My implementation is VG-OOB-L2
I have this:
VLAN Auth = 136, don´t have any subnet associate
VLAN Access = 140, subnet is 10.0.140.0/24
Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)
When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.
My doubt about my config is:
In interface eth1(untrusted) CAS I have the VLAN 136
In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?
In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?
VLAN Mapping is 136-140.
Why is not working?
There are two places where SNMP is configured on the CAM. One is used for reading the switch config, one for writing when setting the ports.
Please ensure both places have the correct values for the SNMP strings.
I solved the first problem, it was a dumb misconfiguration. What is happening now is that I have more than one user role, but only one auth VLAN. In the user role I have 3 VLANs with 3 different subnets, the problem is: when a client authenticates it dosn't renew the its IP address, it continues to use the same IP that it got when it was in the auth VLAN. I need the client do change its address to the correct subnet associate with the VLAN.
We're using a OOB VGW L2 setup, in the access switch I can see that the port's VLAN is changed from the auth vlan to the user role VLAN, but the client keeps the same IP address from the auth VLAN.
Make sure in your port profile you're setting the Access VLAN to "User Role VLAN". Also make sure the User role VLANs are defined for the User Role definitions.