Have you done a 'sh port egress' on the port?

Is the goal to have any client that gets the ROLE-MAC-Telefonserver policy
to be contained to VLAN 22 no matter what VLAN the port is set to?

We have our RADIUS attribute set to Filter ID (Discard VTA). Is there a
reason why you are trying to assign the VLAN via RADIUS? I assume you are
using Policy Manager. If you configure your ROLE-MAC-Telefonserver to
contain to VLAN 22 your RADIUS server wouldn't need to know anything about
the VLAN. It would just have to get the Filter ID correct and the rest
would happen via Policy.

John




On Tue, May 13, 2014 at 12:43 PM, Gradelain Ngouni <

Kind of has to be an egress issues between the client and the router. You
could mirror the port that the client is on and capture traffic as the ping
happens. Then you could move the capture to the uplink port for the
switch. Any chance you have a lag going and forgot to do the egress on the
Lag port? Or you do not have single port lag configured and your lag is
down and you do not have the egress on the physical port? Anyway get proof
that the packet is leaving the switch or not.

You could start at the the other end and do a packet capture on the server
or mirror the server port and grab a capture to see if the packet is making
it to the server and it is just not coming back for some reason.

You could also do a 'sh mac port ge.1.1' on your switch to see if the
switch has learned your PCs Mac address.

You could also disable auth on the port to see if your policy is causing
the issue.

Just some thoughts. I hate it when stuff like this happens.






On Tue, May 13, 2014 at 1:25 PM, Gradelain Ngouni <

Hi,

Can you put a simple diagram with all switchs between the server and the
gateway.

Please indicate port numbers for all uplinks, gateway and server.
Also indicate switch name and if possible do "show vlan portinfo port
*.*.*" ; "show spantree stats port *.*.*" ; "show port status" on all of
them.

At the gateway also do a "router ----> show running"

Regrads,
Hugo Veiga
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Just curious but is there any particular reason your traffic is untagged?

Jimmy Payne
Information Systems and Technology Department
Network Manager
770-205-4558

From: Gradelain Ngouni [mailto:***@scaltel.de]
Sent: Tuesday, May 13, 2014 1:25 PM
To: Enterasys Customer Mailing List
Subject: AW: [enterasys] client communication issue on C5G

Hello John,

here the „sh port egress“.
[cid:***@01CF6F48.AD3E8D80]

The only reason why, the vlan attribute is configured on the NAC-Gateway is that, the policy were configured separately from someone else. And shouldn’t be manipulated at this time.
Yes, any Client that gets the role “ROLE-MAC-Telefonserver” should be assign vlan 22 no matter what vlan is set on the port.

The final goal of the Role “ROLE-MAC-Telefonserver” should be allowing everything except some specific protocol, therefore in my opinion better to assign the vlan trough NAC and the protocol restriction trough PM.
Similar rules are working on other switches pretty well.
The IP address on vlan 22 is assign to the pc manually and the PC still can’t ping its gateway.

Thanks in advance.

Gradelain





Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter


SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel

Telefon +49 6134 50789-23

Telefax +49 (0) 6134 50789-10






***@scaltel.de<mailto:***@scaltel.de>

[cid:***@01CF6F48.AD3E8D80]

Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann




________________________________________________________________________________

Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"

Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.

Unsere Kunden berichten als Referenten praxisnah ÃŒber umgesetzte Projekte. Alle Technologien
des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-StÀnden zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben

15. Mai in Wiesbaden 22. Mai in Kempten

Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>

In Kooperation mit:

[cid:***@01CF6F48.AD3E8D80]

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@forsythco.com<mailto:***@forsythco.com>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org