CCIE_Universe
asked on
How can an end host host get a new IP address when its VLAN is changed ?
Hi,
I am trying to implement NAC (by ForeScout) in our company.
Before we push automatic VLAN change upon user login (by ForeScout NAC device) into our production network, I am testing end-host behavior by changing VLANs manually from a CounterACT Manager Console. However end hosts are not getting a new IP address after I change their VLAN from CounterACT Manager Console. The work around to this problem is that we manually need to disconnect and reconnect Ethernet cable to the end host NIC for IP address change to take effect.
So to debug more into this, I changed VLAN manually from switch itself & observed that end host is still NOT able to get a new IP. Again this time I had to implement same workaround of disconnecting and reconnecting Ethernet cable to the end host for IP address change to take effect.
When observed on Wireshark, it shows that end host sends DHCP Discovery request for new VLAN only when I disconnect & reconnect the Ethernet cable attached to its NIC.
Before carrying out those tests I had made sure that NIC drivers were up-to-date on the end host.
How do we make end-host get a new IP address without disconnecting (& reconnecting) cable attached to its NIC? Has anybody seen this issue when NAC (Cisco or ForeScout) is implied ?
Thanks !!!
I am trying to implement NAC (by ForeScout) in our company.
Before we push automatic VLAN change upon user login (by ForeScout NAC device) into our production network, I am testing end-host behavior by changing VLANs manually from a CounterACT Manager Console. However end hosts are not getting a new IP address after I change their VLAN from CounterACT Manager Console. The work around to this problem is that we manually need to disconnect and reconnect Ethernet cable to the end host NIC for IP address change to take effect.
So to debug more into this, I changed VLAN manually from switch itself & observed that end host is still NOT able to get a new IP. Again this time I had to implement same workaround of disconnecting and reconnecting Ethernet cable to the end host for IP address change to take effect.
When observed on Wireshark, it shows that end host sends DHCP Discovery request for new VLAN only when I disconnect & reconnect the Ethernet cable attached to its NIC.
Before carrying out those tests I had made sure that NIC drivers were up-to-date on the end host.
How do we make end-host get a new IP address without disconnecting (& reconnecting) cable attached to its NIC? Has anybody seen this issue when NAC (Cisco or ForeScout) is implied ?
Thanks !!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Giltir !
ASKER
Thanks for the Help!
ASKER
But still I am confused that there do exist NAC deployments in a production environment in which IP address gets changed for a host. How do they achieve this?
Thanks Again!