Hi Matthias, it might be normal that the MAC is learned on VLAN 1 first. If you set the MAC agetime to 20 seconds, you will see that it disappears from VLAN 1 after 20 seconds and it only shows the MAC on VLAN 4 after that 20 seconds.
That is normal behavior, but communication is still working on VLAN 4 besides this. Please can you send me the "show port egress" for that specific port. Thanks. Is maybe dynamicegress enabled for VLAN 1? I will give you a call Matthias. Kind regards, Markus On Tue, Jul 2, 2013 at 5:41 PM, Matthias Nees <[email protected]> wrote: > We only use MAC Auth no 802.1x.**** > > ** ** > > My Problem is that the end-system is learned in VLAN -1 (wrong) and VLAN > -4 (correct)**** > > ** ** > > s-lab(su)->show mac port ge.1.40 > > MAC Address FID Port Type > ----------------- ---- ------------- -------- > 10-60-4B-85-C7-4C 1 ge.1.40 Learned > 10-60-4B-85-C7-4C 4 ge.1.40 Learned > s-lab(su)->**** > > ** ** > > if I add manually policy to that port – all working well:**** > > ** ** > > s-lab(su)->show mac port ge.1.40 > > MAC Address FID Port Type > ----------------- ---- ------------- -------- > 10-60-4B-85-C7-4C 4 ge.1.40 Learned > s-lab(su)->**** > > ** ** > > How can I prevent that the system is learned in VLAN 1 ?**** > > ** ** > > Regards**** > > ** ** > > *Von:* Kleber - SEREDE [mailto:[email protected]] > *Gesendet:* Dienstag, 2. Juli 2013 15:21 > > *An:* Enterasys Customer Mailing List > *Cc:* Enterasys Customer Mailing List > *Betreff:* Re: [enterasys] Slow PXE and Windows Boot with active MAC > Authentication**** > > ** ** > > Hi,**** > > ** ** > > I'm wich order are you authenticating?**** > > ** ** > > I ran b and c series in my site and first I try 802.1x then MAC > authentication. In the reverse order it will show down everthing.**** > > ** ** > > ** ** > > Regards**** > > ** ** > > Kleber**** > > > Enviado via iPhone**** > > > Em 02/07/2013, às 08:44, "Patrick Printz" <[email protected]> escreveu: > **** > > The DHCP server is on a different vlan and subnet I am guessing. Is the > ip-helper set for the subnet the PC is trying to connect to? Have you > tried running a wireshark to see what is happening with the DHCP packets? > **** > > **** > > We ran into something similar with Avaya VoIP phones. The phones were > being very fickle about DHCP packets being relayed by the IP Helper. I > ended up sticking a DHCP server on their subnet. However, with Windows, I > have not seen any issues having systems on a subnet or vlan separate from > that of the DHCP server.**** > > **** > > *Patrick Printz***** > > *Network Infrastructure***** > > **** > > Quinsigamond Community College > 670 West Boylston Street > Worcester, MA 01606-2092 **** > > w. 508-854-7517**** > > c. 508-726-9529**** > > **** > > **** > > "If a man is called a street sweeper, he should sweep streets even as > Michelangelo painted, or Beethoven composed music, or Shakespeare wrote > poetry. He should sweep streets so well that all the hosts of heaven and > Earth will pause to say, Here lived a great street sweeper who did his job > well."**** > > ~Martin Luther King, Jr. **** > > **** > > *From:* Matthias Nees [mailto:[email protected] <[email protected]>] > *Sent:* Tuesday, July 02, 2013 7:06 AM > *To:* Enterasys Customer Mailing List > *Subject:* [enterasys] AW: Slow PXE and Windows Boot with active MAC > Authentication**** > > **** > > Hi,**** > > **** > > we only using a policy that cotains VLAN information:**** > > set policy profile 2 name "PCs" pvid-status enable pvid 4 cos-status > enable cos 8 untagged-vlans 4**** > > **** > > If I apply the same policy to that port without mac auth all working well. > **** > > **** > > Regards**** > > **** > > *Von:* Patrick Printz [mailto:[email protected] <[email protected]>] > > *Gesendet:* Dienstag, 2. Juli 2013 12:55 > *An:* Enterasys Customer Mailing List > *Betreff:* RE:[enterasys] Slow PXE and Windows Boot with active MAC > Authentication**** > > **** > > We use MAC auth and 802.1x on all of our edge ports. We are running G3’s > on similar firmware. The end user devices do not experience any difference > for us in the boot time with authentication on or off. When you disable > MAC authentication, is the port wide open? What policy is applied to the > port when authentication is on? Perhaps something being applied is causing > the slowdown?**** > > **** > > *Patrick Printz***** > > *Network Infrastructure***** > > **** > > Quinsigamond Community College > 670 West Boylston Street > Worcester, MA 01606-2092 **** > > w. 508-854-7517**** > > c. 508-726-9529**** > > **** > > **** > > "If a man is called a street sweeper, he should sweep streets even as > Michelangelo painted, or Beethoven composed music, or Shakespeare wrote > poetry. He should sweep streets so well that all the hosts of heaven and > Earth will pause to say, Here lived a great street sweeper who did his job > well."**** > > ~Martin Luther King, Jr. **** > > **** > > *From:* Matthias Nees [mailto:[email protected] <[email protected]>] > *Sent:* Tuesday, July 02, 2013 6:50 AM > *To:* Enterasys Customer Mailing List > *Subject:* [enterasys] Slow PXE and Windows Boot with active MAC > Authentication**** > > **** > > Hi All,**** > > **** > > are there any problems with PXE and Windows Boot when MAC Authentication > is active on a Enterasys SecureStack switches? **** > > We uses B5 / C5 Edge Switches with recent Firmware (6.61.08). NAC Gateway > is running with Version 4.3.**** > > **** > > PXE and Windows boot takes nearly double of time when MAC Authentication > is active compare to a port where only same policy is manually applied. The > problem is that windows needs a lot of time to get an ip address (via DHCP) > and set it active then – so users getting very slow login screens and > sometimes error messages.**** > > **** > > Troubleshooting shows us that RADIUS Server (NAC Gateway) response the > correct Policy very fast. Policy is also applied to the port correctly. The > station is also learned in the correct VLAN. It seems MAC authentication is > working well. But if I disable MAC Auth boot process is normal. If I > activate Authentication again it needs more time.**** > > **** > > **** > > Anyone out there that has similar problems ?**** > > **** > > **** > > **** > > Mit freundlichen Gruessen / Best Regards > > *Matthias Nees * > Systemingenieur**** > > *BELL Computer-Netzwerke GmbH* > Ohmstr. 6 > 76229 Karlsruhe > Deutschland **** > > Tel.:**** > > +49 (721) 6624993-65**** > > Fax:**** > > +49 (228) 42104 9065**** > > E-Mail:**** > > [email protected]**** > > Web:**** > > www.bell.de**** > > <image001.jpg>**** > > <image002.gif>**** > > **** > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
