Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
4
Replies

OOB Error - WLC OOB VG

Go to solution
szekahungdanny
Level 1
Level 1

‎04-22-2010 07:56 AM - edited ‎03-09-2019 10:56 PM

I have configured OOB 4.5.1 VG with WLC 2100.

NAC:

#####################

CAS is located on VLAN 40 with 192.168.123.2/24

CAM is located on VLAN 60 with 192.168.199.2/24

SNMP Receiver -- community: cam_v2

WLC profile: -- V2C Read: cam_v2,

                      V2C Read/Write: cam_v2 

Successful added 192.168.123.3 with WLC Profile

NAC Server is connected to Gi2/0/2 and Gi2/0/3

NAC Manager is connected to Gi2/0/1

Switch: 

#####################

3750 is the core switch like follow:

interface GigabitEthernet1/0/6

description connect to WLC Port 1

switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/7
description connect to WLC Port 2

switchport trunk encapsulation dot1q
switchport trunk native vlan 40
switchport trunk allowed vlan 40,70,170
switchport mode trunk

::

interface GigabitEthernet2/0/1
description CAM
switchport access vlan 60
!
interface GigabitEthernet2/0/2
description trsut_VLAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 3-10,40,60,70
switchport mode trunk
!        
interface GigabitEthernet2/0/3
description untrust_VLAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 13-20,170
switchport mode trunk

Switch 3750 is the core switch.

We set Gi1/0/6 as trunk interface to WLC Port 1, Gi1/0/7 as trunk but only 40,70 and 170 with native 40 connected to WLC Port 2.

Wireless:

######################

WLC Mgr interface is VLAN40 with 192.168.123.3/24

AP interface is VLAN7 with 192.168.120.2/24

SNMP General - cam_v2

Trap read/write: cam_v2

SSID with vlan_nac interface with Quarantee VLAN 170, and Interface VLAN 70

i did 2 tests :

  1. associated with WLC "PORT 1" <---Result : Can get the login page but fail to login (OOB Error: OOB Client <MAC></IP> is not found.

  2. associated with WLC "PORT 2" <-- Result:  Can't get the login page

WLAN set the vlan_nac interface and check the  "NAC" enabled option.

How to succes configured WLC with NAC???? Any Suggestion? or any successful case could be shared? Many Many Thanks

I attached result for reference.

Labels:
Preview file
1801 KB
Preview file
1801 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to szekahungdanny

‎04-26-2010 06:49 PM

Hi,

I can guarantee you it's a SNMP issue or the trap traffic isn't reaching the CAM. Please post your SNMP config screenshots from your CAM and WLC.

Thanks,

Faisal

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Faisal Sehbai
Level 7
Level 7

‎04-22-2010 03:13 PM

Hi,

These errors point to SNMP problems. The CAM never received the trap for that particular client. Troubleshoot to see why that didn't happen and you'll find the problem.

HTH,

Faisal

0 Helpful

Go to solution
szekahungdanny
Level 1
Level 1
In response to Faisal Sehbai

‎04-26-2010 04:53 AM

Could give more information? i double check all snmp setting on WLC and NAC is correct and successfully add WLC device into NAC.

However, i wanna to ask L2 adjacent between WLC and NAC Server..

what it mean ??

interface GigabitEthernet1/0/6

description connect to WLC Port 1

switchport trunk encapsulation dot1q
switchport mode trunk

!

interface GigabitEthernet2/0/2
description trust_VLAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 3-10,40,60,70
switchport mode trunk
!        
interface GigabitEthernet2/0/3
description untrust_VLAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 13-20,170
switchport mode trunk

Should i add any native vlan 998 or 999 into Gi1/0/6? in order to snmp trap successfully deliver to CAM?

How can I check SNMP trap fail to send to CAM? .... i have 2 clients ..both have same issues.. !!!

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to szekahungdanny

‎04-26-2010 06:49 PM

Hi,

I can guarantee you it's a SNMP issue or the trap traffic isn't reaching the CAM. Please post your SNMP config screenshots from your CAM and WLC.

Thanks,

Faisal

0 Helpful

Go to solution
szekahungdanny
Level 1
Level 1
In response to Faisal Sehbai

‎04-27-2010 09:27 AM

Yes. I believe you are correct..

I find SNMP community name could not use somethings like "Public" and "Private" and also

Read Only and Write should be different name.

Once I configure cam_v2 as Read Only and cam_v2_1 as Write community. Finally, It is success ...

Although i still double how come i can't use public or privarte .. or could or could not use same name, follow these rule seems success always.

Thanks very much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents