https://community.cisco.com/t5/network-security/nac-problem/m-p/1491943#M797181 <P>Hi !!!</P><P></P><P>My implementation is VG-OOB-L2</P><P>I have this:</P><P>VLAN Auth = 136, don´t have any subnet associate</P><P>VLAN Access = 140, subnet is 10.0.140.0/24</P><P>Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)</P><P></P><P>When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.</P><P></P><P>My doubt about my config is:</P><P>In interface eth1(untrusted) CAS I have the VLAN 136</P><P>In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?</P><P>In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?</P><P>VLAN Mapping is 136-140.</P><P></P><P></P><P>Why is not working?</P><P></P><P>Tks.</P> Fri, 21 Feb 2020 12:03:21 GMT julfp 2020-02-21T12:03:21Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491943#M797181 <P>Hi !!!</P><P></P><P>My implementation is VG-OOB-L2</P><P>I have this:</P><P>VLAN Auth = 136, don´t have any subnet associate</P><P>VLAN Access = 140, subnet is 10.0.140.0/24</P><P>Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)</P><P></P><P>When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.</P><P></P><P>My doubt about my config is:</P><P>In interface eth1(untrusted) CAS I have the VLAN 136</P><P>In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?</P><P>In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?</P><P>VLAN Mapping is 136-140.</P><P></P><P></P><P>Why is not working?</P><P></P><P>Tks.</P> Fri, 21 Feb 2020 12:03:21 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491943#M797181 julfp 2020-02-21T12:03:21Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491944#M797182 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>There are two places where SNMP is configured on the CAM. One is used for reading the switch config, one for writing when setting the ports.</P><P></P><P>Please ensure both places have the correct values for the SNMP strings.</P><P></P><P>HTH,</P><P>Faisal</P></BODY></HTML> Tue, 17 Aug 2010 05:39:26 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491944#M797182 Faisal Sehbai 2010-08-17T05:39:26Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491945#M797183 <HTML><HEAD></HEAD><BODY><P>Faisal,</P><P></P><P>I solved the first problem, it was a dumb misconfiguration. What is happening now is that I have more than one user role, but only one auth VLAN. In the user role I have 3 VLANs with 3 different subnets, the problem is: when a client authenticates it dosn't renew the its IP address, it continues to use the same IP that it got when it was in the auth VLAN. I need the client do change its address to the correct subnet associate with the VLAN. </P><P></P><P>We're using a OOB VGW L2 setup, in the access switch I can see that the port's VLAN is changed from the auth vlan to the user role VLAN, but the client keeps the same IP address from the auth VLAN.</P><P></P><P>Regards,</P></BODY></HTML> Tue, 17 Aug 2010 19:58:16 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491945#M797183 julfp 2010-08-17T19:58:16Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491946#M797184 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Make sure in your port profile you're setting the Access VLAN to "User Role VLAN". Also make sure the User role VLANs are defined for the User Role definitions.</P><P></P><P>HTH,</P><P>Faisal</P></BODY></HTML> Thu, 19 Aug 2010 11:59:43 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491946#M797184 Faisal Sehbai 2010-08-19T11:59:43Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491947#M797185 <HTML><HEAD></HEAD><BODY><P>Documenting resolution from the TAC case.</P><P></P><P>It was a DHCP server problem of misconfiguration. CCA works as expected now.</P><P></P><P>Faisal</P></BODY></HTML> Sat, 21 Aug 2010 05:21:08 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491947#M797185 Faisal Sehbai 2010-08-21T05:21:08Z https://community.cisco.com/t5/network-security/nac-problem/m-p/1491948#M797186 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>can you explain the issue in the DHCP server... I have a similar problem with Win2k8 R2 DHCP ...</P><P></P><P>Thank you</P></BODY></HTML> Tue, 21 Dec 2010 21:27:46 GMT https://community.cisco.com/t5/network-security/nac-problem/m-p/1491948#M797186 George Ribarski 2010-12-21T21:27:46Z