hi All i have question regarding IC as radius server in 802.1x environment. when user logging for L2 authentication (802.1x) the user session will recorded as active user.how ic keep/check whether the user still active or not ? thanks EL ... View more

Dear all, i doing lab in my office about dot1x and infranet enforcer deployment. we have 2 vlan, reme vlan and corp vlan. when user success both authen and healty check, ic will return vlan 3 and the rest vlan 4. authentication and host checker process already success but i dont know why i can not see entries on get auth table on firewall (IE) but i can see 2 active user login with the same username ( L2 and L3 authen) on IC, because of that traffic blocking occured nsisg1000-> get db str **st: <V1-Untrust|ethernet1/2|Root|0> 4d9c118: 9383:192.168.30.6/600->192.168.30.2/a305,1,60 ****** 03088.0: <V1-Untrust/ethernet1/2> packet received [60]****** ipid = 37763(9383), @04d9c118 packet passed sanity check. packet with vlan 1, vlan-group vlan1, vsd 0 v1-untrust:192.168.30.6/41733->192.168.30.2/1536,1(8/0)<Root> found mac 000fb099bf36 on ethernet1/1 no session found flow_first_sanity_check: in <v1-untrust>, out <v1-trust> policy search from zone 11-> zone 12 policy_flow_search policy search nat_crt from zone 11-> zone 12 RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.168.30.2, port 42070, proto 1) No SW RPC rule match, search HW rule rs_search_ip: policy matched id/idx/action = 2/1/0x309 Permitted by policy 2 choose interface v1-trust as outgoing phy if session application type 0, name None, nas_id 0, timeout 60sec infranet redirect, non-http traffic is not allowed log this session (pid=2) policy id (2) packet dropped, denied by policy packet dropped, auth failed for detail log u can see the screenshot ... View more

Dear all, i doing lab in my office about dot1x and infranet enforcer deployment. we have 2 vlan, reme vlan and corp vlan. when user success both authen and healty check, ic will return vlan 3 and the rest vlan 4. authentication and host checker process already success but i dont know why i can not see entries on get auth table on firewall (IE) but i can see 2 active user login with the same username ( L2 and L3 authen) on IC, because of that traffic blocking occured nsisg1000-> get db str **st: <V1-Untrust|ethernet1/2|Root|0> 4d9c118: 9383:192.168.30.6/600->192.168.30.2/a305,1,60 ****** 03088.0: <V1-Untrust/ethernet1/2> packet received [60]****** ipid = 37763(9383), @04d9c118 packet passed sanity check. packet with vlan 1, vlan-group vlan1, vsd 0 v1-untrust:192.168.30.6/41733->192.168.30.2/1536,1(8/0)<Root> found mac 000fb099bf36 on ethernet1/1 no session found flow_first_sanity_check: in <v1-untrust>, out <v1-trust> policy search from zone 11-> zone 12 policy_flow_search policy search nat_crt from zone 11-> zone 12 RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 192.168.30.2, port 42070, proto 1) No SW RPC rule match, search HW rule rs_search_ip: policy matched id/idx/action = 2/1/0x309 Permitted by policy 2 choose interface v1-trust as outgoing phy if session application type 0, name None, nas_id 0, timeout 60sec infranet redirect, non-http traffic is not allowed log this session (pid=2) policy id (2) packet dropped, denied by policy packet dropped, auth failed for detail log u can see the screenshot ... View more