cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1346
Views
0
Helpful
8
Replies

NAC L2 OOB and DHCP problem

wkamil123
Level 1
Level 1

I have a problem with assignment a IP address from DHCP server to a user.

I added VLAN mapping and IP address to a Managed Subnet from access VLAN subnet.

User sends request for a IP address through CAS eth1 interface.

CAS eth0 interface get replays from DHCP server on interface eth0 but do not forward to a user through eth1.

I tested using tcpdump on eth1 and eth0. I see the user MAC address requesting for a IP address on eth1 and replays from DHCP sending to this user MAC address on eth0 interface.

I don’t know where is the problem.

If VLAN mapping are incorrect configured then eth0 interface do not get replays from DHCP.

8 Replies 8

Faisal Sehbai
Level 7
Level 7

Hi,

Post a network diagram of your layout with vlan and ip information.

Thanks,

Faisal

Hi,

Please find attached file network diagram.

Regards Kamil

Kamil,

Your 3560 in the picture; What code is it running?

Also I'm sure you're aware of it, but running CCA in VM isn't really supported so for labs and/or forum support it's kosher, but if you call in TAC with this setup, you'd have a tough time getting support for it!

Faisal

Faisal,

The 3560 IOS version 122-35.SE5.

This NAC it's for testing in labs only. I don't have purchased support for it.

So, I want to simulate a network to deploy the CCA for one of my client.

I had CCA in 4.1.8 version, maybe this is a problem?

Kamil

Kamil,

4.1.8 is fine. How do you have your NICs defined in the VM for the CAS? Are they physically two NICs or two VMNets?

Faisal

Faisal,

Two NIC of CAS are bridged to two physical NICs.

Kamil

Kamil,

Do port-span captures on both of the switchports where your CAS trusted and untrusted are plugged in. If you're only using tcpdump on the CAS, that won't work because of the way click routing works.

Setup up both ports for spanning, and capture on another machine, and see whether the DHCP reply makes its to to the trusted interface. If yes, is it making it out the untrusted interface?

Faisal

Faisal,

Thank's for your replay.

I'm installed VM Server 2.0 on workstation using Windows 7, so I identify that maybe windows firewall blocking traffic.

I turned off it and the PC get IP address from DHCP server but on the sixth time the problem come back.

I think that when I changed or bounce port on the switch through CAS. Then the MAC address table on the switch it's aged out after 300 second (default value).

What else I notice that when I connected the PC to switch port and are sending request for IP. The port on the switch connected to the CAS untrusted interface is blinking green and amber. This port has many CRC errors.

The speed and duplex for this port is in auto mode.

Kamil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: