The switch is configured as a managed device, and the CAM and CAS are on different subnets.
I am able to authenticate via a web browser by opening up the IP address of the CAS manually, and everything else seems to work as expected (switch port VLAN reconfiguration/bounce/etc.) The web redirection isn't happening, nor is the client automatically popping up. Via tcpdump, I'm seeing the SWISS packets arriving on the untrusted interface of the CAS. Still stumped... On 5/13/08 7:37 AM, "Northcutt, Kevin A. (Information Services)" <[EMAIL PROTECTED]> wrote: > Are they all on different subnets? > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Osborne, Bruce W. > (NS) > Sent: Thursday, May 08, 2008 4:25 PM > To: [email protected] > Subject: Re: L2 OOB Virtual Gateway Configuration Problem > > Have you configured your switch as a managed device? > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of David Stempien > Sent: Thursday, May 08, 2008 4:14 PM > To: [email protected] > Subject: [CLEANACCESS] L2 OOB Virtual Gateway Configuration Problem > > I have exhausted my troubleshooting options for what should be a > simple configuration. I am trying to add a new CAS as a L2 OOB > Virtual Gateway. I've configured L2 IB Virtual Gateways many times > with no problem. It appears the configuration in OOB mode is very > similar to the IB. Here's what I've done: > > - Added CAS to CAM as L2 OOB Virtual Gateway > - Under managed subnet, added IP for untrusted VLAN > - Configured VLAN Mapping for untrusted -> trusted VLANs > > DHCP passthrough works just fine. I can do everything on my test host > as permitted by my Unauthenticated Role. On my test host, I even have > ARP resolution for the managed subnet IP on the CAS. > > For the life of me, I can't figure out why the agent is not popping up > or why web page redirection isn't happening. It's almost as if the > CAS is not seeing my host traffic, or maybe it's just ignoring it. I > find that hard to accept given my observations in the previous > paragraph. > > Is there something special about the OOB configuration that I may have > overlooked? > > Thanks in advance for any advice! > > -- > Dave Stempien, Network Security Engineer > University of Rochester Medical Center > Information Systems Division > (585) 784-2427
