Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISG + ip subscriber l2-connected + ip unnumbered + DHCP relay

Cisco 7206VXR.
IOS: c7200-advipservicesk9-mz.122-33.SRE1.bin

Some VLANs come to Cisco 7206. I need:

1. Client from one of these VLANs connects, DHCP server (ISC-DHCP) gives IP from 192.168.0.0/24 subnet.
2. Try to transparent authorize client  by his MAC address
3. If MAC authorization is failed, client is redirected to page of authorization.

Example of one subinterface:


interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip unnumbered Loopback1
ip helper-address 192.168.1.2
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address


Loopback 1:

interface Loopback1
ip address 192.168.0.1 255.255.255.0



The problem:

With such config, client connects to network, get IP (one of 192.168.0.0/24) by DHCP, but can't connect to Internet.

Ping gateway (192.168.0.1) is temporaly.

Ping DCHP server (192.168.1.2) is failed.

Пинг DHCP сервера (192.168.1.2) - также отсутствует.

On the 7206 I don't see any onformation about subscriber session:
sh subsc sess | incl IP - there is nothing.

Let's edit config:

remove Loopback 1, ip unnumbered and set IP address (192.168.0.1) in subinterface:

interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip address 192.168.0.1 255.255.255.0
ip helper-address 192.168.1.2
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address



In this case - all works fine.  Client get IP from DHCP server.
At first client try transparent authorize by his MAC address. If it's failed, his browser will be redirected to authorization page.
I see subscriber session on Cisco 7206:

Router_PPPoE#sh subsc sess | incl IP
1500    IP           unauthen      Local Term   192.168.0.100        00:00:00


Now change config again:
Exclude DHCP. Set ip unnumbered and on the client set static IP 192.168.0.13 and in the Cisco set route to the client.

interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip unnumbered Loopback1
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address

ip route 192.168.0.13 255.255.255.255 GigabitEthernet0/2.25

In this case everything works fine too. I see subscriber session on Cisco 7206.

Router_PPPoE#sh subsc sess | incl IP
624 IP unauthen Local Term 192.168.0.13 00:00:07


So, how I can stick together both configs - as begin of topic?

ISG + ip unnumbered + ip subscriber l2-connected + DHCP relay

1658
Views
0
Helpful
0
Replies
CreatePlease login to create content