Setting Up the DHCP Server Configuring Authenticated VLANs
page 21-30 OmniSwitch 6600 Family Network Configuration Guide April 2006
Before Authentication
Normally, authentication clients cannot traffic in the default VLAN, so authentication clients do not
belong to any VLAN when they connect to the switch. Even if DHCP relay is enabled, the DHCP discov-
ery process cannot take place. To address this issue, a DHCP gateway address must be configured so that
the DHCP relay “knows” which router port address to use for serving initial IP addresses. (See “Configur-
ing a DHCP Gateway for the Relay” on page 21-31 for information about configuring the gateway
address.)
Note. The switch may be set up so that authentication clients will belong to the default VLAN prior to
authentication (see “Setting Up the Default VLAN for Authentication Clients” on page 21-27). If a DHCP
server is located in the default VLAN, clients may obtain initial IP addresses from this server without
using a relay. However, the DHCP server is typically not located in a default VLAN because it is more
difficult to manage from an authenticated part of the network.
After Authentication
When the client authenticates, the client is moved into the allowed VLAN based on VLAN information
sent from an authentication server (single mode authority) or based on VLAN information configured
directly on the switch (multiple mode authority).
For information about authentication server authority modes, see “Configuring the Server Authority
Mode” on page 21-32.
After authentication a client may be moved into a VLAN in which the client’s current IP address does not
correspond. This will happen if the DHCP gateway address for assigning initial IP addresses is the router
port of an authenticated VLAN to which the client does not belong. (See “Configuring a DHCP Gateway
for the Relay” on page 21-31.)
In this case, clients will send DHCP release/renew requests to get an address in the authenticated VLAN to
which they have access; DHCP relay must be enabled so that the request can be forwarded to the appropri-
ate VLAN.
Note. Telnet clients typically require manual configuration for IP address release/renew. Web browser
clients will initiate their release/renew process automatically.
Enabling DHCP Relay for Authentication Clients
To enable DHCP relay, specify the DHCP server with the ip helper address command.
-> ip helper address 10.10.2.3
DHCP is automatically enabled on the switch whenever a DHCP server address is defined. For more infor-
mation about using the ip helper address command, see Chapter 18, “Configuring DHCP Relay.”
If multiple DHCP servers are used, one IP address must be configured for each server. The default VLAN
DHCP gateway must also be specified so that Telnet and Web browser clients can obtain IP addresses
prior to authentication. See the next section for more information.
If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the
ip helper avlan only command.
-> ip helper avlan only