Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

IDM and DHCP

Jarosław Opalka
Occasional Advisor

IDM and DHCP

Hello.

In my network I'm using 5400 and 2600 switches.
I have configure on them MAC authentication with IDM and IAS. With 2600 switches everything is ok, but with 5400 there is a problem with DHCP.
In IDM and IAS I have information, that access is granted, but computers can't get IP address.
If computer has static IP - everything is ok.

RACL on switch:
-----
permit in ip from any to 10.0.0.0/16 cnt
-----
DHCP server: 10.0.1.52

How can i solve this problem ?
10 REPLIES
cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

please send me
5400 switch show run print
5400 switch show log print
2600 switch show run print
2600 switch sh log print
cenk

Jarosław Opalka
Occasional Advisor

Re: IDM and DHCP

Files in attachment.
cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

I can see 3 dhcp server on your system

which port connect dhcp servers
cenk

cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

your dhcp and radius server have other network subnet

therefore must be write ip helper address command for dhcp

5400 switch
(vlan-1)# ip helper-address 10.0.1.52
(vlan-1)# ip helper-address 10.0.1.67
(vlan-1)# ip helper-address 10.0.1.72


cenk

cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

and must be trust port router lan interface

(10.100.0.1 device switch connection port)
cenk

Jarosław Opalka
Occasional Advisor

Re: IDM and DHCP

Radius and DHCP server are in the same network subnet: 255.255.0.0, but even if I disable dhcp-snooping feature nothing is changing.
And now I see other strange behaviour:
if I enable port-access mac-based on port, in device log I got messages:
----------
I 03/26/09 22:42:53 00076 ports: port A1 is now on-line
I 03/26/09 22:42:43 00435 ports: port A1 is Blocked by AAA
I 03/26/09 22:42:42 00077 ports: port A1 is now off-line
I 03/26/09 22:42:41 00435 ports: port A1 is Blocked by AAA
I 03/26/09 22:42:39 00077 ports: port A1 is now off-line
I 03/26/09 22:31:14 00435 ports: port A1 is Blocked by AAA
----------
It takes something about to 10 minutes to get access to network.
Why ?
cenk sasmaztin
Honored Contributor

Re: IDM and DHCP


if your vlan ip adress
10.100.0.4 255.255.0.0

if your dhcp-radius server ip address 10.0.1.52 255.255.0.0

imposible same vlan two address imposible....

dhcp server or radius server can't reach switch
cenk

cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

dhcp server and your switch vlan not same network

255.255.0.0 mask include 255.255.(255).(255) address

your ip architecture

vlan ip 10.100

dhcp server 10.0

imposible same network imposible .....



cenk

cenk sasmaztin
Honored Contributor

Re: IDM and DHCP

ip default-gateway 10.100.0.1 address your default gateway you can reach radius server
on this default gateway address

dhcp message travel broadcast and unicast frame with imposible routing

there fore you can write ip helper command




cenk

Jarosław Opalka
Occasional Advisor

Re: IDM and DHCP

When IDM is not working - everything is ok. This is no ip helper problem.
Problem with 10 minutes waiting is even with devices with static IP address.