Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OOB VGW DHCP Passthrough device not getting IP address.

We are implementing NAC 4.7(2) in an OOB VGW configuration. I am attaching a PC to the port of a managed switch and the device is not getting an IP address. I have done packet captures to confirm that I do not see DHCP discovers or requests coming from the CAS or the PC.

The following information may help:

Management VLAN is 24 w/ IP address10.50.24.10

The VLAN mapping is: Trusted VLAN 32 ==> untrusted VLAN 632

Managed subnet IP address is 10.50.33.175 / 255.255.254.0 for VLAN 632 that matches the subnet range of VLAN 32 which is

10.50.32.0 / 255.255.254.0.

DHCP is of course passthrough

The managed switch port is in VLAN 632 when the machine is connected. I'm not sure how to troubleshoot this further.

Thanks!

Bob

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: OOB VGW DHCP Passthrough device not getting IP address.

Bob,

Are you trunking vlan 632 to the untrusted interface of the CAS? You say you've done captures to verify DHCP isn't happening. Where did you do those captures?

Faisal

2 REPLIES

Re: OOB VGW DHCP Passthrough device not getting IP address.

Bob,

Are you trunking vlan 632 to the untrusted interface of the CAS? You say you've done captures to verify DHCP isn't happening. Where did you do those captures?

Faisal

New Member

Re: OOB VGW DHCP Passthrough device not getting IP address.

Faisal,

Yes, trunking was set properly.

We did discover that the untrusted interface for on of the CAS appliances and once we connected the cable the mac-addresses for the vlan bridged.

Now I need to understand why. An initial guess was that the appliance that was disconnected was the active appliance and as such when a new device that had never been authenticated attached it couldn't send out it's DHCP discover packets as well as other things.

What confused me was that the PC I was testing with originally always connected. That makes sense because the device's MAC address was already in the DB.

Thanks!

Bob

337
Views
0
Helpful
2
Replies