Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
6
Replies

NAC L3 OOB not working accross WAN

Go to solution
sganpat
Level 1
Level 1

‎05-19-2010 08:57 AM - edited ‎02-21-2020 03:57 AM

I am setting up a proof of concept lab for a NAC installation.

I am using Cisco Catalyst 3550 and 2950 switches (the actual environment is using 3750 and 2960 and 2950 switches) and have the NAC set up in central L3 OOB configuration. In this configuration i have a single NAS and NAM at the "MAIN_SITE" and then two branch sites "BRANCH1" and "BRANCH2".

At the main site, the OOB works fine and when a user logs on, the port is moved from the unauthenticated VLAN (290) to the role based VLAN (200) However, at the "branches" the switches are not placing the port into the role based VLAN, nor if a port is in VLAN 200 and a PC is plugged into that port does the port switch to VLAN 290 (unauthenticated).

Sniffing the traffic with Wireshark i see the SNMP sets being sent by the NAM to the switch telling it to place the port into VLAN 200, but the switch is not doing it.

My write strings are set up correctly and the NAM is able to set up the initial commands on the switch for the NAC ("snmp trap mac-notification added" commands to the ports).

Can anyone say what is wrong?

Sachin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to sganpat

‎05-19-2010 07:31 PM

Sachin,

Needs to be at least 12.1(14)EA1

Check this link for all the supported codes and switches you need for OOB: http://bit.ly/SwitchSupport

HTH,

Faisal

View solution in original post

0 Helpful
6 Replies 6

Go to solution
sganpat
Level 1
Level 1

‎05-19-2010 07:18 PM

I defaulted the 3550 switch in the WAN and reconfigured it and it works now. I tried the same procedure for the 2950 switch but no dice. I replaced the 2950 switch with a 3550 that worked.

Can anyone say if there is an issue with teh 2950 switch for L3 OOB? I don't have another 2950 switch to test with.

Sachin

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to sganpat

‎05-19-2010 07:20 PM

Sachin,

What's the IOS code on the 2950?

Faisal

0 Helpful

Go to solution
sganpat
Level 1
Level 1
In response to Faisal Sehbai

‎05-19-2010 07:28 PM

It's Version 12.1(13)EA1

Sachin

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to sganpat

‎05-19-2010 07:31 PM

Sachin,

Needs to be at least 12.1(14)EA1

Check this link for all the supported codes and switches you need for OOB: http://bit.ly/SwitchSupport

HTH,

Faisal

0 Helpful

Go to solution
sganpat
Level 1
Level 1
In response to Faisal Sehbai

‎05-20-2010 03:32 PM

*sigh*

Such a rookie mistake.

Sometimes the simplest answer is the most correct.

Thanks for you help.

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to sganpat

‎05-20-2010 06:16 PM

Sachin,

Happens to the best sometimes

Glad I could help!

Faisal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card