Login page issue

Unanswered Question
Aug 22nd, 2010
User Badges:


Hi,

When I  open a webpage , NAC login page does not display or hit. I have enabled the login page in CAM, I dont have DNS server in this setup.


Folllowing things i have done :-


      1, Trunk link to Untrusted Port of CAS allowed only Authentication vlan(eg 9)

      2, Trunk Link to Trusted Port of cas allowed only Access vlans and management Vlan of CAS.(99,218)

      3,

               eth0: IP is 10.10.10.252

                  DG:10.10.10.1(ip address of SVI218)

               eth1:-ip is 1.1.1.1

                  DG:1.1.1.2 ( there is no SVI with tis ip address)


      3, Added CAS to CAM with L2OOB  Virtual Gateway and configured managed Subnet and Vlan mapping.

      4, Enabled user login page in CAM.

      5, Switch management :-SNMP configuration on CAM and Switch( working fine)


I used to type CAS management ip address in Address bar of Internet Explorer from Untrusted side, but no responds . any thing im missing ???






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Sun, 08/22/2010 - 05:12
User Badges:
  • Gold, 750 points or more

Fahad,


VGW setups usually have the same IP address on both eth0 and eth1 of the CAS. You say login page isn't displaying. Are you getting DHCP on your client? What IP is being assigned to it?


Can you post your config screenshots from the CAS? Specifically, the network config, managed subnets and vlan mapping pages?


Faisal

fahaddubai Sun, 08/22/2010 - 06:24
User Badges:


Dear Faisal,

many thanks for your responds

I am getting ip address from DHCP on client (authentication vlan9, access vlan99 and ip address got from dhcp is 10.10.99.11). when we assign same subnet ip address for eth0 and eth1(OOB virtual gatway), we will loose access to CAS. We can have same subnet ip addresses, if CAS in IB virtual gateway. i have configured following things in Manged subnet and Vlan mapping.


Managed subnet :-

     ip address    :10.10.99.4

     subnetmask : 255.255.255.0

     vlan             : 9

Vlan Mapping:-

       Vlan mapping is enabled

             Untrusted vlan:- 9

             Trusted Vlan  :- 99



Thanks & Regards,

Fahad Salim.



Faisal Sehbai Sun, 08/22/2010 - 11:13
User Badges:
  • Gold, 750 points or more

Fahad,


That is the recommended/supported design, to have the same IP on the CAS's both interfaces. When you say you will lose access to the CAS, what do you mean by that?


Can you also verify that what the status of the "Enable subnet-based VLAN retag" is? Is it checked or unchecked?


Faisal

fahaddubai Sun, 08/22/2010 - 12:20
User Badges:

Dear faisal,


"Enable subnet-based VLAN retag" is unchecked . when i made both interfaces

(eth0 and eth1) in same subnet, Cam was not able to reach CAS. So I put

them in different subnet.


Thanks & Regards,

Fahad Salim.




On Sun, Aug 22, 2010 at 10:13 PM, fasehbai <

Faisal Sehbai Mon, 08/23/2010 - 03:02
User Badges:
  • Gold, 750 points or more

Fahad,


Is your CAM in the same VLAN as your CAS? If so, move your CAM to a different VLAN, and then assign same IP to the CAS.


Faisal

fahaddubai Wed, 08/25/2010 - 04:29
User Badges:

Dear Faisal,


I have configured as per your instruction. Im able to configure both interfaces of CAS  with same ip address. But still i have problem with login page. please find attached files for your reference.


Thanks & Regards,

Fahad Salim

Attachment: 
Faisal Sehbai Thu, 08/26/2010 - 04:02
User Badges:
  • Gold, 750 points or more

Fahad,


Okay, so one step at a time then.


- Does your client get an IP address?

- If so, can he ping his default gateway?

- If so, can he resolve any names?

x If not, can you try to browse the CAM's IP address from the client? What happens when you try that?

x If it can resolve names, can you try to browse to google? What happens with this?

- Can you try and browse to the CAS IP address from your client? What happens with this test?


Faisal

fahaddubai Thu, 08/26/2010 - 04:17
User Badges:

Dear Faisal,

Client is getting ip address and not able to ping default gateway( client

in authentication vlan). There is no DNS server in this scenario, so if I

brows CAM ip address or CAS ip address, I will receive error message

'Internet Explorer cannot display the webpage'.

Thanks & Regards,

Fahad Salim.

Faisal Sehbai Sat, 08/28/2010 - 11:29
User Badges:
  • Gold, 750 points or more

Fahad,


That sounds wrong. Can you do a capture on the untrusted interface of the CAS and see if you're seeing the client traffic hitting it?


Faisal

Actions

This Discussion

Related Content