Cal,

I've got an Workaround I've developed.

In order to make AireSpace dump the packets to a certain VLAN, you have
to assign it an IP address.

In CAM, under
Device Management > Clean Access Servers > Network > DHCP > Reserved
IP's

Create a new reserved IP, in the VLAN you are expecting the AireSpace
controller traffic from, with the IP you have assigned to the AireSpace
controller.

Goto the AireSpace controller (I don't have ACS/WCS) and put in the
SERVICE ADDRESS of the INTERNAL (untrusted) INTERFACE as the DHCP server
to Relay to.  (The one that your clients see as your DHCP server)  

If you watch the DHCP logs in CAS, you'll see the relay come in, once
you do this, it will start responding to it.

Caution.  I have experienced a problem when roaming between AireSpace
controllers with this setup.

I did manage to get an AireSpace engineer and a CCA engineer into the
same room, and they did get the roaming to work. I don't have the exact
fix yet, but I should have the detail's on Monday.  I believe it means
enabling L3, but like I said, I do not have the exact specifics.

I too wonder if they're is a AireSpace Mailing list... We've just made a
larger purchase of the product.

Mike


 

> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Rajesh Nair 
> (rajnair)
> Sent: Tuesday, November 08, 2005 2:17 PM
> To: [log in to unmask]
> Subject: Re: Airespace list?
> 
> Cal,
> 
> At the risk of appearing to air dirty laundry, here's the 
> reason why the DHCP functionality is not working as expected. 
> 
> When Airespace controllers are working in L2/bridging mode, 
> instead of forwarding DHCP requests, they "relay" DHCP 
> requests.  This is behavior contrary to RFC specs and the 
> CCA/Perfigo DHCP server rejects these requests because it 
> does not expect to see relayed packets within its broadcast 
> domain.  It believes that this is incorrect behavior, 
> therefore, DHCP doesn't work (for e.g. a malicious client 
> could act as a dhcp relay and get all the IP addresses if the 
> DHCP server were to allow such behavior). 
> 
> We are working internally to resolve this issue. The 
> resolution will be one of two - a) a fix to make the 
> Airespace controller RFC compliant or
> b) an exception handler option in CCA's DHCP server to allow 
> this behavior or both. 
> 
> Regards,
> -Rajesh.
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Tuesday, November 08, 2005 6:56 AM
> To: [log in to unmask]
> Subject: Airespace list?
> 
> Hi, all,
> Apologies for the cross-posting, but the interesting 
> questions lie at the intersections of things...
> 
> By any chance is there an Airespace user list out there? I'm 
> at the nexus of Airespace and Perfigo installations, and am 
> having a spot of trouble getting the two to interact the way 
> I need. You'd think now they're both Cisco products this 
> wouldn't be so hard, but I have yet to find someone in TAC 
> that speaks both languages.
> 
> Specifically, I can't seem to get Airespace units to transmit 
> DHCP requests properly to the Perfigo/CCA gateway and back to 
> the clients. I can use Airespace for DHCP for wireless 
> clients, but that's a clumsier system, with a shorter lease 
> time than I want.
> 
> Many thanks in advance.
> --
> --Cal Frye, Network Administrator, Oberlin College
>    www.ouuf.org, www.calfrye.com
>    Say Yes Twice for Oberlin Schools!   www.oberlinyesyes.com
> 
>   "Dulce bellum inexpertis (War is delightful to the inexperienced)."
> --Erasmus.
>