https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601475#M769508 <HTML><HEAD></HEAD><BODY><P>Hi Xavier,</P><P></P><P>Sounds like a loop.&nbsp; Check the switchports connected to the trusted and untrusted side of the CAS - I'm assuming you've got them set to trunks.&nbsp; If so, make sure there are no shared VLANs between the two ports, and make sure the native VLAN on each is set to a different garbage VLAN.</P><P></P><P>So, for a quick example.&nbsp; Say you're mapping VLAN 500 to VLAN 5 and VLAN 600 to VLAN 6, and VLAN 998 and 999 are currently not being used on your network.</P><P></P><P>trusted side</P><P>switchport trunk native vlan 998</P><P>switchport trunk allowed vlan 5, 6</P><P></P><P>untrusted side</P><P>switchport trunk native vlan 999</P><P>switchport trunk allowed vlan 500, 600</P><P></P><P>Of course, you'll also want to allow the management VLAN on the trusted side, too.</P><P></P><P>One other thing - are you seeing any errors on the directly connected switch about those ports or the CAS MAC addresses?</P><P></P><P>HTH,</P><P>Lauren</P></BODY></HTML> Tue, 08 Feb 2011 21:06:46 GMT Lauren Sullivan 2011-02-08T21:06:46Z https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601474#M769477 <P>Hi all,</P><P></P><P>I've deployed successfully in L2 OOB VG mode with PCs plugged in behing IP phones, however everytime I connect the NAC to the network the Internet slows down and the phone quality degrades. What could be the cause of this? An ideas?</P><P></P><P>Thanks,</P><P>~Xavier.</P> Fri, 21 Feb 2020 12:14:21 GMT https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601474#M769477 Xavier Lloyd 2020-02-21T12:14:21Z https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601475#M769508 <HTML><HEAD></HEAD><BODY><P>Hi Xavier,</P><P></P><P>Sounds like a loop.&nbsp; Check the switchports connected to the trusted and untrusted side of the CAS - I'm assuming you've got them set to trunks.&nbsp; If so, make sure there are no shared VLANs between the two ports, and make sure the native VLAN on each is set to a different garbage VLAN.</P><P></P><P>So, for a quick example.&nbsp; Say you're mapping VLAN 500 to VLAN 5 and VLAN 600 to VLAN 6, and VLAN 998 and 999 are currently not being used on your network.</P><P></P><P>trusted side</P><P>switchport trunk native vlan 998</P><P>switchport trunk allowed vlan 5, 6</P><P></P><P>untrusted side</P><P>switchport trunk native vlan 999</P><P>switchport trunk allowed vlan 500, 600</P><P></P><P>Of course, you'll also want to allow the management VLAN on the trusted side, too.</P><P></P><P>One other thing - are you seeing any errors on the directly connected switch about those ports or the CAS MAC addresses?</P><P></P><P>HTH,</P><P>Lauren</P></BODY></HTML> Tue, 08 Feb 2011 21:06:46 GMT https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601475#M769508 Lauren Sullivan 2011-02-08T21:06:46Z https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601476#M769540 <HTML><HEAD></HEAD><BODY><P>Hi Lauren,</P><P></P><P>I don't have any common VLANs between the trusted and untrusted ports and I've configured everything on the CAS and CAM according to the best practices in the config guide so I suspect that it's a network problem.</P><P></P><P>Since the time I made the post, I haven't heard anyone complain about the Internet again so the problem <STRONG><EM>seems</EM></STRONG> to have resolved itself. If it happens again then I'll be sure to take a look at the switch and provide the information you asked for.</P><P></P><P>Thanks for the help =]</P><P>Xavier</P></BODY></HTML> Tue, 08 Feb 2011 22:09:12 GMT https://community.cisco.com/t5/network-security/network-congestion-with-nac/m-p/1601476#M769540 Xavier Lloyd 2011-02-08T22:09:12Z