Auth VLAN and Access vlan

Unanswered Question
Apr 25th, 2008

When the interface comes up, the CAM puts the user in the AUTH vlan as expected via the set command (vlan 210)

03:09:09: SNMP: Packet received via UDP from on Vlan220

03:09:09: SNMP: Set request, reqid 2144479366, errstat 0, erridx 0

vmVlan.1 = 210

that works OK

Fa0/21, Fa0/22, Fa0/23

210 VLAN0210 active Fa0/1

211 VLAN0211 active

So SNMP RW works OK,

After the user logs in to the network the user should be put back into vlan 220 (according to the port profile settings) but nothig happens, no set command send, no SNMP traffic at all. The user remains in AUTH vlan and the agent loops

I have tried all the settings, role based, initial VLAN as well, to no avail.

Any ideas? What to check for?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gojericho0 Sat, 04/26/2008 - 04:04

Hi Rafal,

Hopefully I can help, but I have so questions:

What do you mean when you say the agent loops? Does it keep trying to authenticate the user?

Is this a layer3 or layer2 configuration?

rkazmierczak Sat, 04/26/2008 - 07:00

thanks for reply,

yes, precisely, because the user remains in the auth vlan, HTTP request is redirected to the CAS, even after the user was authenticated, passed posture validation and logged to the network.

it is layer 2 OOB with VG, basic setup just know, proof of concept actually.


gojericho0 Sat, 04/26/2008 - 08:06

OK, I believe this is more of an authentication issue than a SNMP/VLAN issue, but it could be both so lets start with authentication and some more questions :)

Are you using a clean access agent to perform authentication that is installed on the local PC, or the web agent?

What type of authentication is occurring (AD SSO, LDAP, local)?

rkazmierczak Sat, 04/26/2008 - 09:40

local authentication and I've been using web agent. the user seems to ge authenticated and appears as an online user

gojericho0 Sat, 04/26/2008 - 10:44

Have you double checked your settings for mapping ports with the VG setup guide?

Also make sure your OOB port profile is correct and that it switches from auth to access vlan after authentication

rkazmierczak Tue, 04/29/2008 - 11:17

Thanks for you help. The problem was with managed subnet config. The ip address was from the trusted access subnet but the vlan id should be the untrusted one (I put the trusted access one)


This Discussion