Showing results for 
Search instead for 
Did you mean: 

Dot1x with Infranet Enforcer deployment

Occasional Contributor

Dot1x with Infranet Enforcer deployment

Dear all,

i doing lab in my office about dot1x and infranet enforcer deployment. we have 2 vlan, reme vlan and corp vlan. when user success both authen and healty check, ic will return vlan 3 and the rest vlan 4.

authentication and host checker process already success but i dont know why i can not see entries on get auth table on firewall (IE) but i can see 2 active user login with the same username ( L2 and L3 authen) on IC, because of that traffic blocking occured

nsisg1000-> get db str
**st: <V1-Untrust|ethernet1/2|Root|0> 4d9c118: 9383:>,1,60
****** 03088.0: <V1-Untrust/ethernet1/2> packet received [60]******
ipid = 37763(9383), @04d9c118
packet passed sanity check.
packet with vlan 1, vlan-group vlan1, vsd 0
found mac 000fb099bf36 on ethernet1/1
no session found
flow_first_sanity_check: in <v1-untrust>, out <v1-trust>
policy search from zone 11-> zone 12
policy_flow_search policy search nat_crt from zone 11-> zone 12
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip, port 42070, proto 1)
No SW RPC rule match, search HW rule
rs_search_ip: policy matched id/idx/action = 2/1/0x309
Permitted by policy 2
choose interface v1-trust as outgoing phy if
session application type 0, name None, nas_id 0, timeout 60sec
infranet redirect, non-http traffic is not allowed
log this session (pid=2)
policy id (2)
packet dropped, denied by policy
packet dropped, auth failed

for detail log u can see the screenshot

Frequent Contributor

Re: Dot1x with Infranet Enforcer deployment

Did you define a source IP enforcer policy on the IC for your firewall?