Wired Intelligent Edge

Hi

I have a great troubleshoot for the following scenario

I have deployed a colourless port model at one of our clients premises and it works absolutely fine with clearpass for authentication and DHCP server for applying their atributes.

The current set up is a 3-tier network topology model, where access switches connect via distribution switches 8320's to core switches, likes of 8400's.

The issue im having is when Im applying the aaa commands for clearpass to a daisy chained Access switch to another Access switch, the devices get their attributes from the DHCP server but does not get an ip address.

The devices are not pingable either.

Can any one help in regards to what could be causing this block.

Regards
Suhayb

Hi Suhayb

Not sure what you are trying to achieve here. Could you please share the configuration of the two daisy chained access switch plus the one where your layer3 interface (e.g. interface VLAN XX) for the respective network is defined?

Furthermore, IMHO Clearpass cannot act as DHCP server (e.g. to lease IP addresses to a DHCP client) itself, it just receives DHCP Discover messages if configured such to do DHCP fingerprinting but never replies to it. So you need at least another DHCP server on the same broadcast domain or another DHCP helper entry in your configuration to a "real" DHCP server. Do you have such a configuration?

Regards,
Thomas
Original Message:
Sent: Dec 15, 2022 06:23 PM
From: Mohammed Suhayb
Subject: Daisy chained Access switch to another Access switch not getting the ip from DHCP scope via Clearpass

Hi

I have a great troubleshoot for the following scenario

I have deployed a colourless port model at one of our clients premises and it works absolutely fine with clearpass for authentication and DHCP server for applying their atributes.

The current set up is a 3-tier network topology model, where access switches connect via distribution switches 8320's to core switches, likes of 8400's.

The issue im having is when Im applying the aaa commands for clearpass to a daisy chained Access switch to another Access switch, the devices get their attributes from the DHCP server but does not get an ip address.

The devices are not pingable either.

Can any one help in regards to what could be causing this block.

Regards
Suhayb

You need to check the role assignment for the switches. Does the role contains the correct vlan with DHCP Server access and policy to allow the DHCP packets.

------------------------------
Shobana
Aruba
------------------------------

Original Message:
Sent: Dec 19, 2022 01:48 AM
From: thomasbnc
Subject: Daisy chained Access switch to another Access switch not getting the ip from DHCP scope via Clearpass

Hi Suhayb

Not sure what you are trying to achieve here. Could you please share the configuration of the two daisy chained access switch plus the one where your layer3 interface (e.g. interface VLAN XX) for the respective network is defined?

Furthermore, IMHO Clearpass cannot act as DHCP server (e.g. to lease IP addresses to a DHCP client) itself, it just receives DHCP Discover messages if configured such to do DHCP fingerprinting but never replies to it. So you need at least another DHCP server on the same broadcast domain or another DHCP helper entry in your configuration to a "real" DHCP server. Do you have such a configuration?

Regards,
Thomas
Original Message:
Sent: Dec 15, 2022 06:23 PM
From: Mohammed Suhayb
Subject: Daisy chained Access switch to another Access switch not getting the ip from DHCP scope via Clearpass

Hi

I have a great troubleshoot for the following scenario

I have deployed a colourless port model at one of our clients premises and it works absolutely fine with clearpass for authentication and DHCP server for applying their atributes.

The current set up is a 3-tier network topology model, where access switches connect via distribution switches 8320's to core switches, likes of 8400's.

The issue im having is when Im applying the aaa commands for clearpass to a daisy chained Access switch to another Access switch, the devices get their attributes from the DHCP server but does not get an ip address.

The devices are not pingable either.

Can any one help in regards to what could be causing this block.

Regards
Suhayb