10-25-2010 09:46 AM
currently I configured IC4500 to serve 2 group of users (separate vlan) which will not having route between this 2 vlan. below is my setup;
internal port ip : 172.16.1.100
added vlan ip : 192.168.1.100
sign in policies
172.16.1.100/groupa ======> group a realm
192.168.1.100/groupb ======> group b realm
trunk port to IC4500 internal port.
802.1x radius server : 172.16.1.100 ========> group a
802.1x radius server : 192.168.1.100 ========> group b
everythings worked fine for group a's users with host checker running and remediation vlan assignment. BUT not for group b's user.
I'm having issue after group b's user authenticated via OAC. The OAC keep communicate to 172.16.1.100 as infranet controller instead of 192.168.1.100 even my ex4200 set radius server ip as 192.168.1.100. I'm wondering why the group b's user manage to authenticate via 192.168.1.100/groupb but after authenticated the infranet controller status keep showing "authenticating" to 172.16.1.100.
anyone can help? or any suggestion?
thanks in advance
12-28-2010 10:48 AM
DId you verify that your device certificate is bound to the VLAN port?
It is very possible that the config may not work. There are several services that do not work with VLAN ports on the IC. NSM is one of the services that falls into this category. I would not be surprised of the radius process was another.
Hope that helps.