Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About narges3707
Stats
Member since
08-13-2011
23
Posts
0
Helpful
0
Solutions
11-21-2012
10:29 PM
you know , we only have a single 2 core fiber and we should connect 20 node to eachother as a ring topology, it means a fiber must enter the switch and exit from the same switch, is it possible for switch to drop-and-insert fiber optic or not ?
... View more
11-20-2012
09:47 AM
Dear all There are 20 nodes which want to connect to eachother in fiber optic ring topology the issue is that service provider just with one pair core (only) the issue is I dont is this possib le weith regualt cisco switch or I should use CWDM ?? please give me some hint about this project
... View more
Labels:
08-07-2012
11:55 PM
Hi , I implemented cisco nac 4.9 in our environment as OOB VG L2 with ADSSO integration , before ADSSO was implemented everything had worked correctly , I have unauthenticated and access vlan that have diffrenet IP range , when I do not have ADSSO started , clients after posture assessment put in access vlan and with DHCP release/request feature the ip address range change based on access vlan , and when the client push log out option in NAC agent , the client return to unauthenticated vlan and ip address change again, but with ADSSO i have 2 problems : 1. when my domain users logg in to domain the LOG OUT option on cisco nac agent become grey out and they do not log out , so they had to logg off on domian to come back to unauthenticated vlan . 2. when the client comes back to unauthenticated vlan the ip address never change , i mean they put in unauthenticated vlan with access vlan ip address. how should I do for these situation ? is it norml that domain users can not log out via nac agent >? thanks ,
... View more
Labels:
07-31-2012
08:16 AM
yes of course , you must configure PORT GROUP on untrusted interface that is connected to switch port and put your Untrusted vlan number as an id there, after that restart your ESX and everything will work correctly. thanks for your attention,
... View more
07-31-2012
08:02 AM
Dear Gugo My problem was resolved , I implemented my CAS server on ESX which is caused the problem , I edited my ESX configuration and everything works fine, thanks
... View more
07-30-2012
10:50 PM
Hi Gugo , Thank you for your reply, 1. yes clients are in authenticated vlan (110) can get IP address configuration from vlan 50 subnet,(based on vlan mapping rule 110>50) 2. Trusted and Untrusted interface of NAC server have the same IP , yes clients can ping this ip address. 3. I am using NAC Agent 4.9.1.6. 4. I do not have DNS server in my network , so I am using public DNS servers like 4.2.2.2 thanks
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-28-2012
10:48 PM
07-28-2012
10:48 PM
Yes I checked it via monitoring>reporting , and it said that user successfully logged in temporary role, i created permit all on Local policy but the result is the same , yesterday I changed the DG of my client to SVI and after that I defined the ARP Entry for DG in CCA servers>Advanced>ARP and added the arp entry for my DG on Untrusted interface , then the NAC agent client poped up , now when client send ARP request for its DG the CAS response to it with its untrusted interface mac address and SVI ip Address , I do not know that it is a normal behavior or not ? thanks
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-28-2012
03:48 AM
07-28-2012
03:48 AM
I am running wireshark on client and see that client send broadcast ARP for finding the mac of DG periodically and I also that the SVI on 3750 answer to these request with the INT VLAN 50 mac address , but after that I do not know what happend? It does not get to client. thanks,
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-28-2012
03:39 AM
07-28-2012
03:39 AM
Dear Tarik Admani , Yes I checked it , everything is allowed form both direction. It is so strange why my clients could not get the ARP response from it is default gateway. C3750 responses to its request in corresponding VLAN but the response will fade after that. thanks,
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-28-2012
02:35 AM
07-28-2012
02:35 AM
Dear admani , thank you for your reply , Do you think the problem caused by ESX server ? when client can pass all the posture assessment correctly ( and not placed in temporary role) , everything works great but when it failed the problem begins to start. thanks,
... View more
07-28-2012
02:25 AM
Dear all , I have same problem with my OOB virtual gateway Central deployment , I have a C3750 as destribution switch and a 2950 as an access switch , CAS and CAM are connected to C3750 , vlan mapping is between 110>50 (110 unauthenticated vlan and 50 is access vlan ) and the manged sunbent is 10.10.50.2 . DG of my client is the SVI for vlan 50 on C3750 (10.10.50.1) . my clients can get ip address form dhcp server but the Agent does not pop up. thanks,
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-26-2012
12:51 AM
07-26-2012
12:51 AM
Dear Admani, when I changed the client 's gateway to ip address of SVI in 3750, clients Arp request was recieved by 3750 and it sends the reply but the problem is the client does not recieve these reply , But i do not know what it happens? it is the output on C3750 : <10.10.50.4 is client ip in untrusted part of NAS and the 10.10.50.1 is the SVI IP in 3750) 23:02:23: IP ARP: rcvd req src 10.10.50.4 14da.e9af.9d22, dst 10.10.50.1 Vlan50 23:02:23: IP ARP: sent rep src 10.10.50.1 0013.1aeb.9748, dst 10.10.50.4 14da.e9af.9d22 Vlan50 thanks,
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-25-2012
10:59 PM
07-25-2012
10:59 PM
Dear Tarik Admani , Could you please do a favor and skim this document ? It is for NAC 4.9 and it said that your DG must be the SVI clearly, http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cas/s_deploy.html Thanks,
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-25-2012
10:55 PM
07-25-2012
10:55 PM
Dear Tarik Admani , If you mean the ip configuration of CAS and CAM , I send it for you aan attachement , yes both of the NAC Manager and NAC Server are installed on esx 4.1. best regard
... View more
Created by
narges3707
in Policy and Access
in Policy and Access
07-25-2012
01:13 AM
07-25-2012
01:13 AM
Dear Tarik Admani, Yes my ftp server was in vlan 50 , I changed the vlan and put it in the vlan 200 , but the problem is still there and my client in unauthenticated vlan does not connect to it, in my switches I turned debugging for arp traffic on but It shows nothing!! Thanks .
... View more
11-21-2012
you know , we only have a single 2 core fiber and we should connect 20
node to eachother as a ring t...
11-20-2012
Dear allThere are 20 nodes which want to connect to eachother in fiber
optic ring topology the issue...
08-07-2012
Hi , I implemented cisco nac 4.9 in our environment as OOB VG L2 with
ADSSO integration ,before ADSS...
07-28-2012
Yes I checked it via monitoring>reporting , and it said that user
successfully logged in temporary r...
07-28-2012
I am running wireshark on client and see that client send broadcast ARP
for finding the mac of DG pe...
07-28-2012
Dear Tarik Admani ,Yes I checked it , everything is allowed form both
direction.It is so strange why...
07-28-2012
Dear admani ,thank you for your reply ,Do you think the problem caused
by ESX server ?when client ca...
07-26-2012
Dear Admani,when I changed the client 's gateway to ip address of SVI in
3750, clients Arp request w...
07-25-2012
Dear Tarik Admani ,Could you please do a favor and skim this document ?
It is for NAC 4.9 and it sai...
07-25-2012
Dear Tarik Admani ,If you mean the ip configuration of CAS and CAM , I
send it for you aan attacheme...
07-25-2012
Dear Tarik Admani,Yes my ftp server was in vlan 50 , I changed the vlan
and put it in the vlan 200 ,...
07-24-2012
Dear Tarik Admani ,I have two switch one of them is WS-C3750-24TS with
IOS “c3750-ipservicesk9-mz.12...
07-24-2012
Dear Tarik Admani ,Yes I do that when I changed configuration on my CAS
, I have read this document ...
07-23-2012
Dear Tarik Admani,I unchecked " subnet based vlan retag" , but it doesnt
work , when I changed clien...
Public Statistics
| Date Registered | 08-13-2011 06:09 AM |
| Date Last Visited | 08-01-2018 02:27 AM |
| Total Messages Posted | 23 |
