wrong IP after mac-bypass with S5700 series and Cisco ISE

Created 6 days agoLatest reply Dec 12, 2018 15:06:17 115 3 0 0
  Rewarded E coins: 32768 (problem resolved)
Hi everyone,


I managed to get my new Huawei switches working with Cisco ISE for dot1x and mac-bypass.
When a client does dot1x it gets assigned to the pre-authentication VLAN, gets an IP address out of there and then immediately gets an IP address out of its right VLAN.
When a client does mac-bypass (like printers, some IP phones) it gets an IP address out of the pre-authentication VLAN and when it is assigned to the right VLAN it takes up to 15 minutes until it gets its right IP address. When testing with a Windows client I saw that with 'ipconfig /release /renew' the right IP address gets assigned.

I already tried with 'authentication trigger dhcp' in the mac-access profile, but I think that is more to trigger mac-authen when receiving a dhcp packet.
To summarize, I'm searching for a command to trigger dhcp after authentication succeeded.

Hopefully someone knows what to configure here.

Thanks in advance.
  • x
  • convention:

rociot  Novice   Created 6 days ago Helpful(0) Helpful(0)

Hi dear, pls review this links: http://support.huawei.com/hedex/ ... 252BUser%252BAccess

http://support.huawei.com/hedex/ ... 252BCDP%252BPackets

I think that you can find command for your issue.
  • x
  • convention:

Mark.hu  Adept   Created 2 days 10:36 Helpful(0) Helpful(0)

This post was last edited by Mark.hu at 2018-12-12 10:39. hello , you can refer below link 
You can refer to the scheme below to find the scene that suits you.
http://support.huawei.com/hedex/hdx.do?docid=EDOC1100037168&id=dc_cfg_nac_0049_5&text=Configuration Examples for NAC&lang=en
Configuration Examples for NAC
Example for Configuring 802.1X Authentication to Control Internal User Access
Example for Configuring MAC Address Authentication to Control Internal User Access
Example for Configuring Built-in Portal Authentication to Control Internal User Access
Example for Configuring External Portal Authentication to Control Internal User Access
Example for Configuring Combined Authentication on a Layer 2 Interface
Example for Configuring Combined Authentication on VLANIF Interface
Example for Configuring User Group
http://support.huawei.com/hedex/hdx.do?docid=EDOC1100037168&id=dc_cfg_nac_0049_4&text=Configuration Examples for NAC&lang=en
Configuration Examples for NAC
Example for Configuring Interoperation Between Huawei Switches and Non-Huawei Servers
Example for Configuring MAC Address Authentication (AAA RADIUS Authentication Is Used)
Example for Configuring MAC Address Authentication (AAA Local Authentication Is Used)
Example for Configuring MAC Address Authentication with Double VLAN Tags in the L2 BNG Scenario (AAA RADIUS Authentication Is Used)
Example for Configuring 802.1X Authentication (Authentication Point on the Access Switch)
Example for Configuring 802.1X Authentication (Authentication Point on the Aggregation Switch)
Example for Configuring External Portal Authentication (Using the Portal Protocol)
Example for Configuring External Portal Authentication (Using the HTTPS Protocol)
Example for Configuring Built-in Portal Authentication
Example for Configuring Terminal Type Identification in 802.1X + RADIUS Authentication
Example for Configuring MAC Address Migration
Example for Connecting IP Phones to Switches Through MAC Address Authentication Triggered by LLDP or CDP Packets
Example for Configuring 802.1X and MAC Address Authentication to Control Internal User Access to the Enterprise Network (with Unauthenticated AP)
  • x
  • convention:

Hawasli     Created 2 days 15:06 Helpful(0) Helpful(0)

Thanks you
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top