Cisco Bug: CSCvs35681 - SG350: DHCP Relay: Unauthenticated users on guest VLAN fail to communicate in network
Sep 03, 2020
- Cisco Small Business 500 Series Stackable Managed Switches
Known Affected Releases
Symptom: When a switch is configured as DHCP relay, and 802.1x is enable with support of Guest VLAN, unauthenticated users which as expected to join guess VLAN are not able to ping the gateway, which lead them not to be able to connect to the internet. This issue happens only if DHCP relay is being used to provide IP addresses to DHCP clients. In a setup where DHCP relay is not used, guess VLANs are able to ping the gateway and access the internet with no problems. FW: 22.214.171.124 No workaround Conditions: Steps to reproduce: Network Setup: Router R (Port21 VLAN 10U) >> (Port2 VLAN10U ) SG350 SW (Port3 VLAN10U) >> DHCP Server Switch Setup: (a). 2 VLANs minimum: VLAN 10: IP 192.168.10.2/24, Guest VLAN 30: IP 192.168.30.2 /24 (b). Port 4, VLAN 30U (c). Enable DHCP relay globally and add the DHCP Server IP address: 192.168.10.3 (d). Enable DHCP Relay on VLAN 30 (e). Enable 802.x and select VLAN 30 a the guest VLAN (f). Edit port 5 and enable 802.1x and guest VLAN options Router Setup (a). Create a static route to the guest VLAN (b). Create a NAT policy for VLAN 30 so that traffic is routed out to the internet DHCP Server Configure your DHCP server so that it serves IP addresses to dhcp clients are it should Test (a). Connect a test PC on port4 of the switch and note that it is able to get an IP address from the DHCP server and that it is also able to access the internet (b). Now disconnect the PC from port 4 and connect it to port 5 and let the authentication to fail (c). Verify that the PC has received the necessary IP settings from the DHCP server (d). Now ping the gateway, with is the IP address of the guest VLAN (e). Notice that you cannot ping the gateway, nor accessing the internet.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases