cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1212
Views
0
Helpful
5
Replies

NAC Problem

julfp
Level 1
Level 1

Hi !!!

My implementation is VG-OOB-L2

I have this:

VLAN Auth = 136, don´t have any subnet associate

VLAN Access = 140, subnet is 10.0.140.0/24

Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)

When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.

My doubt about my config is:

In interface eth1(untrusted) CAS I have the VLAN 136

In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?

In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?

VLAN Mapping is 136-140.

Why is not working?

Tks.

5 Replies 5

Faisal Sehbai
Level 7
Level 7

Hello,

There are two places where SNMP is configured on the CAM. One is used for reading the switch config, one for writing when setting the ports.

Please ensure both places have the correct values for the SNMP strings.

HTH,

Faisal

Faisal,

I solved the first problem, it was a dumb misconfiguration. What is happening now is that I have more than one user role, but only one auth VLAN. In the user role I have 3 VLANs with 3 different subnets, the problem is: when a client authenticates it dosn't renew the its IP address, it continues to use the same IP that it got when it was in the auth VLAN. I need the client do change its address to the correct subnet associate with the VLAN.

We're using a OOB VGW L2 setup, in the access switch I can see that the port's VLAN is changed from the auth vlan to the user role VLAN, but the client keeps the same IP address from the auth VLAN.

Regards,

Hi,

Make sure in your port profile you're setting the Access VLAN to "User Role VLAN". Also make sure the User role VLANs are defined for the User Role definitions.

HTH,

Faisal

Documenting resolution from the TAC case.

It was a DHCP server problem of misconfiguration. CCA works as expected now.

Faisal

hi,

can you explain the issue in the DHCP server... I have a similar problem with Win2k8 R2 DHCP ...

Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: