Yeah. I think this is a problem with the wireless, not NAC, but fingers are pointing everywhere, so I thought I'd double-check with the list. Sorry for the extra chatter. --Cal
Alok Agrawal (alagrawa) wrote: > Thanks Cal. Simple setup. Authenticated users also get affected when > this happens, indicates something else is going on. Don't have any other > ideas at the moment. Would suggest opening a TAC case. > > regards > -alok > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye > Sent: Monday, August 18, 2008 5:50 AM > To: [email protected] > Subject: Re: 3.5.11 virtual IP mode and ARP > > Alok Agrawal (alagrawa) wrote: >> Hey Cal, >> Most likely Managed Subnets on the CAS has not been configured. Am >> assuming you have multiple vlans trunked to the CAS. There will be a >> default Managed subnet entry in there. But you need to configure a >> separate Managed Subnet for each of the vlans trunked upto the CAS. > > No, there is a single managed subnet for this setup, no VLANs (or > rather, the single default VLAN). Elsewhere on the network we have two > subnets being managed by one CAS, and I know about managed subnet > settings, but the wireless setup is rather simple: > > Router -> CAS -> Switch -> 4400 Controllers -> APs -> Clients > > Virtual IP, so Router is at aa.bb.cc.1, CAS trusted is .2, untrusted is > .3, controller public/client interfaces are on aa.bb.cc.11, .12, etc, > and Clients get DHCP relayed from a central DHCP server. Controllers and > access points communicate on a private subnet/VLAN which is routed > around the CAS, not through it. Wireshark confirms we're not seeing that > VLAN at the CAS interface. > > The clients are ARPing for the untrusted interface of the CAS, which is > where the authentication web page is served, of course. When the arp > traffic begins, communication is disrupted and even authenticated > clients can't get through. > > -- > Regards, > -- Cal Frye, Network Administrator, Oberlin College > > www.calfrye.com, www.pitalabs.com > > > "The voices of conformity speak so loudly out there. Don't listen. > People will tell you what you ought to think and how you ought to feel. > They will tell you what to read and how to live. They will urge you to > take jobs that they themselves loathe, and to follow safe paths that > they themselves find tedious." -- Anna Quindlen. > -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "Smash forehead on keyboard to continue..."
