User is going through 2 CASs to get to DHCP server?

-Rajesh.
 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of William Doyle
Sent: Wednesday, November 15, 2006 8:50 AM
To: [log in to unmask]
Subject: Re: filter/dhcp

Sorry,

The topology is DHCP server <--> CAS <--> router <--> CAS <---> user

The DHCP server is on the same subnet as the CAS.

The router has helper addresses and without a filter the machine can
release/renew no problem.

I applied the filter (which redirected properly) and released the
address, this release is logged in the DHCP server.

The renewal failed and there is no log of a request on the server.

Bill



At 10:41 AM 11/14/2006, Rajesh Nair (rajnair) wrote:
>Bill,
>
>The network topology that fails is not very clear from your email.
>
>Is it DHCP Server <--> Router/L3 switch <--> CAS <--> Router/L3 switch 
><--> User ?
>
>If so, do you have helper addresses defined on the router near the
user?
>Also, do you have DHCP relay enabled on the CAS?  Do you see requests 
>coming into the DHCP server?  Into the CAS (/var/log/dhcplog)?
>
>-Rajesh.
>
>-----Original Message-----
>From: Cisco Clean Access Users and Administrators 
>[mailto:[log in to unmask]] On Behalf Of William Doyle
>Sent: Tuesday, November 14, 2006 9:23 AM
>To: [log in to unmask]
>Subject: filter/dhcp
>
>Good Day,
>
>I'm hoping the solution to this is one of those embarassingly obvious 
>one s.
>
>I created a role for copyright violators and allow all IP traffic to a 
>DN S server, a DHCP server and a web server with a message regarding 
>their violation. I then created a filter of the violators MAC and 
>assign them t o the copyright role.
>
>I tested it on the same subnet as the DHCP server and everything was 
>fine .
>However, it is not possible to obtain or renew an address across a 
>router .
>
>Without filtering DHCP is OK.
>
>Thanks,
>
>Bill Doyle