Identity and Policy Control
Reply
Visitor
akajoe
Posts: 5
Registered: ‎06-09-2008
0

issue with multiple vlan

Hi all,

 

currently I configured IC4500 to serve 2 group of users (separate vlan) which will not having route between this 2 vlan. below is my setup;

 

IC4500

internal port ip     : 172.16.1.100

added vlan ip      :  192.168.1.100

sign in policies

172.16.1.100/groupa           ======> group a realm

192.168.1.100/groupb        ======> group b realm

EX4200

trunk port to IC4500 internal port.

802.1x radius server : 172.16.1.100             ========> group a

802.1x radius server : 192.168.1.100          ========> group b

 

everythings worked fine for group a's users with host checker running and remediation vlan assignment. BUT not for group b's user.

 

I'm having issue after group b's user authenticated via OAC. The OAC keep communicate to 172.16.1.100 as infranet controller instead of 192.168.1.100 even my ex4200 set radius server ip as 192.168.1.100. I'm wondering why the group b's user manage to authenticate via 192.168.1.100/groupb but after authenticated the infranet controller status keep showing "authenticating" to 172.16.1.100.

 

anyone can help? or any suggestion?

 

thanks in advance

 

 

 

Regards,

Joe

Trusted Contributor
CraigB
Posts: 92
Registered: ‎04-06-2008
0

Re: issue with multiple vlan

DId you verify that your device certificate is bound to the VLAN port?

 

It is very possible that the config may not work.  There are several services that do not work with VLAN ports on the IC.  NSM is one of the services that falls into this category.  I would not be surprised of the radius process was another.

 

Hope that helps.

 

Craig

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.