NAC config with DHCP

[polshrk]

We are trying to implement NAC and are running into a snag where we cannot get to any address, including the capture portal on and VLAN except the one that has the same subnet as the box. Let me try to explain..

portal has address xxx.xxx.117.100

VLAN 117
interface Vlan117
description vlan117 for dhcp testing
ip address xxx.xxx.117.1 255.255.255.0
ip helper-address xxx.xxx.2.129
no ip redirects
no ip unreachables
no ip route-cache
no ip mroute-cache

VLAN 116
interface Vlan116
description vlan116 for dhcp testing
ip address xxx.xxx.116.1 255.255.255.0
ip helper-address xxx.xxx.2.129
no ip redirects
no ip unreachables
no ip route-cache
no ip mroute-cache


Port 17 on switch is static to VLAN 117
Port 16 on switch is static to VLAN 116

When I plug into port 17 the system grabs xxx.xxx.117.xxx address out of DHCP pool with gateway xxx.xxx.117.1 and can get to portal and everything else fine

When I plug into port 16 the system grabs xxx.xxx.117.xxx address out of same DHCP pool with same gateway xxx.xxx.117.1 and cannot get to portal or anywhere else

We want them to be quarantined to VLAN 117 until they authenticate through the portal then will get "real" DHCP address and work normally.

I would like for any system plugged into any port/VLAN to be able to get to the portal to authenticate.

Please help! I know I am missing something

 

[burtsbees]

What exactly is this "portal"? What is its function? Can you ping it from port 16, or a computer attached to port 16?
Also, please provide details as to a topology that's relavent, what kind of switch, and post a sh run and sh int fa0/16 and sh int fa0/17, if they are fa...

Burt