We have converted an In-Band Real-IP gateway server that acted as a DHCP
 server to an Out-of-band Virtual Gateway mode utilizing an external DHCP
 server on the CCA Manager subnet.

The replies from our DHCP server are not passing back through the 
OOB-VG server.  Does anyone have any ideas on what to check?

I can see the request arrive on the Cat-6509 side of the untrusted 
interface and go out the Cat-6509 side of the trusted interface.  
I see the DHCP server reply to the correct MAC address of the client 
with an issued IP address.  The reply goes out of the Cat-6509 
interface to the trusted interface of the OOB server, but I do not 
see the reply leave the untrusted interface and arrive on the 
Cat-6509 interface.

All worked well in the test lab on a spare Cat router, and the 
configuration of the production and test servers appear identical, other
than the production systems are failover bundles, not standalone.  

If I assign a static IP, the system is able to log into Clean Access 
as expected for OOB-VG mode.

Any ideas?

Thanks!

-Bill Davis
[log in to unmask]
Colorado State University