Bill,

The network topology that fails is not very clear from your email. 

Is it DHCP Server <--> Router/L3 switch <--> CAS <--> Router/L3 switch
<--> User ?

If so, do you have helper addresses defined on the router near the user?
Also, do you have DHCP relay enabled on the CAS?  Do you see requests
coming into the DHCP server?  Into the CAS (/var/log/dhcplog)?

-Rajesh.

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of William Doyle
Sent: Tuesday, November 14, 2006 9:23 AM
To: [log in to unmask]
Subject: filter/dhcp

Good Day,

I'm hoping the solution to this is one of those embarassingly obvious
one s.

I created a role for copyright violators and allow all IP traffic to a
DN S server, a DHCP server and a web server with a message regarding
their violation. I then created a filter of the violators MAC and assign
them t o the copyright role.

I tested it on the same subnet as the DHCP server and everything was
fine . 
However, it is not possible to obtain or renew an address across a
router . 

Without filtering DHCP is OK.

Thanks,

Bill Doyle