Enabling Dhcp Relay For Authentication Clients - Alcatel OmniSwitch 6624 Network Configuration Manual

Setting Up the DHCP Server
Before Authentication
Normally, authentication clients cannot traffic in the default VLAN, so authentication clients do not
belong to any VLAN when they connect to the switch. Even if DHCP relay is enabled, the DHCP discov-
ery process cannot take place. To address this issue, a DHCP gateway address must be configured so that
the DHCP relay "knows" which router port address to use for serving initial IP addresses. (See
ing a DHCP Gateway for the Relay" on page 18-31
address.)
Note. The switch may be set up so that authentication clients will belong to the default VLAN prior to
authentication (see "Setting Up the Default VLAN for Authentication Clients" on page
server is located in the default VLAN, clients may obtain initial IP addresses from this server without
using a relay. However, the DHCP server is typically not located in a default VLAN because it is more
difficult to manage from an authenticated part of the network.
After Authentication
When the client authenticates, the client is moved into the allowed VLAN based on VLAN information
sent from an authentication server (single mode authority) or based on VLAN information configured
directly on the switch (multiple mode authority).
For information about authentication server authority modes, see
Mode" on page 18-32.
After authentication a client may be moved into a VLAN in which the client's current IP address does not
correspond. This will happen if the DHCP gateway address for assigning initial IP addresses is the router
port of an authenticated VLAN to which the client does not belong. (See
for the Relay" on page
In this case, clients will send DHCP release/renew requests to get an address in the authenticated VLAN to
which they have access; DHCP relay must be enabled so that the request can be forwarded to the appropri-
ate VLAN.
Note. Telnet clients typically require manual configuration for IP address release/renew. Web browser
clients will initiate their release/renew process automatically.

Enabling DHCP Relay for Authentication Clients

To enable DHCP relay, specify the DHCP server with the
-> ip helper address 10.10.2.3
DHCP is automatically enabled on the switch whenever a DHCP server address is defined. For more infor-
mation about using the ip helper address command, see
If multiple DHCP servers are used, one IP address must be configured for each server. The default VLAN
DHCP gateway must also be specified so that Telnet and Web browser clients can obtain IP addresses
prior to authentication. See the next section for more information.
If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the
ip helper avlan only
-> ip helper avlan only
page 18-30
18-31.)
command.
OmniSwitch 6624/6648 Network Configuration Guide
Configuring Authenticated VLANs
for information about configuring the gateway
"Configuring the Server Authority
"Configuring a DHCP Gateway
ip helper address
Chapter 15, "Configuring DHCP Relay."
"Configur-
18-27). If a DHCP
command.
April 2004