1 Rookie
•
10 Posts
0
3306
August 17th, 2020 12:00
Issues with DHCP : Dell N2048P and Radius Server
The issue is that DHCP works when the Radius server is disabled, but when it is enabled DHCP does not work. I have gotten this to work on the test network. The test switch and production switch use the same configuration except for the source IP address.
The clients do show up in the authentication list, and if they are using a static IP address they do not lose their internet connection.When monitoring this with wireshark it appears that the DHCP packets just never reach the DHCP server when the Radius server is enabled. I was thinking about "IP address-helper" to route all dhcp packets directly to the DHCP server to see if this helps. I was wondering if anyone had ran into this issue or had any insight on this. The configuration file is below. Thanks for your time!
-Ben
!Current Configuration:
!System Description "Dell EMC Networking N2048P, 6.6.0.10, Linux 3.6.5-e3cd5a07, Not Available"
!System Software Version 6.6.0.10
!
configure
hostname "TESTSWITCH"
slot 1/0 4 ! Dell EMC Networking N2048P
slot 2/0 4 ! Dell EMC Networking N2048P
sntp broadcast client enable
sntp server *.22.59.26
clock timezone -8 minutes 0
stack
member 1 4 ! N2048P
member 2 4 ! N2048P
exit
logging console debugging
logging monitor debugging
logging cli-command
logging snmp
logging web-session
logging buffered debugging
no ip http server
ip http timeout-policy idle 3600 life 86400
ip http secure-server
ip access-list ACL-5061
10 deny tcp 0.0.0.0 0.0.0.0 any eq 5061 log
11 permit every
exit
ip access-list ACL-80_34
exit
interface vlan 1
ip address *.22.60.21 255.255.255.0
exit
ip default-gateway *.22.60.200
username "admin" password c77ad3bcf1b995120ed3cdf2b64edc26 privilege 15 encrypted
username "OpenManage" password 468bc35947c3a24fab8497fd95724f0b privilege 15 encrypted
authentication enable
authentication dynamic-vlan enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
mab request format attribute 1 groupsize 12 separator -
radius server attribute 6 mandatory
radius server source-ip *.22.60.21
radius server key 7 "61311f992d843b2537e94e92c2fd8697d9b7f1c314fdd70bc3664bf9f190466e7f9f1f314b991bdc86da59dc7afd7ad6a562185fd289cc4add4c78e1d99b8ddf822fa1716385e30f0cf5e322e12580b2478059617089a17aa70b499ae1a301bb2f9cada4a190fa259dd7d4594e359ff0ab"
radius server attribute 31 mac format unformatted lower-case
radius server auth *.22.59.39
primary
name "RADIUS"
usage authmgr
attribute 31 mac format unformatted lower-case
exit
line ssh
exec-timeout 0
exit
ip ssh server
application install SupportAssist auto-restart start-on-boot
application install hiveagent start-on-boot
sflow 1 destination owner NTA notimeout
sflow 1 destination *.22.59.221 2055
sflow 2 destination owner OpenManage notimeout
!
interface Gi1/0/1
sflow 1 sampling 1024
sflow 1 polling 120
authentication port-control force-authorized
exit
!
interface Gi1/0/2
switchport mode general
authentication port-control force-authorized
authentication host-mode multi-auth
authentication periodic
dot1x timeout tx-period 3
mab auth-type pap
authentication order mab
authentication priority mab
exit
!
interface Gi1/0/3
switchport mode general
authentication host-mode multi-auth
authentication periodic
dot1x timeout tx-period 3
mab auth-type pap
authentication order mab
authentication priority mab
exit
!
monitor session 1 destination interface Gi1/0/6
monitor session 1 source interface Gi1/0/1
monitor session 1 source interface Gi1/0/5
monitor session 1 mode
snmp-server engineid local 800002a203e4f004e9c8a6
snmp-server view "view_snmpv3" internet included
snmp-server group "group_snmpv3" v3 auth read "view_snmpv3" write "view_snmpv3"
snmp-server user "DellSNMP" group_snmpv3 auth-md5-key e635a42ce05c73ae04496e6ec271212f
snmp-server community "locked" rw ipaddress *.22.59.80 ipmask 255.255.255.0
snmp-server community "open" ro ipaddress *.22.59.80 ipmask 255.255.255.0
snmp-server community "private" ro
snmp-server community "public" ro
snmp-server host *.22.59.80 traps version 2 "open"
radius server source-interface vlan 1
exit
exit
benl13
1 Rookie
•
10 Posts
0
September 4th, 2020 10:00
What got the DHCP to be working are the following commands:
IP dhcp snooping vlan 1
interface gi0#/0/# ( port the DHCP server is connected to)
ip dhcp snooping trust
Then the following commands are also useful for seeing more information
show ip dhcp snooping interfaces
show ip dhcp snooping binding
I am running into another issue though.
To begin with I plugged the receipt printer directly into both switches. I got the receipt printer to work on the test switch. The test switch sees the MAC address, and it is able to authenticate proper for the Radius server. On the live switch though it will get an IP address, but it will never show the port as being up or see the MAC address.
DELL-Josh Cr
Moderator
•
9.2K Posts
0
August 17th, 2020 17:00
Hi Benl13,
Is it on the same subnet? I didn’t see any VLANs configured. You can try ip-helper, but it is for routing to a different subnet.
benl13
1 Rookie
•
10 Posts
0
August 17th, 2020 20:00
Yes, it's on the same subnet.
benl13
1 Rookie
•
10 Posts
0
August 18th, 2020 09:00
I attempted the IP helper-address idea this morning, and it did not work. I can verify that the switch sees the DHCP packets when I check the statistics for the IP address-helper, but they never arrive at the DHCP server.
DELL-Josh Cr
Moderator
•
9.2K Posts
0
August 18th, 2020 09:00
I would still try ip-helper but it could also be something in the radius config.
benl13
1 Rookie
•
10 Posts
0
September 4th, 2020 11:00
This device is plugged into switch 1 port 10
console(config)#do ping 10.10.80.57
Pinging 10.10.80.57 with 0 bytes of data:
Reply From 10.10.80.57: icmp_seq = 0. time= 2522 usec.
Reply From 10.10.80.57: icmp_seq = 1. time= 1168 usec.
Reply From 10.10.80.57: icmp_seq = 2. time= 1174 usec.
Reply From 10.10.80.57: icmp_seq = 3. time= 1283 usec.
----10.10.80.57 PING statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (msec) min/avg/max = 1/1/2
console(config)#show arp | include "80.57"
10.10.80.57 0000.4818.7F27 Vl1 Dynamic 0h 0m 12s
console(config)#show mac address-table | include "1/0/10"
console(config)#show interfaces status gigabitethernet 01/0/10
Port Description Duplex Speed Neg Link Flow M VLAN
State Ctrl
--------- --------------- ------ ------- ---- ------- ----- -- -------------------
Gi1/0/10 N/A Unknown Auto Down On G (1)
console(config)#
benl13
1 Rookie
•
10 Posts
0
September 4th, 2020 12:00
this has been solved. I am not sure if it was a user error or what it was.