RIght NAC interfaces configuration for DHCP Snooping

  • 0
  • 1
  • Question
  • Updated 10 months ago
  • Answered
Hello, everybody,

I had a succesfull experience on bringing PC's OS data to Netsight. (It could be seen in Control >> End systems).

NAC snoops DHCP data in VLAN and (after time-consuming sophisticated configuration) sends it to Netsight. (Where identity-management is also configured).

But it was made for Default VLAN 1 and DHCP server was in the same VLAN. 

I want now to configure the same thing but in company where dozens vlan exists and all of them gets IPs by bootp-relay feature from Windows Server.

My question is: what is proper configuration for a NAC interface? Bring all trunks to it?

Please, advice me something correct.

Many thanks in advance, Ilya
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,734 Points 5k badge 2x thumb
Hello,

You should be able to configure the network routers with an additional DHCP helper that is pointed to NAC. 


DHCP helper 1 points to real DHCP server
DHCP helper 2 points to NAC


The Router should send the DHCP discover/request packets to both the real windows DHCP server and the NAC appliance to perform DHCP snooping.

Thanks
-Ryan
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Thanks, I will try to do that.
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hi, Ryan, I did as you'd said and it works perfectly well. Many thanks to you!