Matthias Nees
2013-07-02 11:05:45 UTC
Hi,
we only using a policy that cotains VLAN information:
set policy profile 2 name "PCs" pvid-status enable pvid 4 cos-status enable cos 8 untagged-vlans 4
If I apply the same policy to that port without mac auth all working well.
Regards
Von: Patrick Printz [mailto:***@qcc.mass.edu]
Gesendet: Dienstag, 2. Juli 2013 12:55
An: Enterasys Customer Mailing List
Betreff: RE:[enterasys] Slow PXE and Windows Boot with active MAC Authentication
We use MAC auth and 802.1x on all of our edge ports. We are running G3's on similar firmware. The end user devices do not experience any difference for us in the boot time with authentication on or off. When you disable MAC authentication, is the port wide open? What policy is applied to the port when authentication is on? Perhaps something being applied is causing the slowdown?
Patrick Printz
Network Infrastructure
Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529
"If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well."
~Martin Luther King, Jr.
From: Matthias Nees [mailto:***@bell.de]
Sent: Tuesday, July 02, 2013 6:50 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] Slow PXE and Windows Boot with active MAC Authentication
Hi All,
are there any problems with PXE and Windows Boot when MAC Authentication is active on a Enterasys SecureStack switches?
We uses B5 / C5 Edge Switches with recent Firmware (6.61.08). NAC Gateway is running with Version 4.3.
PXE and Windows boot takes nearly double of time when MAC Authentication is active compare to a port where only same policy is manually applied. The problem is that windows needs a lot of time to get an ip address (via DHCP) and set it active then - so users getting very slow login screens and sometimes error messages.
Troubleshooting shows us that RADIUS Server (NAC Gateway) response the correct Policy very fast. Policy is also applied to the port correctly. The station is also learned in the correct VLAN. It seems MAC authentication is working well. But if I disable MAC Auth boot process is normal. If I activate Authentication again it needs more time.
Anyone out there that has similar problems ?
Mit freundlichen Gruessen / Best Regards
Matthias Nees
Systemingenieur
BELL Computer-Netzwerke GmbH
Ohmstr. 6
76229 Karlsruhe
Deutschland
Tel.:
+49 (721) 6624993-65
Fax:
+49 (228) 42104 9065
E-Mail:
***@bell.de<mailto:***@bell.de>
Web:
www.bell.de<http://www.bell.de/>
[cid:***@01CE7724.D989FC70]
[cid:***@01CE7724.D989FC70]
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@bell.de<mailto:***@bell.de>
we only using a policy that cotains VLAN information:
set policy profile 2 name "PCs" pvid-status enable pvid 4 cos-status enable cos 8 untagged-vlans 4
If I apply the same policy to that port without mac auth all working well.
Regards
Von: Patrick Printz [mailto:***@qcc.mass.edu]
Gesendet: Dienstag, 2. Juli 2013 12:55
An: Enterasys Customer Mailing List
Betreff: RE:[enterasys] Slow PXE and Windows Boot with active MAC Authentication
We use MAC auth and 802.1x on all of our edge ports. We are running G3's on similar firmware. The end user devices do not experience any difference for us in the boot time with authentication on or off. When you disable MAC authentication, is the port wide open? What policy is applied to the port when authentication is on? Perhaps something being applied is causing the slowdown?
Patrick Printz
Network Infrastructure
Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529
"If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well."
~Martin Luther King, Jr.
From: Matthias Nees [mailto:***@bell.de]
Sent: Tuesday, July 02, 2013 6:50 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] Slow PXE and Windows Boot with active MAC Authentication
Hi All,
are there any problems with PXE and Windows Boot when MAC Authentication is active on a Enterasys SecureStack switches?
We uses B5 / C5 Edge Switches with recent Firmware (6.61.08). NAC Gateway is running with Version 4.3.
PXE and Windows boot takes nearly double of time when MAC Authentication is active compare to a port where only same policy is manually applied. The problem is that windows needs a lot of time to get an ip address (via DHCP) and set it active then - so users getting very slow login screens and sometimes error messages.
Troubleshooting shows us that RADIUS Server (NAC Gateway) response the correct Policy very fast. Policy is also applied to the port correctly. The station is also learned in the correct VLAN. It seems MAC authentication is working well. But if I disable MAC Auth boot process is normal. If I activate Authentication again it needs more time.
Anyone out there that has similar problems ?
Mit freundlichen Gruessen / Best Regards
Matthias Nees
Systemingenieur
BELL Computer-Netzwerke GmbH
Ohmstr. 6
76229 Karlsruhe
Deutschland
Tel.:
+49 (721) 6624993-65
Fax:
+49 (228) 42104 9065
E-Mail:
***@bell.de<mailto:***@bell.de>
Web:
www.bell.de<http://www.bell.de/>
[cid:***@01CE7724.D989FC70]
[cid:***@01CE7724.D989FC70]
* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@bell.de<mailto:***@bell.de>