Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
2
Replies

NAC Authentication Login Page

Go to solution
Mohd Fauzan Rahim
Beginner
Beginner

‎08-07-2011 08:51 PM - edited ‎03-10-2019 06:17 PM

Hello all,

I'm in the middle configuring NAc layer 2 OOB deployment. The client machine have got the IP in access VLAN ( VLAN Mapping ) but nothing happens after that. Suppose that when I open a web browser the authentication login page appear.

Can somebody point out what is wrong or guide me. Many thanks in advance.

Rgds,

Fauzan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-08-2011 02:41 AM

Fauzan,

Hi, Can you try checking the manage subnet settings? Make sure that there is a unused ip address in the clients subnet space that is sending requests to the corresponding untrusted vlan that you setup in your vlan mapping. If mapping from 100 -> 10 that the ip address from the vlan 10 space is unused but the vlan assigned to this managed subnet is on vlan 100.

Next, I would suggest checking dns. Is the desitnation traffic (www.google.com as an example) resolvable by dns? If not, try http://1.1.1.1. Also on the same token what you using for certs? Are they ip based or fqdn? Also check and see if the client can resolve the fqdn of the CAS cert. If using ip based, see what happens when trying to navigate to the CAS ip address.

Thanks,

Tarik

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-08-2011 02:41 AM

Fauzan,

Hi, Can you try checking the manage subnet settings? Make sure that there is a unused ip address in the clients subnet space that is sending requests to the corresponding untrusted vlan that you setup in your vlan mapping. If mapping from 100 -> 10 that the ip address from the vlan 10 space is unused but the vlan assigned to this managed subnet is on vlan 100.

Next, I would suggest checking dns. Is the desitnation traffic (www.google.com as an example) resolvable by dns? If not, try http://1.1.1.1. Also on the same token what you using for certs? Are they ip based or fqdn? Also check and see if the client can resolve the fqdn of the CAS cert. If using ip based, see what happens when trying to navigate to the CAS ip address.

Thanks,

Tarik

0 Helpful

Go to solution
Mohd Fauzan Rahim
Beginner
Beginner
In response to Tarik Admani

‎08-08-2011 06:46 PM

Thanks Tarik,

I change the ip for managed subnets, the login page pop up but another error shows due to expired certs. I regenerate the certs and solve the problem.

Again, many thanks for your help.

Rgds,

Fauzan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents