Security

 View Only
  • 1.  ClearPass - new vlan dhcp problem

    Posted Oct 10, 2024 03:59 PM

    Hi All,

    I have a ClearPass that do 802.1x with AD. Users are authenticating in VLAN X for wireless and wired network.
    Lately, wanted to divide those access leaving wired users in VLAN X, and putting wireless users in new VLAN Y.

    But when i changed it on CPPM, users are not getting an IP address. from VLAN Y. Does anybody has similar case?

    Regards

    M,



  • 2.  RE: ClearPass - new vlan dhcp problem

    Posted Oct 10, 2024 04:49 PM

    Does the VLAN/VLAN-Name exist on the device the client is authenticating from (Switch, Controller, AP, etc..) Also see if you are sending back a role. On the Wireless or Wired connections a role may have a VLAN tied to it at that level, which may be overriding the VLAN you send back after an auth.



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: ClearPass - new vlan dhcp problem

    Posted 30 days ago
    Edited by mbrodzin 30 days ago

    Hi,

    I can see client's mac address in new VLAN Y on switchport where AP is connected. 

    Everything is working ok apart from assigning IP address.

    Regards

    M.




  • 4.  RE: ClearPass - new vlan dhcp problem

    Posted 30 days ago

    Hi.

    Dustin already covered most topics. It depends on what wifi you are using. Controller or Instant based. In controller based do you use tunnel or local breakout. 

    I usually found that vlan is not carried to the controller or AP and in many cases where centralized dhcp is used I found that dhcp helper address is missing on L3 interfaces.

    So as Dustin wrote:

    1. check what role you are sending to the controller/ap
    2. check if the role exist on controller/ap
    3. check if the role on controller/ap has a correct vlan configured 
    4. check if this vlan is configured on switch port where controller/ap is connected
    5. check if all uplinks in the path have correct vlan added
    6. check if dhcp is active on the subnet or has dhcp helper configured correctly 
    7. check if dhcp-snooping block the requests and adjust trusted ports/servers accordingly

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 5.  RE: ClearPass - new vlan dhcp problem

    Posted 30 days ago
    Edited by mbrodzin 30 days ago

    Hi,

    I can see client's mac address in new VLAN Y on switchport where AP is connected. 

    Everything is working ok apart from assigning IP address.

    Regards

    M.




  • 6.  RE: ClearPass - new vlan dhcp problem

    Posted 30 days ago

    Easy thing to check is to assign VLAN Y to another port as access vlan and connect laptop there so you can see, if dhcp request/response goes through.

    You need to check why dhcp response is blocked. Check dhcp-snooping if configured and dhcp server/helper setup.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------