NAC Problem

Unanswered Question
Aug 16th, 2010
User Badges:

Hi !!!


My implementation is VG-OOB-L2

I have this:

VLAN Auth = 136, don´t have any subnet associate

VLAN Access = 140, subnet is 10.0.140.0/24

Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)


When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.


My doubt about my config is:

In interface eth1(untrusted) CAS I have the VLAN 136

In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?

In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?

VLAN Mapping is 136-140.



Why is not working?


Tks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Mon, 08/16/2010 - 22:39
User Badges:
  • Gold, 750 points or more

Hello,


There are two places where SNMP is configured on the CAM. One is used for reading the switch config, one for writing when setting the ports.


Please ensure both places have the correct values for the SNMP strings.


HTH,

Faisal

julfp Tue, 08/17/2010 - 12:58
User Badges:

Faisal,


I solved the first problem, it was a dumb misconfiguration. What is happening now is that I have more than one user role, but only one auth VLAN. In the user role I have 3 VLANs with 3 different subnets, the problem is: when a client authenticates it dosn't renew the its IP address, it continues to use the same IP that it got when it was in the auth VLAN. I need the client do change its address to the correct subnet associate with the VLAN.


We're using a OOB VGW L2 setup, in the access switch I can see that the port's VLAN is changed from the auth vlan to the user role VLAN, but the client keeps the same IP address from the auth VLAN.


Regards,

Faisal Sehbai Thu, 08/19/2010 - 04:59
User Badges:
  • Gold, 750 points or more

Hi,


Make sure in your port profile you're setting the Access VLAN to "User Role VLAN". Also make sure the User role VLANs are defined for the User Role definitions.


HTH,

Faisal

Faisal Sehbai Fri, 08/20/2010 - 22:21
User Badges:
  • Gold, 750 points or more

Documenting resolution from the TAC case.


It was a DHCP server problem of misconfiguration. CCA works as expected now.


Faisal

George Ribarski Tue, 12/21/2010 - 13:27
User Badges:

hi,


can you explain the issue in the DHCP server... I have a similar problem with Win2k8 R2 DHCP ...


Thank you

Actions

This Discussion

Related Content