Wireless Access

Hi there,

 

I'm trying to get DHCP info from my controllers to ClearPass, but without the controller having an IP address on the network. Is this possible?

 

Regards,

Add a second helper address to whatever interface the default gateway is on.

Not possible but you can use IF-MAP if you are trying to get profiling information:
https://community.arubanetworks.com/t5/Controller-Based-WLANs/IF-MAP-support-in-Aruba-controller-for-device-profiling-in/ta-p/467340

Ideally you should add ClearPass as an additional DHCP helper at CORE or Distribution where the SVI lives

Sent from Mail for Windows 10

@victor fabian: Unfortunately IFMAP only gets me user agent, and sometimes that is not enough.

 

@cjoseph: gateway runs DHCP server. So I'm unable forward the requests to a different server (ClearPass).

You have few options.  A device that does not have an ip address cannot relay dhcp traffic because it has no idea what subnet it is on... Move the dhcp server to the controller and then relay from the default gateway.

What I found to work as well is, to assign an 'out of range' IP address to the interface and apply the dhcp relay on that. For example 10.254.38.1/30, 10.254.38.3/30; then make sure you don't use these addresses. Also, be aware that if someone knows these IP addresses and statically configures a device in the same subnet, the controller may be accessible over there.

Cisco has a cool feature where the controller forwards DHCP fingerprints to RADIUS, without having an IP on the network.

So, for a guest network (as an example), the controller will never be reachable from the guest, yet ClearPass can get dhcp info.

Isn't there something like this? Can't IFMAP also forward dhcp fingerprint?