolReplayCounter
*apfMsConnTask_7: Dec 05 10:57:45.066: dot1xcb = (nil) eapolReplayCounter = 0x430a4e6a So returning from getEapolReplayCounter
*apfMsConnTask_3: Dec 05 10:57:58.369: dot1xcb = (nil) eapolReplayCounter = 0x42484e6a So returning from getEapolReplayCounter
*apfMsConnTask_7: Dec 05 10:58:28.558: dot1xcb = (nil) eapolReplayCounter = 0x430a4e6a So returning from getEapolReplayCounter
*apfMsConnTask_7: Dec 05 10:58:44.515: dot1xcb = (nil) eapolReplayCounter = 0x430a4e6a So returning from getEapolReplayCount
debug client :
(Cisco Controller) >*dot1xMsgTask: Dec 05 13:45:10.344: GTK Rotation Kicked in for AP: 44:ad:d9:5f:3a:20 SlotId = 1 - (0x3adb3bf8)
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Reassociation received from mobile on BSSID 44:ad:d9:5f:3a:d0
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Global 200 Clients are allowed to AP radio
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 override for default ap group, marking intgrp NULL
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 321
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Re-applying interface policy for client
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Applying site-specific Local Bridging override for station 78:9e:d0:22:5e:33 - vapId 1, site 'INDE', interface 'interface_resident'
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Applying Local Bridging Interface Policy for station 78:9e:d0:22:5e:33 - vlan 321, interface id 12, interface 'interface_resident'
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 override from ap group, removing intf group from mscb
*apfMsConnTask_5: Dec 05 13:45:14.401: 78:9e:d0:22:5e:33 Applying site-specific override for station 78:9e:d0:22:5e:33 - vapId 1, site 'INDE', interface 'interface_resident'
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 321
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Re-applying interface policy for client
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 STA - rates (8): 2 4 11 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 STA - rates (12): 2 4 11 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Deleted mobile LWAPP rule on AP [44:ad:d9:5f:39:00]
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Updated location for station old AP 44:ad:d9:5f:39:00-0, new AP 44:ad:d9:5f:3a:d0-0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Updating AID for REAP AP Client 44:ad:d9:5f:3a:d0 - AID ===> 1
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Applied RADIUS override policy
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Central switch is FALSE
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Sending the Central Auth Info
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Central Auth Info Allocated PMKLen = 0
*apfMsConnTask_5: Dec 05 13:45:14.402: dot1xcb = (nil) eapolReplayCounter = 0x42a94e6a So returning from getEapolReplayCounter
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 EapolReplayCounter: 00 00 00 00 00 00 00 00
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 0
apfMsEntryType = 0 apfMsEapType = 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Sending Local Switch flag = 0
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) DHCP Not required on AP 44:ad:d9:5f:3a:d0 vapId 1 apVapId 1for this client
*apfMsConnTask_5: Dec 05 13:45:14.402: 78:9e:d0:22:5e:33 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Plumbed mobile LWAPP rule on AP 44:ad:d9:5f:3a:d0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 0.0.0.0 RUN (20) Change state to RUN (20) last state RUN (20)
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 78:9e:d0:22:5e:33 on AP 44:ad:d9:5f:3a:d0 from Associated to Associated
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 apfPemAddUser2:session timeout forstation 78:9e:d0:22:5e:33 - Session Tout 15000, apfMsTimeOut '15000' and sessionTimerRunning flag is 0
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 Scheduling deletion of Mobile Station: (callerId: 49) in 15000 seconds
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 Func: apfPemAddUser2, Ms Timeout = 15000, Session Timeout = 15000
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 Sending Assoc Response to station on BSSID 44:ad:d9:5f:3a:d0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_5: Dec 05 13:45:14.403: 78:9e:d0:22:5e:33 apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 78:9e:d0:22:5e:33 on AP 44:ad:d9:5f:3a:d0 from Associated to Associated
*spamApTask0: Dec 05 13:45:14.405: 78:9e:d0:22:5e:33 spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 0
apfMsEntryType = 0 pmkLen = 0
*apfMsConnTask_1: Dec 05 13:45:34.177: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
*apfMsConnTask_1: Dec 05 13:45:51.853: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
*apfMsConnTask_0: Dec 05 13:46:02.400: dot1xcb = (nil) eapolReplayCounter = 0x41b6ce6a So returning from getEapolReplayCounter
*dot1xMsgTask: Dec 05 13:46:16.160: GTK Rotation Kicked in for AP: 50:67:ae:30:e0:e0 SlotId = 0 - (0x3adb3bf8)
*apfMsConnTask_1: Dec 05 13:46:29.123: dot1xcb = (nil) eapolReplayCounter = 0x41e74e6a So returning from getEapolReplayCounter
12-05-2014 09:16 AM
pls attach these outputs to get an better idea how you configure it
WLC - show interface summary WLC - show interface detailed vlan x <- vlan that map to SSID WLC - show wlan <wlan_id> SW - show run interface vlan x SW- show run int gx/x <- WLC connected swtichport
HTH
Rasika
**** Pls rate all useful responses ****
12-08-2014 01:01 AM
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 4
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
interface_administratif 1 221 10.20.167.253 Dynamic No No
interface_resident 1 321 10.30.167.253 Dynamic No No
management 1 20 10.253.21.4 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
(Cisco Controller) >show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... Wifi City
Network Name (SSID).............................. WifiCity
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 67
Exclusionlist.................................... Disabled
Session Timeout.................................. 15000 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... Inde_WLC-2504_SS_04
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ interface_resident
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
--More-- or (q)uit
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
--More-- or (q)uit
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Disabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Not Applicable
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Enabled
Load Balancing................................... Client-Count Based
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
----------------
Priority Policy Name
-------- ---------------
(Cisco Controller) >show interface detailed interface_resident
Interface Name................................... interface_resident
MAC Address...................................... cc:d8:c1:40:cf:44
IP Address....................................... 10.30.167.253
IP Netmask....................................... 255.255.248.0
IP Gateway....................................... 10.30.167.254
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 321
Quarantine-vlan.................................. 0
NAS-Identifier................................... Inde_WLC-2504_SS_04
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.2.0.1
Secondary DHCP Server............................ 10.2.0.2
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
interface Vlan321
description Resident_Inde
ip address 10.30.167.254 255.255.248.0
ip access-group resident in
ip helper-address 10.2.0.1
ip helper-address 10.2.0.2
end
interface FastEthernet1/0/23
description Controller_2504
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
end
ip access-list extended resident
permit udp any host 255.255.255.255 eq bootps
permit udp 10.30.0.0 0.1.255.255 host 10.2.0.1 eq bootps
permit udp 10.30.0.0 0.1.255.255 host 10.2.0.2 eq bootps
permit udp 10.30.0.0 0.1.255.255 host 10.2.0.1 eq domain
permit udp 10.30.0.0 0.1.255.255 host 10.2.0.2 eq domain
permit tcp 10.30.0.0 0.1.255.255 any eq 9100
deny ip any 10.0.0.0 0.255.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.0.255.255
deny ip any 224.0.0.0 31.255.255.255
deny udp any eq netbios-ns any eq netbios-ns
deny udp any eq netbios-dgm any eq netbios-dgm
deny udp any any eq netbios-ss
remark Infection virale 31/07/2012
deny udp any any eq 16464
deny udp any any eq 16470
deny udp any any eq 16471
deny udp any any eq 16475
deny udp any any eq 1900
deny tcp any any eq 445
deny tcp any any eq 139
permit ip 10.30.0.0 0.1.255.255 any
12-08-2014 01:22 AM
DHCP Address Assignment Required................. Disabled
Do you really required static client to join ? So current clients shown as 192.168.x.x may be static clients.
If you enable DHCP address assignment, all client has to get IP from your DHCP server, in that way you can control what IP a client can get.
Try that option & see what's client IP looks like.
HTH
Rasika
**** Pls rate all useful responses ****
12-08-2014 01:35 AM
not enable this option :
The following errors occurred while updating the WLAN:
Invalid Configuration: DHCP required or Web Auth cannot be enabled if Learn Client IP Address is disabled
To enable the following option for it to work:
Learn Client IP Address
I think he must have a pirate DHCP server and the DHCP pirate is quicker to respond than my own DHCP server.
12-08-2014 01:38 AM
Invalid Configuration: DHCP required or Web Auth cannot be enabled if Learn Client IP Address is disabled
This is because of the following setting
FlexConnect Learn IP Address.................. Disabled
You can enable this & then tick the "DHCP address assignment" option.
Note that wlan setting changes could disrupt client connectivity momentarily.
**** Pls do not forget to rate our responses if that is useful to you ****
HTH
Rasika
12-08-2014 01:47 AM
what is this option ?
FlexConnect Learn IP Address.................. Disabled
Always 192.168.0.0 and 0.0.0.0 on WLC
it should block the pirate DHCP and authorize my DHCP server
12-08-2014 01:50 AM
This should be under WLAN "Advanced" tab. Since it is disabled, you cannot tick the "DHCP Address Assignment" Option. That's what previously provided error message states.
Do you have "FlexConnect" mode AP deployed in your setup to use this WLAN ?
HTH
Rasika
12-08-2014 01:55 AM
option FlexConnect Learn IP Address and DHCP Address Assignment Required is enable but still 192.168.0.0 and 0.0.0.0
it should block the pirate DHCP and authorize my DHCP server
12-08-2014 02:24 AM
Click that client & remove (Monitor -> Client - > Select client -> Remove) & see if that connects again.
If it showing again, trace the mac-address of the client & see from where you learn that MAC address.
HTH
Rasika
12-08-2014 02:26 AM
I'm coming remove client 192.168.0.0 and over client 192.168.0.0
if a rogue AP how to do to prohibit ?
or make an ACL to prevent pirate DHCP
12-08-2014 02:30 AM
I'm coming remove client 192.168.0.0 and over client 192.168.0.0
Did not understand what you say here. Did you able to remove the client ? Did it reappear ?
if a rogue AP how to do to prohibit ?
If it is Rogue AP, it should come from wired side & should not appear as a wireless client
Let me know
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide