Subject: | |
From: | |
Reply To: | |
Date: | Tue, 13 May 2008 07:57:30 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
The switch is configured as a managed device, and the CAM and CAS are on
different subnets.
I am able to authenticate via a web browser by opening up the IP address of
the CAS manually, and everything else seems to work as expected (switch port
VLAN reconfiguration/bounce/etc.) The web redirection isn't happening, nor
is the client automatically popping up. Via tcpdump, I'm seeing the SWISS
packets arriving on the untrusted interface of the CAS.
Still stumped...
On 5/13/08 7:37 AM, "Northcutt, Kevin A. (Information Services)"
<[log in to unmask]> wrote:
> Are they all on different subnets?
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Osborne, Bruce W.
> (NS)
> Sent: Thursday, May 08, 2008 4:25 PM
> To: [log in to unmask]
> Subject: Re: L2 OOB Virtual Gateway Configuration Problem
>
> Have you configured your switch as a managed device?
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of David Stempien
> Sent: Thursday, May 08, 2008 4:14 PM
> To: [log in to unmask]
> Subject: [CLEANACCESS] L2 OOB Virtual Gateway Configuration Problem
>
> I have exhausted my troubleshooting options for what should be a
> simple configuration. I am trying to add a new CAS as a L2 OOB
> Virtual Gateway. I've configured L2 IB Virtual Gateways many times
> with no problem. It appears the configuration in OOB mode is very
> similar to the IB. Here's what I've done:
>
> - Added CAS to CAM as L2 OOB Virtual Gateway
> - Under managed subnet, added IP for untrusted VLAN
> - Configured VLAN Mapping for untrusted -> trusted VLANs
>
> DHCP passthrough works just fine. I can do everything on my test host
> as permitted by my Unauthenticated Role. On my test host, I even have
> ARP resolution for the managed subnet IP on the CAS.
>
> For the life of me, I can't figure out why the agent is not popping up
> or why web page redirection isn't happening. It's almost as if the
> CAS is not seeing my host traffic, or maybe it's just ignoring it. I
> find that hard to accept given my observations in the previous
> paragraph.
>
> Is there something special about the OOB configuration that I may have
> overlooked?
>
> Thanks in advance for any advice!
>
> --
> Dave Stempien, Network Security Engineer
> University of Rochester Medical Center
> Information Systems Division
> (585) 784-2427
|
|
|