LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

November 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS November 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: filter/dhcp
From:	William Doyle <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 16 Nov 2006 06:50:15 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (79 lines)

No. 1 CAS in virtual gateway mode. The 2 instances represent the
trusted/untrusted interfaces.

Bill

> User is going through 2 CASs to get to DHCP server?
>
> -Rajesh.
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of William Doyle
> Sent: Wednesday, November 15, 2006 8:50 AM
> To: [log in to unmask]
> Subject: Re: filter/dhcp
>
> Sorry,
>
> The topology is DHCP server <--> CAS <--> router <--> CAS <---> user
>
> The DHCP server is on the same subnet as the CAS.
>
> The router has helper addresses and without a filter the machine can
> release/renew no problem.
>
> I applied the filter (which redirected properly) and released the
> address, this release is logged in the DHCP server.
>
> The renewal failed and there is no log of a request on the server.
>
> Bill
>
>
>
> At 10:41 AM 11/14/2006, Rajesh Nair (rajnair) wrote:
>>Bill,
>>
>>The network topology that fails is not very clear from your email.
>>
>>Is it DHCP Server <--> Router/L3 switch <--> CAS <--> Router/L3 switch
>><--> User ?
>>
>>If so, do you have helper addresses defined on the router near the
> user?
>>Also, do you have DHCP relay enabled on the CAS?  Do you see requests
>>coming into the DHCP server?  Into the CAS (/var/log/dhcplog)?
>>
>>-Rajesh.
>>
>>-----Original Message-----
>>From: Cisco Clean Access Users and Administrators
>>[mailto:[log in to unmask]] On Behalf Of William Doyle
>>Sent: Tuesday, November 14, 2006 9:23 AM
>>To: [log in to unmask]
>>Subject: filter/dhcp
>>
>>Good Day,
>>
>>I'm hoping the solution to this is one of those embarassingly obvious
>>one s.
>>
>>I created a role for copyright violators and allow all IP traffic to a
>>DN S server, a DHCP server and a web server with a message regarding
>>their violation. I then created a filter of the violators MAC and
>>assign them t o the copyright role.
>>
>>I tested it on the same subnet as the DHCP server and everything was
>>fine .
>>However, it is not possible to obtain or renew an address across a
>>router .
>>
>>Without filtering DHCP is OK.
>>
>>Thanks,
>>
>>Bill Doyle
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU