DHCP passthrough not working in in-band mode

Answered Question
May 13th, 2010
User Badges:

Hi Faisal,


wireless client is not getting ip address from dhcp server via CAS server,


here is the scenario,

1. inband cas network configuration:



Trusted Interface (to protected network)Untrusted Interface (to managed network)
IP Address
Subnet Mask
Default Gateway
Set management VLAN ID: 
Pass through VLAN ID to managed network
IP Address
Subnet Mask
Default Gateway
Set management VLAN ID: 
Pass through VLAN ID to protected network



2. wireless clients are in untrusted vlan which is 104 and I've mapped the 104 vlan to 400 (trusted vlan)


untrusted vlan                                          trusted vlan

140                                                        400


3. Managed subent


ip subent                                                                               vlan

10.161.136.5 / 255.255.248.0                                                140


10.161.136.5 is ip subnet for trusted vlan 400



4. ARP entry is not configured



in switch, untrusted and trusted ports are configured as trunk port and allowed untrusted and trusted vlans respectively.

when we move wireless client into vlan 400 manually its getting ip address but when wireless client is in vlan 140 its not getting ip address and in switch configuration both trusted and untrusted ports are trunk port and using native vlan is 1


from WLC to switch port is also trunk port and allowed for all vlans


do I need to configure ARP entries or what other configurations are needed to work CAS as a DHCP passthrough.


Thank you

Correct Answer by Faisal Sehbai about 7 years 1 month ago

Laxman,


Three things:

- If it's in VGW, trusted and untrusted interfaces must have same IP address

- Uncheck the "pass through VLAN" on both sides

- Move away from VLAN 1 if possible!


HTH,

Faisal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Faisal Sehbai Fri, 05/14/2010 - 12:31
User Badges:
  • Gold, 750 points or more

Laxman,


Three things:

- If it's in VGW, trusted and untrusted interfaces must have same IP address

- Uncheck the "pass through VLAN" on both sides

- Move away from VLAN 1 if possible!


HTH,

Faisal

blaxucisco Mon, 05/17/2010 - 01:31
User Badges:

Hi Faisal,


Thank you for your answer. DHCP passthrough is now working without changing anything in CAS. Some vlan configuration wasn't in switch so that I got the problem. we have configuration of CAS is in HA mode in HSRP environment. and current configuration which I have posted here is working smoothly. I want to know the impact of corrent configuration (different ip address of trusted interface and untrusted interface, passthrough VLAN ID to managed network is checked).


now I need to configure ADsso. can you please check the ktpass command and suggest me it is correct or not?


environment is here..


Number of DCs              =  3
OS of DCs                    =   windows 2008 standard (SP2)
AD domain functionality  =    Mixed mode with 2003
Domain name                = laxman.com

Domain user name        = ssouser


Command is here

=================

ktpass –princ [email protected] -mapuser ssouser -pass password123 -out c:\output.keytab –ptype KRB5_NT_PRINCIPAL

+DesOnly


Thank you

Actions

This Discussion