Gradelain Ngouni
2013-05-03 08:36:33 UTC
Hi,
regarding the resolving of IP-to-MAC Mapping of Guest users, I encounter the issue in LAN with Cisco Switches and Enterasys NAC.
Solved it the following:
- Ip-Helper pointing to the NAC-Gateway
- DHCP-snooping in the corresponding VLAN
Hope this could help you.
As mentioned by "Christian Zegelin" consider the selection of "disregards traffic" and the lease time for unregistered users !!!
Regards
Grady
Von: Read, Simon [mailto:***@nashua-communications.com]
Gesendet: Freitag, 3. Mai 2013 09:08
An: Enterasys Customer Mailing List
Betreff: RE: [enterasys] - Enterasys Wireless Controller intergration with Enterasys NAC - SNMP error
Hi Emre,
Thanks. There is also the ip address of NAC included. Sorry I missed it before.
Kind regards,
Simon Read
Service Engineer
Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>
[cid:***@01CE47E9.BBFA7AF0]
From: Kurtman, Emre [mailto:***@enterasys.com]
Sent: 02 May 2013 04:05 PM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] - Enterasys Wireless Controller intergration with Enterasys NAC - SNMP error
Hi Simon,
You should also add an ip helper address pointing to NAC's ip address so that NAC can resolve the IP address of the client.
Thanks,
Emre
On Thu, May 2, 2013 at 1:02 PM, Read, Simon <***@nashua-communications.com<mailto:***@nashua-communications.com>> wrote:
Hi All,
Would very much appreciate any feedback or suggestions on the following. I have a C25 and LPA successfully managed in NetSight via SNMPv3. What I am trying to do is create a single NAC VNS that allows access for Authenticated and Unauthenticated, (Guest) devices.
802.1x authenticated users connect to the VNS and can be remediated, no problem.
Unauthenticated users should connect to the VNS and then find themselves directed to NAC's login page when they open a browser. I am seeing in NAC that the connection attempt is, "Accept", but MAC-to-IP Address resolution fails. There are ip helper-addresses on the relevant Core switches VLAN GW that point to the DHCP server, the Layer-3 interface created for the NAC VNS and even the management IP address of the Controller.
I've set debugging for DHCP, IP resolution and SNMP to Verbose and in the tag.log and I am seeing the following error...
DEBUG [SnmpManager] Unable to get SnmpSwitch for IP: 127.0.0.1 sw: null
Has anybody seen this error before and/ or are there any suggestions on what might be causing it?
Kind regards,
Simon Read
Service Engineer
[cid:***@01CE47E9.BBFA7AF0]
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.
Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.
For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za<http://www.nashuacommunications.co.za>
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@enterasys.com<mailto:***@enterasys.com>
--
Emre Kurtman
Enterasys Networks
Cell: +90533 3302766
Email: ***@enterasys.com<mailto:***@enterasys.com>
There is nothing more important than our customers.
[Loading Image...
]
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@nashua-communications.com<mailto:***@nashua-communications.com>
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.
Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (?the ECT?) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.
For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za<http://www.nashuacommunications.co.za>
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@scaltel.de<mailto:***@scaltel.de>
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:c8dd5fe96a9240f9ab671c5406dc2289]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons H?rmann
Technologie-Forum 2013 - "Wir machen Technologie erlebbar"
Es erwarten Sie spannende Informationen rund um den Bereich der
Netzwerk- und Kommunikationstechnologie. Unsere Kunden sind
die Referenten und berichten ?ber ihre Erfahrungen aus der Praxis.
Bald ist es soweit, unser Technologie-Forum 2013 findet
unter dem Motto "Wir machen Technologie erlebbar" statt:
13. Juni in Wiesbaden 20. Juni in Waltenhofen
Weitere Informationen und das Anmeldeformular finden
Sie auf unserer Website<http://www.scaltel.de/technologie-forum-2013.html>.
In Kooperation mit:
[cid:f594030f5aa044ad8928fb9bdccdd781]
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
regarding the resolving of IP-to-MAC Mapping of Guest users, I encounter the issue in LAN with Cisco Switches and Enterasys NAC.
Solved it the following:
- Ip-Helper pointing to the NAC-Gateway
- DHCP-snooping in the corresponding VLAN
Hope this could help you.
As mentioned by "Christian Zegelin" consider the selection of "disregards traffic" and the lease time for unregistered users !!!
Regards
Grady
Von: Read, Simon [mailto:***@nashua-communications.com]
Gesendet: Freitag, 3. Mai 2013 09:08
An: Enterasys Customer Mailing List
Betreff: RE: [enterasys] - Enterasys Wireless Controller intergration with Enterasys NAC - SNMP error
Hi Emre,
Thanks. There is also the ip address of NAC included. Sorry I missed it before.
Kind regards,
Simon Read
Service Engineer
Nashua Communications (Pty) Ltd.
Unit 10 Growthpoint Business Park,
No 2 Tonnetti Street, Midrand, 1685
Cell: +27 (0)84 676 9200
DDI:+27 (0)10 001 3042
Fax: +27 (0)10 001 2500
***@nashua-communications.com<mailto:***@nashua-communications.com>
www.nashua-communications.com<http://www.nashua-communications.com/>
[cid:***@01CE47E9.BBFA7AF0]
From: Kurtman, Emre [mailto:***@enterasys.com]
Sent: 02 May 2013 04:05 PM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] - Enterasys Wireless Controller intergration with Enterasys NAC - SNMP error
Hi Simon,
You should also add an ip helper address pointing to NAC's ip address so that NAC can resolve the IP address of the client.
Thanks,
Emre
On Thu, May 2, 2013 at 1:02 PM, Read, Simon <***@nashua-communications.com<mailto:***@nashua-communications.com>> wrote:
Hi All,
Would very much appreciate any feedback or suggestions on the following. I have a C25 and LPA successfully managed in NetSight via SNMPv3. What I am trying to do is create a single NAC VNS that allows access for Authenticated and Unauthenticated, (Guest) devices.
802.1x authenticated users connect to the VNS and can be remediated, no problem.
Unauthenticated users should connect to the VNS and then find themselves directed to NAC's login page when they open a browser. I am seeing in NAC that the connection attempt is, "Accept", but MAC-to-IP Address resolution fails. There are ip helper-addresses on the relevant Core switches VLAN GW that point to the DHCP server, the Layer-3 interface created for the NAC VNS and even the management IP address of the Controller.
I've set debugging for DHCP, IP resolution and SNMP to Verbose and in the tag.log and I am seeing the following error...
DEBUG [SnmpManager] Unable to get SnmpSwitch for IP: 127.0.0.1 sw: null
Has anybody seen this error before and/ or are there any suggestions on what might be causing it?
Kind regards,
Simon Read
Service Engineer
[cid:***@01CE47E9.BBFA7AF0]
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.
Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.
For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za<http://www.nashuacommunications.co.za>
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@enterasys.com<mailto:***@enterasys.com>
--
Emre Kurtman
Enterasys Networks
Cell: +90533 3302766
Email: ***@enterasys.com<mailto:***@enterasys.com>
There is nothing more important than our customers.
[Loading Image...
]* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@nashua-communications.com<mailto:***@nashua-communications.com>
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Nashua Communications. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Nashua Communications. Nashua Communications accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments.
Nashua Communications does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference.
Nashua Communications, its divisions and subsidiary companies expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (?the ECT?) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Nashua Communications will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Nashua Communications.
For more information about Nashua Communications, visit our website at www.nashuacommunications.co.za<http://www.nashuacommunications.co.za>
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@scaltel.de<mailto:***@scaltel.de>
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:c8dd5fe96a9240f9ab671c5406dc2289]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons H?rmann
Technologie-Forum 2013 - "Wir machen Technologie erlebbar"
Es erwarten Sie spannende Informationen rund um den Bereich der
Netzwerk- und Kommunikationstechnologie. Unsere Kunden sind
die Referenten und berichten ?ber ihre Erfahrungen aus der Praxis.
Bald ist es soweit, unser Technologie-Forum 2013 findet
unter dem Motto "Wir machen Technologie erlebbar" statt:
13. Juni in Wiesbaden 20. Juni in Waltenhofen
Weitere Informationen und das Anmeldeformular finden
Sie auf unserer Website<http://www.scaltel.de/technologie-forum-2013.html>.
In Kooperation mit:
[cid:f594030f5aa044ad8928fb9bdccdd781]
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org