• October 17, 2018, 07:40:49 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: DHCP scope and routing on RFS6000  (Read 2232 times)

0 Members and 1 Guest are viewing this topic.

Offline capsel22

  • Rookie
  • **
  • Posts: 2
DHCP scope and routing on RFS6000
« on: March 15, 2016, 08:48:40 AM »
Hi,

I have been tasked with setting up 2 DHCP pools on the actual RFS6000 controller.
We have always controlled DHCP on firewall and now it changed which proves to be difficult...

I have configured the scope, range and mapped it to virtual interface. This works as I do receive the requested DHCP range on virtual interfaces

However the issue is that it doesn't route out from the controller.
ie: VLAN10 DHCP pool 10.8.10.x/24 needs to go out on VLAN1 eth1

I'm guessing I am getting highly confused in default gateway, dhcp router and static routing setup.

DHCP 10.8.10.x configuration looks simple:
Subnet: 10.8.10.0/24
DNS: 10.8.10.100 (RFS) + 10.8.0.1 (network main dns)
Default router: 10.8.10.100 (RFS)
no static routes here

RFS Virtual interface config:
vlan1: 10.8.1.100
vlan10: 10.8.10.100

RFS has no static routes configured

I can ping from RFS 10.8.0.1 (main dns)

The question is, how do I route from DHCP scope to VLAN1 ?
You will notice I said two scopes, but i need to get one working first! :)

Config:

! Configuration of RFS6000 version 5.5.1.1-002R
!
!
version 2.3
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D                                                                                                                     HCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio                                                                                                                     n "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l                                                                                                                     ocal broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 tra                                                                                                                     ffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP tra                                                                                                                     ffic"
!
firewall-policy default
 no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
dhcp-server-policy Apex-HO-DHCP
 dhcp-pool CORPO
  network 10.8.10.0/24
  address range 10.8.10.100 10.8.10.200
  default-router 10.8.10.100
  dns-server 10.8.0.1 10.8.10.100
!
!
management-policy default
 http server
 https server
 ssh
 user admin password 1 d1f42f3c806f7282ed1dd91d548532837278d33e14ebfc87b7409a405ae2c76a role superuser access all
 snmp-server community 0 public ro
 snmp-server community 0 private rw
 snmp-server user snmptrap v3 encrypted des auth md5 0 motorola
 snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola
!
l2tpv3 policy default
!
profile rfs6000 Apex-RFS6000-Profile
 area "IT Room"
 floor 0
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface me1
 interface up1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge2
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge3
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge4
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge5
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge6
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge7
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface ge8
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface wwan1
 interface pppoe1
 use dhcp-server-policy Apex-HO-DHCP
 use firewall-policy default
 ntp server 10.0.0.102 prefer
 ntp server 194.35.252.7
 cluster name Apex-HO-Cluster
 service pm sys-restart
 router ospf
!
rf-domain default
 no country-code
!
rfs6000 00-15-70-D9-1A-78
 use profile Apex-RFS6000-Profile
 use rf-domain Apex-HO-Domain
 hostname Apex-HO-RFS6000-1
 license AP fc82b2760f6f1d20f1668cfca367a9984e0c61351408439fb91a7c73fef71c74851aadda9b000145
 spanning-tree mst cisco-interoperability enable
 area "IT Room"
 floor 0
 interface ge1
  switchport mode access
  switchport access vlan 1
 interface ge7
  switchport mode access
  switchport access vlan 10
 interface ge8
  switchport mode access
  switchport access vlan 20
 interface vlan1
  ip address 10.8.1.100/23
  ip dhcp client request options all
 interface vlan10
  description CORPO
  ip address 10.8.10.100/24
  no ip nat
 interface vlan20
  description GUEST
  ip address 10.8.20.100/24
 use dhcp-server-policy Apex-HO-DHCP
 logging console warnings
 logging buffered warnings
 ap300 00-23-68-23-B9-5C adopt
 no service pm sys-restart
 no use routing-policy
!
!
end


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: DHCP scope and routing on RFS6000
« Reply #1 on: March 15, 2016, 07:52:47 PM »
So is your issue routing or DHCP?
Does the wireless client receive DHCP or not?