ISG TAL EXTERNAL DHCP SUPPORT

javiercastro · ‎04-05-2010

I'm currently trying to setup an ISG using TAL (transparent autologon). I already tested it using the ISG as a DHCP server and it works good.

But now I'm trying to make it work using an external DHCP server configuring dhcp relay on ISG and it is not working.

I'm using the following configuration:

aaa group server radius CAR
server X.X.X.X auth-port 1812 acct-port 1813
!
aaa authentication login IP_SESSION group CAR
aaa authorization subscriber-service IP_SESSION group CAR
!
!
ip dhcp pool ISG
relay source <int0/3.1000500_network> 255.255.255.248
relay destination <dhcp_server_address>
!
!
policy-map type control IP_SESSION
class type control always event session-start
10 authorize aaa list IP_SESSION password PASSWORD identifier mac-address
!
class type control always event service-stop
!
!
!
interface GigabitEthernet0/3.1000500
encapsulation dot1Q 1000 second-dot1q 500
ip address X.X.X.X 255.255.255.248
service-policy type control IP_SESSION
ip subscriber l2-connected
initiator dhcp
!

As soon as I configure DHCP relay the permited CPE Mac_address begins flapping from authenticated state to disconnection.

The following message starts appearing:

SSS MGR [uid:910]: Failed to retrieve PM context

Any ideas?

I already tested the DHCP server configuring the interface as a normal IP interface and it works perfectly with the CPE.

CHARLES HEUPEL · ‎05-06-2010

Do you have these commands in your router?

ip dhcp relay information option

ip dhcp relay information policy keep

ip dhcp relay information trust-all

Also, check your access-list. The DHCP server IP address may need to be in your access-list depending on your architecture.