Header Only - DO NOT REMOVE - Extreme Networks

Configure DHCP server on EXOS Switch enabled with Netlogin

  • 22 February 2017
  • 11 replies
  • 639 views

I have configured DHCP server on Extreme X440 G2 Switch and it is working as expected. Now i want to add the the Switch into NAC control engine which eventually enables netlogin session.

I believe the DHCP server will provide leases only on systems connected on particular vlan enabled ports. Below command for reference.

  • enable dhcp ports vlan
But netlogin session will have dynamic vlan assigned to the ports based on dot1x/mac and above mentioned command is a contradict to that.

Can someone help me on this?

11 replies

Userlevel 7
[Incorrect information - Removed]
Hi Patrick, Thanks for your response. In that case what vlan I will mention on the below command or it is not necessary? Because netlogin will assign different vlans to users connect on that port.

  • enable dhcp ports vlan
Userlevel 7
Hi Patrick, Thanks for your response. In that case what vlan I will mention on the below command or it is not necessary? Because netlogin will assign different vlans to users connect on that port.

  • enable dhcp ports vlan
I apologize Alagesan, please ignore my last response. I did not fully understand what you were looking for. I deleted and updated my reply below.
Userlevel 7
Hello Alagesan,

Unfortunately I believe the only way around this is to change the design. Would it be possible to configure DHCP on your core switch and then leave the edge switches to netlogin? This way the after the netlogin authentication the DHCP traffic will be sent through an uplink which will be enabled for DHCP on those VLANs.

As a side note the switch DHCP server wasn't inteded to be a full production DHCP server. A full fledged DHCP server is always recommended.
Hello Patrick,

The thing is all my switches participate in Netlogin including Core switch. I would like to configure DHCP server on my switch because it will help me better on NAC IP resolution. Any other possible ways you would suggest?
Userlevel 7
I do not believe there is another way.

Is netlogin enabled on the uplink ports on the core? This is the only port you would need to enable DHCP on and netlogin is typically not enabled on uplink ports.
I do not believe there is another way.

Is netlogin enabled on the uplink ports on the core? This is the only port you would need to enable DHCP on and netlogin is typically not enabled on uplink ports.
Netlogin is not enabled on the uplink ports
Userlevel 4
I'm investigating, but you should be able to use a UPM profile specified in a VSA associated with the account passed from the radius server through the NAC as a proxy.

You would have to configure the UPM user-authenticate event on every port where you want DHCP to be enabled. Here is an article on how to use UPM for authenticating clients.

I'm investigating if NAC as a proxy somehow interferes with the VSA being passed from the radius server, but I do not believe it does. I assume you are using NAC as a proxy to a radius server, right?
Userlevel 4
I have confirmed that the extended-security VSA is supported by NAC either as a proxy or acting as a full radius server.
Hi Mathew,

Thanks for your efforts. I would try that let you know if it works.

What i need to enter in below syntax for our DHCP requirement while creating profile

Userlevel 4
The command that I used in the UPM profile that launches when the client is authenticated and assigned a VLAN is as follows:
enable dhcp port $(EVENT.USER_PORT) vlan $(EVENT.USER_VLAN)

Is this what you are after?

The UPM profile for un-authentication is "blank".

Reply