I am labbing dynamic VLAN assignment and have run into a small problem. The switchport is succesfully changing to the new VLAN, but my test PC seems to get an IP address in the native data VLAN before being moved to the new dynamic assigned VLAN. So when the switch changes the VLAN the PC keeps its old IP address and nothing talks any more.
Is this a Vista issue? I thought all of these problems were just issues in XP? Do I need to tweak any interface dot1x timers?
(Cat3750 with 12.2.55 / ACS5.1. Everything else is running fine by the way.)
It is strange that the PC gets IP address in the default VLAN if the VLAN changes.
Are you sure the VLAn on the switchport is changing as you expect?
If you do "sh run int", do you see the VLAN you expect?
When your PC gets the IP, are you sure it is getting it from the DHCP server or can it be just keeping its old IP?
Do you have DHCP server in the VLAN where you expect the PC to fall into after authentication?
If the VLAN assignment is working correctly, then the client PC traffic will only traverse the port after the Access-Accept is received contianing the new VLAN, and the DHCP Discovery will flow only on the new VLAN, not the default VLAN.
Can you take a sniffer trace spanning the port of the client PC so tat we can see in fact what is happening?
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
if i do a show run on the switchport the config hasnt changed, but i dont expect it to, as its not a permanent config change that you would want to be saved by a different admin user saving the config. You can see the debug report it is changing the VLAN:
Apr 19 09:22:56.263: %AUTHMGR-5-START: Starting 'dot1x' for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476 Apr 19 09:22:58.604: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/19, changed state to up Apr 19 09:22:59.560: %DOT1X-5-SUCCESS: Authentication successful for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID Apr 19 09:22:59.568: %AUTHMGR-5-VLANASSIGN: VLAN 12 assigned to Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476 Apr 19 09:22:59.585: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan12, changed state to up Apr 19 09:23:00.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/19, changed state to up Apr 19 09:23:00.315: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0014.c209.896f) on Interface Gi1/0/19 AuditSessionID C0A8FE250000000900291476
as well as checking with the show int switchport command and it is in v12 which is the dynamically assigned vlan
well i solved this issue, the cat 3750 dhcp serfer was screwed. I removed the pool and added it again and it worked. However, now it is working, it still seems odd that the client can pick up an ip address of the original VLAN before the switchover happens (i have a feeling this might be AD/GPO intentional but im not sure) but the point is the client does now change to a new IP address as the DHCP server is now working!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...