Setup DHCP Reservation on Cisco Router/Switch

If you want to configure a DHCP reservation on a switch or router, gather the MAC address of the device. If you are unsure of the MAC address of the device, you can find the current IP address and issue the following commands to get the MAC address and clear the DHCP binding before you create the pool.

show ip dhcp binding | include
clear ip dhcp binding

Next, run the following commands to setup the reservation. Obviously change the pool name and the IP addresses referenced to match your environment. You may notice that the client-identifier below is 14 digits rather than 12 like a standard MAC address. You have to append 01 in front of the MAC address.

ip dhcp pool My_Reservation
client-identifier 01f0.cba1.6916.96
domain-name yourdomain.local

NPS Certificate Setup for PEAP/EAP-MSCHAPv2 Wireless Authentication on Windows Server 2008

So if you find yourself wanting to use PEAP 802.1x authentication, you will need to make sure there is a certificate bound to the PEAP authentication method on the network policy. In order to get the right type of certificate, you should follow the steps below. Note: In my case, I was unable to add a regular “Computer” enrollment so I had to follow the steps below to get it working. If you find yourself able to enroll a “Computer” certificate at step 9 below, you can ignore steps 1-8.

  1. In the Certificate Templates Console, under Template Display Name, find Computer. Right-click it, click Duplicate Template, and then click OK.
  2. In Properties of New Template, on the General tab, under Template display name, type a name for your new template. You can use something like Wireless Authentication. While you are on the General tab, you can also set a validity period. By default it will be 1 year. Do not select more than 2 years or some additional tweaking will be required (steps not listed here).
  3. Click the Security tab. Here is where you need to add permission for you to enroll. Click Authenticated Users and check the box next to Allow for Enroll. Click OK and now you’ll see the new certificate template at the bottom of the list.
  4. Close the Certificate Templates console. Click Start, Run, certsrv.msc, enter. This will open the local Certification Authority console.
  5. Right-click the Certificate Templates folder, point to New, then click Certificate Template to Issue. Scroll down the list and find the new template you created. The name I suggested was Wireless Server Auth but you might have picked something else. Highlight this template and then click OK. Now you should see that it is added to the list of Certificate Templates.
  6. While you are in this console, click on the Issued Certificates container. You should see a list here of all the certificates that this CA has issued. You can also view Pending Requests (for certificates that require approval before being issued) and Failed Requests (there was a problem issuing the cert).
  7. Go back to the local computer certificate console (Start, Run, mmc, enter, File… Add/Remove Snap-in, Certificates, Add, Computer account, Next, Local computer Finish, OK). Right-click the container under Personal\Certificates, point to All Tasks, Request New Certificate, Next, Next. You should now see the Wireless Authentication certificate. Choose it and click Enroll. At this point you should now see another certificate in the list. You can tell which one is the one you just issued by looking at the details tab and viewing Certificate Template Information.
  8. Go back to PEAP properties in the Network Policy and choose the newly created certificate.

Exchange 2007/2010 Internal Relay Receive Connector Does Not Relay

So you’re working with Exchange 2007/2010 and you’ve got the need to allow some internal applications, PCs, or servers to relay mail through the Exchange server, but it doesn’t seem to be working even though you’ve got the receive connector created with the right properties:

  1. Connector type: Custom
  2. Authentication: TLS, Externally Secured
  3. Permission Groups: Anonymous
  4. Network: IP addresses listed of the servers/PCs you want to be able to relay from

You need to do one last step to allow anonymous logon/relay, but it needs to be done with the Exchange Management Shell (EMS).

Let’s say your connector is named Internal Relay. Run the following command in EMS: Get-ReceiveConnector “Internal Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

That should do it. Test relay and you should see that it is successful.