Thanks Cal. Simple setup. Authenticated users also get affected when this happens, indicates something else is going on. Don't have any other ideas at the moment. Would suggest opening a TAC case.
regards -alok -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Cal Frye Sent: Monday, August 18, 2008 5:50 AM To: [email protected] Subject: Re: 3.5.11 virtual IP mode and ARP Alok Agrawal (alagrawa) wrote: > Hey Cal, > Most likely Managed Subnets on the CAS has not been configured. Am > assuming you have multiple vlans trunked to the CAS. There will be a > default Managed subnet entry in there. But you need to configure a > separate Managed Subnet for each of the vlans trunked upto the CAS. No, there is a single managed subnet for this setup, no VLANs (or rather, the single default VLAN). Elsewhere on the network we have two subnets being managed by one CAS, and I know about managed subnet settings, but the wireless setup is rather simple: Router -> CAS -> Switch -> 4400 Controllers -> APs -> Clients Virtual IP, so Router is at aa.bb.cc.1, CAS trusted is .2, untrusted is .3, controller public/client interfaces are on aa.bb.cc.11, .12, etc, and Clients get DHCP relayed from a central DHCP server. Controllers and access points communicate on a private subnet/VLAN which is routed around the CAS, not through it. Wireshark confirms we're not seeing that VLAN at the CAS interface. The clients are ARPing for the untrusted interface of the CAS, which is where the authentication web page is served, of course. When the arp traffic begins, communication is disrupted and even authenticated clients can't get through. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "The voices of conformity speak so loudly out there. Don't listen. People will tell you what you ought to think and how you ought to feel. They will tell you what to read and how to live. They will urge you to take jobs that they themselves loathe, and to follow safe paths that they themselves find tedious." -- Anna Quindlen.
