04-17-2008 06:50 AM - edited 03-09-2019 08:32 PM
Hello.
I have CAM (manager) which is configured as L2 OOB real-ip gateway. central deployment.
ethernet 0 (trusted) is L3. (ip add x.x.x.x)
ethernet 1 (untrusted) is .1q and several authentication vlans (a,b,c,d) are connected to it.
of cause managed subnets are configured for auth vlans on eth1.
Manager is configured as dhcp-relay.
Is it ok that manager changes dhcp packets to the dhcp server so that it's ethernet 0 ip address (x.x.x.x) becomes the source address of the requests to the dhcp server?
how can dhcp server recognize auth vlan a from auth vlan b if all packets have the single source (x.x.x.x)???
Where could be my mistake?
Regards
04-23-2008 01:31 AM
Hello varnavsky!
You have to configure vlan mapping (at the CAM) for all authentication vlan! After the authentication and posture validation, the NAC client won't give a new IP address, so the client has to have an IP address from the proper access vlan. When you configure these vlan mappings CAS always acquire an IP address from the proper range.
By(e) Miki
04-23-2008 06:46 AM
Hi, Mike.
I don't think so. vlan mapping is NOT applicable to Real IP GW.
I've sniffed dhcp-requests from the auth vlans to dhcp server. They are all from the single ip address (NAC Server eth0-trusted). But inside there is the ip address of the untrusted interface - as dhcp relay agent ))
I've solved this issue. It's ok =)
04-24-2008 01:04 AM
Hi varnavsky!
You are right! I thought you are in VGW mode, so I'm sorry.
You mentioned you had solved this problem. How does it work finally?
By(e) Miki
04-24-2008 01:24 AM
Hi, Mike.
Yes, it's done.
If you have any questions try to help you.
Today I'm fighting with AD+SSO+LDAP so that users can get vlan accourding to their OU in the AD. There are still some problems.
And at the next week I'll try vlan mapping in the VGW mode =)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: