Relay User ID of dot1x in DHCP Snooping relay information

sammol_1120 · ‎08-29-2012

I have read the document and here it one of the statement that mention the user identity information can be relayed to the DHCP server

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1x.html#wp1132818

The switch will automatically insert the authenticated user identity information when 802.1X authentication and DHCP snooping option-82 with data insertion features are enabled. To configure DHCP snooping option-82 with data insertion, see the

"DHCP Snooping Option-82 Data Insertion" section

.

But I tried to enable the option-82 data insertion and successfully login the port dot1x. The username is not in the DHCP discovery packet. Only the circuit ID and remote ID. And it is default the vlan-mod-port and the Mac address of the switch.

Is anyone can point me the right way to enable the switch to relay the User ID of dot1x? Thanks.

The client is connected to g1/0/1-2 and the server is connected g1/0/24.

And here is my configuration.

C3750#show ru

*Mar 1 01:20:08.937: %SYS-5-CONFIG_I: Configured from console by consolen

Building configuration...

Current configuration : 4228 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname C3750

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$3IFA$jiSNUrXGM5A28kdnKiuKD.

enable password enapass

!

username root secret 5 $1$EF9J$it5DPKNyjosPoAFEtEvnG1

!

aaa new-model

!

aaa authentication dot1x default group radius

!

aaa session-id common

switch 1 provision ws-c3750g-24ts

system mtu routing 1500

ip routing

ip dhcp use subscriber-id client-id

!

ip dhcp class C!

!

ip dhcp class C1

relay agent information

!

ip dhcp snooping vlan 99

ip dhcp snooping

cluster enable C3750C 0

!

crypto pki trustpoint TP-self-signed-1362503424

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1362503424

revocation-check none

rsakeypair TP-self-signed-1362503424

!

crypto pki certificate chain TP-self-signed-1362503424

certificate self-signed 01

3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31333632 35303334 3234301E 170D3933 30333031 30303032

30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33363235

30333432 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100CA40 660589A9 565DBB85 1368827F A37687CC 9CD238CB F6EA06C7 901D2728

3510761A 7E3FD703 D1B93AB3 730C6C33 24062FCC 3D6E3F62 452019C7 57252FCC

5B08D24D C892DF77 82139249 FAD8FE38 7E103DBA 32657132 25593655 F77503CE

2F47B546 46677038 8A80EECE 603E0FB4 6263C703 918C4DC8 BA254E13 EA687E9A

D53F0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603

551D1104 0A300882 06433337 35302E30 1F060355 1D230418 30168014 66472F7C

8712C3FC 477C04D4 05618371 446452C4 301D0603 551D0E04 16041466 472F7C87

12C3FC47 7C04D405 61837144 6452C430 0D06092A 864886F7 0D010104 05000381

8100BB05 CD142DA6 9B30080C 9803B119 0326D1A6 2BAEB1C8 99096EED 5A58DF2D

8C45701B 58D1E932 C107F27E 653F8501 8DE389D1 73FE3387 7E31E99F CA214F00

27B0C8C3 CA2CC39B 4DCDA126 1CF81BC4 AFD95BFD FDED34D5 524E9D5E 7AB9F56B

907E35BC D11DF466 6D8F7F03 FFF8A64D 9F12F790 C985E99C C7E9E467 043C46F3 0CA3

quit

dot1x system-auth-control

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/0/1

switchport access vlan 99

switchport mode access

authentication port-control auto

dot1x pae authenticator

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport access vlan 99

switchport mode access

authentication port-control auto

dot1x pae authenticator

spanning-tree portfast

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.99.1 255.255.255.0

ip helper-address 192.168.100.200

!

interface Vlan100

ip address 192.168.100.1 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

radius-server host 192.168.100.200 auth-port 1812 acct-port 1813 key testing123

!

line con 0

exec-timeout 0 0

speed 115200

line vty 0 4

password vtpass

line vty 5 15

password vtpass

!

end

gabrielavila8 · ‎07-12-2016

Hi sammol_1120, Do you resolve this issue? I'm getting the same problem.

Hope you can help me with.