08-04-2014 12:31 PM - edited 03-10-2019 09:54 PM
I have AP's Profiled in ISE without problem but the AP keeps sending a DHCP release message. It only does this when ISE is applied to the interface. The interface config is at the bottom. Keep in mind despite the vlan of the switchport I have ISE pull the AP into the correct VLAN when it see's an AP. I have verified that is working as well. This is driving me insane,
switch#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
170 WIRELESS_AP active Fa0/21
switch#sh auth session
Interface MAC Address Method Domain Status Session ID
Fa0/21 fc99.47c8.436e mab DATA Authz Success 0AFDFAFC0000000100066AA8
switch#sh auth session int f0/21
Interface: FastEthernet0/21
MAC Address: fc99.47c8.436e
IP Address: 10.253.250.213
User-Name: FC-99-47-C8-43-6E
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 170
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0AFDFAFC0000000100066AA8
Acct Session ID: 0x00000005
Handle: 0x08000001
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
<Switch Log with debug ip dhcp server packet enabled>
Aug 4 15:28:38 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug 4 15:28:38 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug 4 15:28:38 EST: DHCPD: client's VPN is .
Aug 4 15:28:38 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug 4 15:28:39 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug 4 15:28:39 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug 4 15:28:39 EST: DHCPD: client's VPN is .
Aug 4 15:28:39 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug 4 15:28:39 EST: DHCPD: Finding a relay for client 01fc.9947.c843.6e on interface Vlan170.
Aug 4 15:28:39 EST: DHCPD: Looking up binding using address 10.253.250.209
Aug 4 15:28:39 EST: DHCPD: setting giaddr to 10.253.250.209.
Aug 4 15:28:39 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug 4 15:28:39 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug 4 15:28:41 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug 4 15:28:41 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug 4 15:28:41 EST: DHCPD: client's VPN is .
Aug 4 15:28:41 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug 4 15:28:41 EST: DHCPD: Finding a relay for client 01fc.9947.c843.6e on interface Vlan170.
Aug 4 15:28:41 EST: DHCPD: Looking up binding using address 10.253.250.209
Aug 4 15:28:41 EST: DHCPD: setting giaddr to 10.253.250.209.
Aug 4 15:28:41 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug 4 15:28:41 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>.
Aug 4 15:28:43 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug 4 15:28:43 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug 4 15:28:43 EST: DHCPD: client's VPN is .
Aug 4 15:28:43 EST: DHCPD: using received relay info.
Aug 4 15:28:43 EST: DHCPD: DHCPDISCOVER received from client 01fc.9947.c843.6e on interface Vlan170.
Aug 4 15:28:43 EST: DHCPD: using received relay info.
Aug 4 15:28:45 EST: DHCPD: Sending DHCPOFFER to client 01fc.9947.c843.6e (10.253.250.222).
Aug 4 15:28:45 EST: DHCPD: no option 125
Aug 4 15:28:45 EST: DHCPD: broadcasting BOOTREPLY to client fc99.47c8.436e.
Aug 4 15:28:45 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug 4 15:28:45 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug 4 15:28:45 EST: DHCPD: client's VPN is .
Aug 4 15:28:45 EST: DHCPD: DHCPREQUEST received from client 01fc.9947.c843.6e.
Aug 4 15:28:45 EST: DHCPD: Sending DHCPACK to client 01fc.9947.c843.6e (10.253.250.222).
Aug 4 15:28:45 EST: DHCPD: no option 125
Aug 4 15:28:45 EST: DHCPD: broadcasting BOOTREPLY to client fc99.47c8.436e.
Aug 4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.221| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-RELEASE
Aug 4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.221| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-WAIT
Aug 4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.222| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-ASSIGNMENT
interface FastEthernet0/21
description 000_ACCESS_PORTS
switchport access vlan 4
switchport mode access
switchport voice vlan 2
ip access-group PREAUTH-ACL in
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize vlan 4
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication open
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
mls qos trust device cisco-phone
mls qos trust cos
snmp trap mac-notification change added
snmp trap mac-notification change removed
auto qos voip cisco-phone
dot1x pae authenticator
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: