Identity and Policy Control
Reply
Visitor
krix
Posts: 3
Registered: ‎08-10-2009
0

Erratic behaaviour..getting incorrect VLAN assignment

IC is used in 802.1x scenario. Currently am running a test scenario before actual deployment; and configured such that if notepad.exe is running then endpt is compliant. Its observed that although if notepad.exe doesnt run, I get compliant vlan applied to the switchport and during reevaluation of policies, I get the correct vlan pushed. Similarly few times its observed that although endpoint is non-compliant get compliant vlan and during reevaluation get the correct vlan. i have ensured that switch is not misbehaving.As a workaround I configured reevauation time as "0", after which I get correct vlan based on compliance / NC, but policy doesnt refersh. I have captured relevant logs for it. Just to update, I have IC & LDAP in time synch (using NTP on IC).

 

If i set the reevaluation as 1, then i get correct vlan after 1 min and the vlan thats applied before that cant be guaranteed!

 

Is it some problem with IC config or with Host checker on endpoint machine or something else?

 

I have attached the logs for your reference.

 

Thanks in advance

Trusted Contributor
ManojReddy
Posts: 38
Registered: ‎03-18-2008
0

Re: Erratic behaaviour..getting incorrect VLAN assignment

can you post screenshots of your role mapping rules page and radius attribute policies page?

also mention to which role you enabled notepad host checker policy.

I wanted to look at the order of roles and radius attribute policies.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.