I've been trying to implement some VLAN segmentation and network access control on our network. Our entire network currently runs on VLAN 1. We're starting with the NAC project which has a DHCP server just for controlling rogue devices, but I haven't been able to pull a device.
My current configuration is as follows
SW1 (PC 3448) port 48 (this is the uplink port) mode general allow/add VLAN 16 (NAC Network) & 15 tagged
SW1 port 14 mode access PVID 16
SW2 (PC 3548) port 41 (uplink to SW1 port 48) mode general allow/add VLAN 16, 15 tagged
SW2 port 44 (uplink to firewall) mode general allow/add VLAN 16,15 tagged
So when the host PC is connected to a VLAN 1 port it can get DHCP from the VLAN 1 server (the firewall in this case), but when connected to the 16 VLAN it's not able to grab an address. I've mirrored port 48 SW1 and ran a wire shark on this port. When the host is on VLAN 1 I can see the return DHCP ACKs and so on. When the host is on VLAN 16 I can see the initial broadcast, but there are no other DHCP messages. I don't think the requests are passing this first switch to the rest of the network.
I've tried trunking the ports, trunk --> general, general --> trunk, trunk-->trunk, and even played around with using access mode. With nothing to show for it.
Any help would be great.
