Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2466
Views
0
Helpful
0
Replies

ISG + ip subscriber l2-connected + ip unnumbered + DHCP relay

m.rabidinov
Level 1
Level 1

‎11-25-2010 08:29 PM

Cisco 7206VXR.
IOS: c7200-advipservicesk9-mz.122-33.SRE1.bin

Some VLANs come to Cisco 7206. I need:

1. Client from one of these VLANs connects, DHCP server (ISC-DHCP) gives IP from 192.168.0.0/24 subnet.
2. Try to transparent authorize client  by his MAC address
3. If MAC authorization is failed, client is redirected to page of authorization.

Example of one subinterface:


interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip unnumbered Loopback1
ip helper-address 192.168.1.2
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address

Loopback 1:

interface Loopback1
ip address 192.168.0.1 255.255.255.0


The problem:

With such config, client connects to network, get IP (one of 192.168.0.0/24) by DHCP, but can't connect to Internet.

Ping gateway (192.168.0.1) is temporaly.

Ping DCHP server (192.168.1.2) is failed.

Пинг DHCP сервера (192.168.1.2) - также отсутствует.

On the 7206 I don't see any onformation about subscriber session:
sh subsc sess | incl IP - there is nothing.

Let's edit config:

remove Loopback 1, ip unnumbered and set IP address (192.168.0.1) in subinterface:

interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip address 192.168.0.1 255.255.255.0
ip helper-address 192.168.1.2
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address


In this case - all works fine.  Client get IP from DHCP server.
At first client try transparent authorize by his MAC address. If it's failed, his browser will be redirected to authorization page.
I see subscriber session on Cisco 7206:

Router_PPPoE#sh subsc sess | incl IP
1500    IP           unauthen      Local Term   192.168.0.100        00:00:00

Now change config again:
Exclude DHCP. Set ip unnumbered and on the client set static IP 192.168.0.13 and in the Cisco set route to the client.

interface GigabitEthernet0/2.25
encapsulation dot1Q 25
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip unnumbered Loopback1
ip nat inside
no cdp enable
service-policy type control ISG-WIFI-SESSION
ip subscriber l2-connected
    initiator unclassified mac-address

ip route 192.168.0.13 255.255.255.255 GigabitEthernet0/2.25

In this case everything works fine too. I see subscriber session on Cisco 7206.

Router_PPPoE#sh subsc sess | incl IP
624 IP unauthen Local Term 192.168.0.13 00:00:07


So, how I can stick together both configs - as begin of topic?

ISG + ip unnumbered + ip subscriber l2-connected + DHCP relay

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents