LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: L2 OOB Virtual Gateway Configuration Problem
From:	"Stempien, Dave" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 13 May 2008 07:57:30 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

The switch is configured as a managed device, and the CAM and CAS are on

different subnets.



I am able to authenticate via a web browser by opening up the IP address of

the CAS manually, and everything else seems to work as expected (switch port

VLAN reconfiguration/bounce/etc.)  The web redirection isn't happening, nor

is the client automatically popping up.  Via tcpdump, I'm seeing the SWISS

packets arriving on the untrusted interface of the CAS.



Still stumped...



On 5/13/08 7:37 AM, "Northcutt, Kevin A. (Information Services)"

<[log in to unmask]> wrote:



> Are they all on different subnets?

> 

> -----Original Message-----

> From: Cisco Clean Access Users and Administrators

> [mailto:[log in to unmask]] On Behalf Of Osborne, Bruce W.

> (NS)

> Sent: Thursday, May 08, 2008 4:25 PM

> To: [log in to unmask]

> Subject: Re: L2 OOB Virtual Gateway Configuration Problem

> 

> Have you configured your switch as a managed device?

> 

> -----Original Message-----

> From: Cisco Clean Access Users and Administrators

> [mailto:[log in to unmask]] On Behalf Of David Stempien

> Sent: Thursday, May 08, 2008 4:14 PM

> To: [log in to unmask]

> Subject: [CLEANACCESS] L2 OOB Virtual Gateway Configuration Problem

> 

> I have exhausted my troubleshooting options for what should be a

> simple configuration.  I am trying to add a new CAS as a L2 OOB

> Virtual Gateway.  I've configured L2 IB Virtual Gateways many times

> with no problem.  It appears the configuration in OOB mode is very

> similar to the IB.  Here's what I've done:

> 

> - Added CAS to CAM as L2 OOB Virtual Gateway

> - Under managed subnet, added IP for untrusted VLAN

> - Configured VLAN Mapping for untrusted -> trusted VLANs

> 

> DHCP passthrough works just fine.  I can do everything on my test host

> as permitted by my Unauthenticated Role.  On my test host, I even have

> ARP resolution for the managed subnet IP on the CAS.

> 

> For the life of me, I can't figure out why the agent is not popping up

> or why web page redirection isn't happening.  It's almost as if the

> CAS is not seeing my host traffic, or maybe it's just ignoring it.  I

> find that hard to accept given my observations in the previous

> paragraph.

> 

> Is there something special about the OOB configuration that I may have

> overlooked?

> 

> Thanks in advance for any advice!

> 

> --

> Dave Stempien, Network Security Engineer

> University of Rochester Medical Center

> Information Systems Division

> (585) 784-2427

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU