We only use MAC Auth no 802.1x. My Problem is that the end-system is learned in VLAN -1 (wrong) and VLAN -4 (correct)
s-lab(su)->show mac port ge.1.40 MAC Address FID Port Type ----------------- ---- ------------- -------- 10-60-4B-85-C7-4C 1 ge.1.40 Learned 10-60-4B-85-C7-4C 4 ge.1.40 Learned s-lab(su)-> if I add manually policy to that port - all working well: s-lab(su)->show mac port ge.1.40 MAC Address FID Port Type ----------------- ---- ------------- -------- 10-60-4B-85-C7-4C 4 ge.1.40 Learned s-lab(su)-> How can I prevent that the system is learned in VLAN 1 ? Regards Von: Kleber - SEREDE [mailto:[email protected]] Gesendet: Dienstag, 2. Juli 2013 15:21 An: Enterasys Customer Mailing List Cc: Enterasys Customer Mailing List Betreff: Re: [enterasys] Slow PXE and Windows Boot with active MAC Authentication Hi, I'm wich order are you authenticating? I ran b and c series in my site and first I try 802.1x then MAC authentication. In the reverse order it will show down everthing. Regards Kleber Enviado via iPhone Em 02/07/2013, às 08:44, "Patrick Printz" <[email protected]<mailto:[email protected]>> escreveu: The DHCP server is on a different vlan and subnet I am guessing. Is the ip-helper set for the subnet the PC is trying to connect to? Have you tried running a wireshark to see what is happening with the DHCP packets? We ran into something similar with Avaya VoIP phones. The phones were being very fickle about DHCP packets being relayed by the IP Helper. I ended up sticking a DHCP server on their subnet. However, with Windows, I have not seen any issues having systems on a subnet or vlan separate from that of the DHCP server. Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well." ~Martin Luther King, Jr. From: Matthias Nees [mailto:[email protected]] Sent: Tuesday, July 02, 2013 7:06 AM To: Enterasys Customer Mailing List Subject: [enterasys] AW: Slow PXE and Windows Boot with active MAC Authentication Hi, we only using a policy that cotains VLAN information: set policy profile 2 name "PCs" pvid-status enable pvid 4 cos-status enable cos 8 untagged-vlans 4 If I apply the same policy to that port without mac auth all working well. Regards Von: Patrick Printz [mailto:[email protected]] Gesendet: Dienstag, 2. Juli 2013 12:55 An: Enterasys Customer Mailing List Betreff: RE:[enterasys] Slow PXE and Windows Boot with active MAC Authentication We use MAC auth and 802.1x on all of our edge ports. We are running G3's on similar firmware. The end user devices do not experience any difference for us in the boot time with authentication on or off. When you disable MAC authentication, is the port wide open? What policy is applied to the port when authentication is on? Perhaps something being applied is causing the slowdown? Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well." ~Martin Luther King, Jr. From: Matthias Nees [mailto:[email protected]] Sent: Tuesday, July 02, 2013 6:50 AM To: Enterasys Customer Mailing List Subject: [enterasys] Slow PXE and Windows Boot with active MAC Authentication Hi All, are there any problems with PXE and Windows Boot when MAC Authentication is active on a Enterasys SecureStack switches? We uses B5 / C5 Edge Switches with recent Firmware (6.61.08). NAC Gateway is running with Version 4.3. PXE and Windows boot takes nearly double of time when MAC Authentication is active compare to a port where only same policy is manually applied. The problem is that windows needs a lot of time to get an ip address (via DHCP) and set it active then - so users getting very slow login screens and sometimes error messages. Troubleshooting shows us that RADIUS Server (NAC Gateway) response the correct Policy very fast. Policy is also applied to the port correctly. The station is also learned in the correct VLAN. It seems MAC authentication is working well. But if I disable MAC Auth boot process is normal. If I activate Authentication again it needs more time. Anyone out there that has similar problems ? Mit freundlichen Gruessen / Best Regards Matthias Nees Systemingenieur BELL Computer-Netzwerke GmbH Ohmstr. 6 76229 Karlsruhe Deutschland Tel.: +49 (721) 6624993-65 Fax: +49 (228) 42104 9065 E-Mail: [email protected]<mailto:[email protected]> Web: www.bell.de<http://www.bell.de/> <image001.jpg> <image002.gif> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]>
smime.p7s
Description: S/MIME cryptographic signature
