NAC Agent DHCP release/renew

Unanswered Question
Jun 17th, 2010

Howdy all,

We're running 4.7(2) in L3, OOB, VGW.

At a field office we have a router serving DHCP for both the Untrusted(vlan10) and the Access(vlan25) vlans.

Everything works fine.  A user plugs in, gets a vlan 10 address, the Agent pops up and does it's thing and release/renews the IP after the CAM changes the switchport to the Access vlan.  Nice and smooth the PC is in the Access vlan25 and works great all day.

Enter the Generic 5:55am every day.  Said PC is Kicked by the CAM and the switchport is moved back to vlan10.  If the PC was not there, no problem.  Return to the top of this email.

However, if the PC was left on and Locked, it is suddenly stuck in vlan10 with a vlan25 address.  When the user returns to their PC at 8am they have no connectivity.  Rebooting clears things up.  Or, it appears that manually doing an "ipconfig /release"  then "renew" will also get things moving.  But we have an aggravated user who is probably going to call the Helpdesk.

How can we get that vlan25 address released when the PC is Kicked?  or, is there a better way to do all this?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kumezawa Thu, 06/17/2010 - 15:44


Brief initial testing looks good. I will let my test PC get punted overnight and if that goes well I will distribute the "VlanDetectInterval" change to a larger testbed tomorrow.

In my world I have a large chunk of users that are Layer 2 OOB (using the same CAS.)  Obviously they do not have to change IP's back and forth.  Can you think of a reason it might cause any issues to have the "VlanDetectInterval" parameter on these PC's that are Layer2 OOB ?  I'd prefer to have just one config file for all my PC's.  whether they are L2 or L3.

thanks for your time!

Faisal Sehbai Fri, 06/18/2010 - 10:40


Theoratically it shouldn't have any effect. I would test it though thouroughly with the other setup machines too!




This Discussion

Related Content