I am trying to setup a NAC OOB Virtual GW Scenario (attached is the visio schematic of the setup):
Switch: 3550 (ios 12.2(46) adv ip serv)
NAC 4130 appliances: v4.1.6 (also tried v4.5)
Switch Configuration of the trunks to the CAS):
- int f0/23 (connected to CAS e0) -> dot1q trunk with native vlan 999 and allowed vlans 199 (mgt vlan of cas) and 10 (hosts access vlan)
- int f0/21 (connected ro CAS e1) -> dot1q trunk with native vlan 998 and allowed vlans 100 (hosts authentication vlan)
- SVIs on switch: 199, 10, 200 (CAM mgt vlan), 99 (dns, dhcp)
The problem I am facing is that the host once connected to a managed port is able to acquire an ip from the access vlan from the dhcp server but is not redirected to the login page. I tried to follow some hints provided in previous posts but none of them worked for me. I configured the following:
- Login Page
- Configured IP based traffic control on the unautheticated role to permit all traffic (also host based to permit https://192.168.199.1 -> cas' ip with trusted dns my dns server 192.168.99.1)
- Managed subnet with unused ip in access vlan (192.168.10.253) and vlan id that of the auth vlan (100)
- vlan mapping between untrusted vlan 100 and trusted vlan 10
- tried to access a resolvable website by my dns from the host (as per the suggestion from a previous post for someone who was facing the same prob)
- also tried to access the cas' login page from the host with vain, eventhough it is accessible from trusted subnets
Note: I followed the configuration guide of both v4.1.6 and v4.5 and with both versions I was facing the same problem.
I would be very thankful for any hints to help me solve this issue.
Questions: When the host is connected to a managed host (assigned to the managed vlan 100) and it is assigned an ip from the a access vlan 10. Shouldn't I be able to access the managed subnet case I configured ip traffic control policy to permit all traffic from untrusted to trusted? also shouldn't I be able to resolve website's ip with "nslookup x.com" since dns traffic is by default configured and also trusted dns server 192.168.99.1 is configured?
Thanks in advance for any help.