Header Only - DO NOT REMOVE - Extreme Networks

RIght NAC interfaces configuration for DHCP Snooping

  • 24 October 2017
  • 3 replies
  • 459 views

Userlevel 4
Hello, everybody,

I had a succesfull experience on bringing PC's OS data to Netsight. (It could be seen in Control >> End systems).

NAC snoops DHCP data in VLAN and (after time-consuming sophisticated configuration) sends it to Netsight. (Where identity-management is also configured).

But it was made for Default VLAN 1 and DHCP server was in the same VLAN.

I want now to configure the same thing but in company where dozens vlan exists and all of them gets IPs by bootp-relay feature from Windows Server.

My question is: what is proper configuration for a NAC interface? Bring all trunks to it?

Please, advice me something correct.

Many thanks in advance, Ilya

3 replies

Userlevel 6
Hello,

You should be able to configure the network routers with an additional DHCP helper that is pointed to NAC.

DHCP helper 1 points to real DHCP server
DHCP helper 2 points to NAC

The Router should send the DHCP discover/request packets to both the real windows DHCP server and the NAC appliance to perform DHCP snooping.

Thanks
-Ryan
Userlevel 4
Hello,

You should be able to configure the network routers with an additional DHCP helper that is pointed to NAC.

DHCP helper 1 points to real DHCP server
DHCP helper 2 points to NAC

The Router should send the DHCP discover/request packets to both the real windows DHCP server and the NAC appliance to perform DHCP snooping.

Thanks
-Ryan
Thanks, I will try to do that.
Userlevel 4
Hello,

You should be able to configure the network routers with an additional DHCP helper that is pointed to NAC.

DHCP helper 1 points to real DHCP server
DHCP helper 2 points to NAC

The Router should send the DHCP discover/request packets to both the real windows DHCP server and the NAC appliance to perform DHCP snooping.

Thanks
-Ryan
Hi, Ryan, I did as you'd said and it works perfectly well. Many thanks to you!

Reply