Extreme Networks

Hi, I've got a Fabric engine where I use the NAC to assign the VLANs, and I've configured DHCP-Relay for dynamic ip address assignment for both L2VSN and L3VSN.

In L2VSN all works well and the client connected to a port of the switch when unauthorized is on a vlan where receive correctly and ip address and when the user autenticate and I assign a L2VSN with the new VLAN also the new ip address in the new vlan is obtained correctly.

The problem is when the autenticated user belong to a L3vsn vlan and no ip address is obtained (the dhcp relay on the vrf is configured as admin guide and knowledge base) and NAC correctly indicate the correct per-user-acl rule and also on the switch the show eapol sessions eap verbose show me the correct autentication and I-SID and also on the interface I see the correct VLAN.

On the client if I capture the pachet on the interface I see the dhcp requests, but seems nothing happens on the switch because the dhcp-realy counters on the VRF remains to 0.

If on the same client I configure a static IP address all works well, also the multicast routing.

Enabling debug on eapol I see the message EAP ingored DHCP packet in my VLAN 202 that is the l3vsn vlan configured on the switch (i attach the debug message).

How I can solve and debug more the problem?