Acl for dhcp packet forwarding.

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Does anyone have some pointers to creating a script that will forward DHCP packets to a EAC appliance in a layer 2 Network?
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello,

You could run a link to eth2 and extend the VLAN to eth2 of the NAC and put the interface in listening mode. 

If NAC is in the name VLAN as the clients it should already be able to get see the DHCP request.

Thanks
-Ryan
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Hi

Thanks for the replies. The vlan is not routable so bootp doesn't work. The NAC is actually in a different building and different set of VLAN's.
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello,

Even though the NAC is in another building is there anyway to extend the VLAN to a separate NIC on the NAC? The NAC's additional NIC can act as a passive Network sniffer to sniff the broadcast request packets. 

Thanks
-Ryan
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Problem is, we have multiple VLAN's that don't route.
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
As long as it's possible to extend each VLAN to the NAC's 2nd NIC it can listen on multiple VLANs. You're basically extending the broadcast domain for each VLAN to include a listening only interface on the NAC that will see the DHCP requests as they are broadcast packets.

Thanks
-Ryan
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Hi

Thanks for the reply. So based on that, i could remove bootp off the core and simply extend all vlan's onto the NAC listening port?

Regards
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Correct,

Run a cable from the core to NAC's Eth1 port. 

Then in NAC Manager click on the NAC --> Configuration Tab  --> Click the "Edit" button under the interface Summary box



Even if the client authenticates to another NAC in the Appliance group and the DHCP request is seen on this NAC there is NAC to NAC communication to resolve and populate the information accordingly.

Thanks
-Ryan