Hess, Matthew A
2014-05-14 10:46:38 UTC
Gradelain,
It sounds like you are moving your client into a different vlan based on policy attributes and that the C5 is changing policy but the client can't get to their default gateway.
If this is the case I'm interested in knowing if you are running VRRP on the default gateway? If you're running VRRP and the VLAN the client starts in has a VLAN-ID (VRID) that's the same as the VLAN they are moving into then the client will still contain an ARP entry for the MAC address of the previous gateway (if VLAN-ID 1 then it will be 00-00-5e-00-01-01) which conflicts with the MAC address of the new VLAN and thus makes communication with the new gateway impossible until the ARP table clears.
If that's the case an easy solution is to ensure that you utilize unique VLAN-ID's on both those VLAN's so that the MAC address will be different, since VRRP utilizes the VRID as part of the MAC address.
Matthew Hess
Sr. Mgr. Network & Telecom
Milton Hershey School
PO Box 830 Hershey PA 17033-0830
Phone: 717-520-2224
-----Original Message-----
From: Enterasys Customer Mailing List digest [mailto:***@listserv.unc.edu]
Sent: Wednesday, May 14, 2014 12:10 AM
To: enterasys digest recipients
Subject: enterasys digest: May 13, 2014
ENTERASYS Digest for Tuesday, May 13, 2014.
1. client communication issue on C5G
2. Re: client communication issue on C5G 3. AW: client communication issue on C5G 4. Re: client communication issue on C5G 5. AW: client communication issue on C5G 6. Re: AW: client communication issue on C5G
----------------------------------------------------------------------
Subject: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 18:43:18 +0200
X-Message-Number: 1
Hello All,
The problem I’m facing now is as follow:
The C5G switch operating on following Firmware(06.61.08.0013 ) is configured to accept following radius attribute: Policy and VLAN-ID.
From the switch I can ping the Client-Gateway and from the client itself NOT.
The client receives the right policy(which actually allows everything). And dynamically received the right VLAN IDE as well:
[cid:***@01CF6EDB.09CCBEA0]
- Vlan existent on the switch and uplinks and the whole Path to the core -->verified
- Vlan also configured manually on the switch port where the client is connected --> ping still unsuccessful
- Policy applied without vlan information --> didn’t help too
Any Hint will be welcome.
Thanks and regards
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:3e10f76d6b2148c5abd16e820a7f2890]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:4c7735871d0b4dbe9bb35d046fbf705e]
----------------------------------------------------------------------
Subject: Re: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 12:55:49 -0400
X-Message-Number: 2
Have you done a 'sh port egress' on the port?
Is the goal to have any client that gets the ROLE-MAC-Telefonserver policy to be contained to VLAN 22 no matter what VLAN the port is set to?
We have our RADIUS attribute set to Filter ID (Discard VTA). Is there a reason why you are trying to assign the VLAN via RADIUS? I assume you are using Policy Manager. If you configure your ROLE-MAC-Telefonserver to contain to VLAN 22 your RADIUS server wouldn't need to know anything about the VLAN. It would just have to get the Filter ID correct and the rest would happen via Policy.
John
John Kaftan
IT Infrastructure Manager
Utica College
----------------------------------------------------------------------
Subject: AW: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 19:25:17 +0200
X-Message-Number: 3
Hello John,
here the „sh port egress“.
[cid:***@01CF6EE0.15ABBD20]
The only reason why, the vlan attribute is configured on the NAC-Gateway is that, the policy were configured separately from someone else. And shouldn’t be manipulated at this time.
Yes, any Client that gets the role “ROLE-MAC-Telefonserver” should be assign vlan 22 no matter what vlan is set on the port.
The final goal of the Role “ROLE-MAC-Telefonserver” should be allowing everything except some specific protocol, therefore in my opinion better to assign the vlan trough NAC and the protocol restriction trough PM.
Similar rules are working on other switches pretty well.
The IP address on vlan 22 is assign to the pc manually and the PC still can’t ping its gateway.
Thanks in advance.
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:a788c58d08404f98bae975219bd7ee83]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:d9c518aa49314f6a90cc344951c80a38]
----------------------------------------------------------------------
Subject: Re: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 13:39:12 -0400
X-Message-Number: 4
Kind of has to be an egress issues between the client and the router. You could mirror the port that the client is on and capture traffic as the ping happens. Then you could move the capture to the uplink port for the switch. Any chance you have a lag going and forgot to do the egress on the Lag port? Or you do not have single port lag configured and your lag is down and you do not have the egress on the physical port? Anyway get proof that the packet is leaving the switch or not.
You could start at the the other end and do a packet capture on the server or mirror the server port and grab a capture to see if the packet is making it to the server and it is just not coming back for some reason.
You could also do a 'sh mac port ge.1.1' on your switch to see if the switch has learned your PCs Mac address.
You could also disable auth on the port to see if your policy is causing the issue.
Just some thoughts. I hate it when stuff like this happens.
John Kaftan
IT Infrastructure Manager
Utica College
----------------------------------------------------------------------
Subject: AW: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 19:52:00 +0200
X-Message-Number: 5
Hello John,
thanks for your thoughts so far.
What has not been done yet is:
- Capturing the packets
I even disable the authentication on the port bus still no success:
[cid:***@01CF6EE4.C1D2CBD0]
I have a feeling that something is going wrong with the switch??
Many thanks
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:c40ef61b1839486fab4c0312f5e1c8cd]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:755124f762a345ceaaefbe0309b8c843]
----------------------------------------------------------------------
Subject: Re: AW: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 22:54:30 -0400
X-Message-Number: 6
I have had that feeling too multiple times but it has always been something logical in the end or some little detail I have missed. I would call Enterasys and not beat my head against the wall. Your switch is covered for free and their support is awesome. Please let us know what it was.
Couple of other commands to try:
'Show port status' make sure your port is not dorment or admin down 'Show port mirror' make sure your port is not in a mirror 'Show spantree spanguardlock' make sure your port is not locked. Don't see why it would be but what the heck.
Is this a single switch or is it a stack member?
---
END OF DIGEST
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys ***@mhs-pa.org
***Disclaimer: This E-mail may contain privileged, confidential, copyrighted, or other legally protected information. If you are not the intended recipient, you may not use, copy, or retransmit it. If you have received this by mistake please notify the sender by return E-mail, then delete. Thank you.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gma
It sounds like you are moving your client into a different vlan based on policy attributes and that the C5 is changing policy but the client can't get to their default gateway.
If this is the case I'm interested in knowing if you are running VRRP on the default gateway? If you're running VRRP and the VLAN the client starts in has a VLAN-ID (VRID) that's the same as the VLAN they are moving into then the client will still contain an ARP entry for the MAC address of the previous gateway (if VLAN-ID 1 then it will be 00-00-5e-00-01-01) which conflicts with the MAC address of the new VLAN and thus makes communication with the new gateway impossible until the ARP table clears.
If that's the case an easy solution is to ensure that you utilize unique VLAN-ID's on both those VLAN's so that the MAC address will be different, since VRRP utilizes the VRID as part of the MAC address.
Matthew Hess
Sr. Mgr. Network & Telecom
Milton Hershey School
PO Box 830 Hershey PA 17033-0830
Phone: 717-520-2224
-----Original Message-----
From: Enterasys Customer Mailing List digest [mailto:***@listserv.unc.edu]
Sent: Wednesday, May 14, 2014 12:10 AM
To: enterasys digest recipients
Subject: enterasys digest: May 13, 2014
ENTERASYS Digest for Tuesday, May 13, 2014.
1. client communication issue on C5G
2. Re: client communication issue on C5G 3. AW: client communication issue on C5G 4. Re: client communication issue on C5G 5. AW: client communication issue on C5G 6. Re: AW: client communication issue on C5G
----------------------------------------------------------------------
Subject: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 18:43:18 +0200
X-Message-Number: 1
Hello All,
The problem I’m facing now is as follow:
The C5G switch operating on following Firmware(06.61.08.0013 ) is configured to accept following radius attribute: Policy and VLAN-ID.
From the switch I can ping the Client-Gateway and from the client itself NOT.
The client receives the right policy(which actually allows everything). And dynamically received the right VLAN IDE as well:
[cid:***@01CF6EDB.09CCBEA0]
- Vlan existent on the switch and uplinks and the whole Path to the core -->verified
- Vlan also configured manually on the switch port where the client is connected --> ping still unsuccessful
- Policy applied without vlan information --> didn’t help too
Any Hint will be welcome.
Thanks and regards
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:3e10f76d6b2148c5abd16e820a7f2890]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:4c7735871d0b4dbe9bb35d046fbf705e]
----------------------------------------------------------------------
Subject: Re: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 12:55:49 -0400
X-Message-Number: 2
Have you done a 'sh port egress' on the port?
Is the goal to have any client that gets the ROLE-MAC-Telefonserver policy to be contained to VLAN 22 no matter what VLAN the port is set to?
We have our RADIUS attribute set to Filter ID (Discard VTA). Is there a reason why you are trying to assign the VLAN via RADIUS? I assume you are using Policy Manager. If you configure your ROLE-MAC-Telefonserver to contain to VLAN 22 your RADIUS server wouldn't need to know anything about the VLAN. It would just have to get the Filter ID correct and the rest would happen via Policy.
John
Hello All,
The C5G switch operating on following Firmware(06.61.08.0013 ) is
configured to accept following radius attribute: Policy and VLAN-ID.
From the switch I can ping the Client-Gateway and from the client
itself NOT.
The client receives the right policy(which actually allows everything).
- Vlan existent on the switch and uplinks and the whole Path to
the core àverified
- Vlan also configured manually on the switch port where the
client is connected à ping still unsuccessful
- Policy applied without vlan information à didn’t help too
Any Hint will be welcome.
Thanks and regards
Gradelain
*Gradelain Ngouni*
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23 Telefax +49 (0) 6134 50789-10
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
*_____________________________________________________________________
___________*
*Technologie-Forum 2014 *
*"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"*
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai
seine Pforten.
Unsere *Kunden *berichten *als Referenten* praxisnah über *umgesetzte
Projekte*. Alle Technologien des SCALTEL Portfolios gibt es hautnah an
den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle *Tipps und Erkenntnisse*, um Ihre IT-Projekte
erfolgreich voranzutreiben
* 15. Mai in Wiesbaden 22. Mai in Kempten*
Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>
.
Anmeldeformular <http://www.scaltel.de/anmeldeformular.html>
*In Kooperation mit:*
--The C5G switch operating on following Firmware(06.61.08.0013 ) is
configured to accept following radius attribute: Policy and VLAN-ID.
From the switch I can ping the Client-Gateway and from the client
itself NOT.
The client receives the right policy(which actually allows everything).
- Vlan existent on the switch and uplinks and the whole Path to
the core àverified
- Vlan also configured manually on the switch port where the
client is connected à ping still unsuccessful
- Policy applied without vlan information à didn’t help too
Any Hint will be welcome.
Thanks and regards
Gradelain
*Gradelain Ngouni*
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23 Telefax +49 (0) 6134 50789-10
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
*_____________________________________________________________________
___________*
*Technologie-Forum 2014 *
*"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"*
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai
seine Pforten.
Unsere *Kunden *berichten *als Referenten* praxisnah über *umgesetzte
Projekte*. Alle Technologien des SCALTEL Portfolios gibt es hautnah an
den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle *Tipps und Erkenntnisse*, um Ihre IT-Projekte
erfolgreich voranzutreiben
* 15. Mai in Wiesbaden 22. Mai in Kempten*
Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>
.
Anmeldeformular <http://www.scaltel.de/anmeldeformular.html>
*In Kooperation mit:*
John Kaftan
IT Infrastructure Manager
Utica College
----------------------------------------------------------------------
Subject: AW: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 19:25:17 +0200
X-Message-Number: 3
Hello John,
here the „sh port egress“.
[cid:***@01CF6EE0.15ABBD20]
The only reason why, the vlan attribute is configured on the NAC-Gateway is that, the policy were configured separately from someone else. And shouldn’t be manipulated at this time.
Yes, any Client that gets the role “ROLE-MAC-Telefonserver” should be assign vlan 22 no matter what vlan is set on the port.
The final goal of the Role “ROLE-MAC-Telefonserver” should be allowing everything except some specific protocol, therefore in my opinion better to assign the vlan trough NAC and the protocol restriction trough PM.
Similar rules are working on other switches pretty well.
The IP address on vlan 22 is assign to the pc manually and the PC still can’t ping its gateway.
Thanks in advance.
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:a788c58d08404f98bae975219bd7ee83]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:d9c518aa49314f6a90cc344951c80a38]
----------------------------------------------------------------------
Subject: Re: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 13:39:12 -0400
X-Message-Number: 4
Kind of has to be an egress issues between the client and the router. You could mirror the port that the client is on and capture traffic as the ping happens. Then you could move the capture to the uplink port for the switch. Any chance you have a lag going and forgot to do the egress on the Lag port? Or you do not have single port lag configured and your lag is down and you do not have the egress on the physical port? Anyway get proof that the packet is leaving the switch or not.
You could start at the the other end and do a packet capture on the server or mirror the server port and grab a capture to see if the packet is making it to the server and it is just not coming back for some reason.
You could also do a 'sh mac port ge.1.1' on your switch to see if the switch has learned your PCs Mac address.
You could also disable auth on the port to see if your policy is causing the issue.
Just some thoughts. I hate it when stuff like this happens.
Hello John,
here the „sh port egress“.
The only reason why, the vlan attribute is configured on the
NAC-Gateway is that, the policy were configured separately from
someone else. And shouldn’t be manipulated at this time.
Yes, any Client that gets the role “ROLE-MAC-Telefonserver” should
be assign vlan 22 no matter what vlan is set on the port.
The final goal of the Role “ROLE-MAC-Telefonserver” should be allowing
everything except some specific protocol, therefore in my opinion
better to assign the vlan trough NAC and the protocol restriction trough PM.
Similar rules are working on other switches pretty well.
The IP address on vlan 22 is assign to the pc manually and the PC
still can’t ping its gateway.
Thanks in advance.
Gradelain
*Gradelain Ngouni*
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23 Telefax +49 (0) 6134 50789-10
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
*_____________________________________________________________________
___________*
*Technologie-Forum 2014 *
*"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"*
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai
seine Pforten.
Unsere *Kunden *berichten *als Referenten* praxisnah über *umgesetzte
Projekte*. Alle Technologien des SCALTEL Portfolios gibt es hautnah an
den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle *Tipps und Erkenntnisse*, um Ihre IT-Projekte
erfolgreich voranzutreiben
* 15. Mai in Wiesbaden 22. Mai in Kempten*
Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>
.
Anmeldeformular <http://www.scaltel.de/anmeldeformular.html>
*In Kooperation mit:*
--here the „sh port egress“.
The only reason why, the vlan attribute is configured on the
NAC-Gateway is that, the policy were configured separately from
someone else. And shouldn’t be manipulated at this time.
Yes, any Client that gets the role “ROLE-MAC-Telefonserver” should
be assign vlan 22 no matter what vlan is set on the port.
The final goal of the Role “ROLE-MAC-Telefonserver” should be allowing
everything except some specific protocol, therefore in my opinion
better to assign the vlan trough NAC and the protocol restriction trough PM.
Similar rules are working on other switches pretty well.
The IP address on vlan 22 is assign to the pc manually and the PC
still can’t ping its gateway.
Thanks in advance.
Gradelain
*Gradelain Ngouni*
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23 Telefax +49 (0) 6134 50789-10
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
*_____________________________________________________________________
___________*
*Technologie-Forum 2014 *
*"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"*
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai
seine Pforten.
Unsere *Kunden *berichten *als Referenten* praxisnah über *umgesetzte
Projekte*. Alle Technologien des SCALTEL Portfolios gibt es hautnah an
den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle *Tipps und Erkenntnisse*, um Ihre IT-Projekte
erfolgreich voranzutreiben
* 15. Mai in Wiesbaden 22. Mai in Kempten*
Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>
.
Anmeldeformular <http://www.scaltel.de/anmeldeformular.html>
*In Kooperation mit:*
John Kaftan
IT Infrastructure Manager
Utica College
----------------------------------------------------------------------
Subject: AW: client communication issue on C5G
From: Gradelain Ngouni <***@scaltel.de>
Date: Tue, 13 May 2014 19:52:00 +0200
X-Message-Number: 5
Hello John,
thanks for your thoughts so far.
What has not been done yet is:
- Capturing the packets
I even disable the authentication on the port bus still no success:
[cid:***@01CF6EE4.C1D2CBD0]
I have a feeling that something is going wrong with the switch??
Many thanks
Gradelain
Gradelain Ngouni
Dipl. -Ing.
IT-Projektleiter
SCALTEL AG
Anna-Birle-Str. 2
55252 Mainz-Kastel
Telefon +49 6134 50789-23
Telefax +49 (0) 6134 50789-10
***@scaltel.de
[cid:c40ef61b1839486fab4c0312f5e1c8cd]
Rechtsform: Aktiengesellschaft
Registergericht: Kempten HRB 7208
Sitz: Waltenhofen
Vorstandsvorsitzender: Christian Skala
Vorstand: Joachim Skala
Aufsichtsratsvorsitzender: Alfons Hörmann
________________________________________________________________________________
Technologie-Forum 2014
"IT-Projekte im Mittelstand - Zukunftssichere Investitionen"
Es ist wieder soweit! Das SCALTEL Technologie-Forum öffnet im Mai seine Pforten.
Unsere Kunden berichten als Referenten praxisnah über umgesetzte Projekte. Alle Technologien des SCALTEL Portfolios gibt es hautnah an den zahlreichen Live-Demo-Ständen zum Anfassen.
Erhalten Sie wertvolle Tipps und Erkenntnisse, um Ihre IT-Projekte erfolgreich voranzutreiben
15. Mai in Wiesbaden 22. Mai in Kempten
Mehr zum Technologie-Forum und den Referenten finden Sie hier: Website<http://www.scaltel.de/technologie-forum-wth-wi-2014.html>.
Nutzen Sie die Chance und sichern Sie sich hier Ihre Teilnahme: Anmeldeformular<http://www.scaltel.de/anmeldeformular.html>
In Kooperation mit:
[cid:755124f762a345ceaaefbe0309b8c843]
----------------------------------------------------------------------
Subject: Re: AW: client communication issue on C5G
From: John Kaftan <***@utica.edu>
Date: Tue, 13 May 2014 22:54:30 -0400
X-Message-Number: 6
I have had that feeling too multiple times but it has always been something logical in the end or some little detail I have missed. I would call Enterasys and not beat my head against the wall. Your switch is covered for free and their support is awesome. Please let us know what it was.
Couple of other commands to try:
'Show port status' make sure your port is not dorment or admin down 'Show port mirror' make sure your port is not in a mirror 'Show spantree spanguardlock' make sure your port is not locked. Don't see why it would be but what the heck.
Is this a single switch or is it a stack member?
---
END OF DIGEST
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys ***@mhs-pa.org
***Disclaimer: This E-mail may contain privileged, confidential, copyrighted, or other legally protected information. If you are not the intended recipient, you may not use, copy, or retransmit it. If you have received this by mistake please notify the sender by return E-mail, then delete. Thank you.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gma