Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
3
Replies

NAC Agent DHCP release/renew

kumezawa
Level 1
Level 1

‎06-17-2010 05:52 AM - edited ‎02-21-2020 03:59 AM

Howdy all,

We're running 4.7(2) in L3, OOB, VGW.

At a field office we have a router serving DHCP for both the Untrusted(vlan10) and the Access(vlan25) vlans.

Everything works fine.  A user plugs in, gets a vlan 10 address, the Agent pops up and does it's thing and release/renews the IP after the CAM changes the switchport to the Access vlan.  Nice and smooth the PC is in the Access vlan25 and works great all day.

Enter the Generic Timer...at 5:55am every day.  Said PC is Kicked by the CAM and the switchport is moved back to vlan10.  If the PC was not there, no problem.  Return to the top of this email.

However, if the PC was left on and Locked, it is suddenly stuck in vlan10 with a vlan25 address.  When the user returns to their PC at 8am they have no connectivity.  Rebooting clears things up.  Or, it appears that manually doing an "ipconfig /release"  then "renew" will also get things moving.  But we have an aggravated user who is probably going to call the Helpdesk.

How can we get that vlan25 address released when the PC is Kicked?  or, is there a better way to do all this?

Thanks!

0 Helpful
3 Replies 3

Faisal Sehbai
Level 7
Level 7

‎06-17-2010 06:23 AM

Hi,

Look at the VLAN Detect mechanism. Here are details on how you can push it out to your clients: http://tinyurl.com/ydvmavp

HTH,

Faisal

0 Helpful

kumezawa
Level 1
Level 1
In response to Faisal Sehbai

‎06-17-2010 03:44 PM

Faisal,

Brief initial testing looks good. I will let my test PC get punted overnight and if that goes well I will distribute the "VlanDetectInterval" change to a larger testbed tomorrow.

In my world I have a large chunk of users that are Layer 2 OOB (using the same CAS.)  Obviously they do not have to change IP's back and forth.  Can you think of a reason it might cause any issues to have the "VlanDetectInterval" parameter on these PC's that are Layer2 OOB ?  I'd prefer to have just one config file for all my PC's.  whether they are L2 or L3.

thanks for your time!

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to kumezawa

‎06-18-2010 10:40 AM

Hi,

Theoratically it shouldn't have any effect. I would test it though thouroughly with the other setup machines too!

HTH,

Faisal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card