LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: No filter but still no web login
From:	"Kelley, Tim" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 10 Aug 2006 11:58:48 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (189 lines)

Hi Again Michael,

Yes, it worked Monday morning but now it doesn't.  We have had it
installed, and working, most of the summer.

-Tim

Tim Kelley
ResNet Coordinator
California State University, Chico
m. 530.230.7400
o. 530.898.5148



-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of King, Michael
Sent: Thursday, August 10, 2006 11:34 AM
To: [log in to unmask]
Subject: Re: No filter but still no web login

Tim..

Are you setting this up for the first time, IE, has it ever worked?  :-)


I was making the assumption that it worked, and now doesn't.

 

> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Kelley, Tim
> Sent: Thursday, August 10, 2006 2:24 PM
> To: [log in to unmask]
> Subject: Re: No filter but still no web login
> 
> Hi Dennis,
> 
> Thank you, too, for the quick response.  
> 
> I am hesitant to potentially break my test network by putting 
> my port on one of the non-authenticating networks so instead 
> I wandered over to a hall (thus the delay), released/renewed, 
> and verified that the IP I got wasn't on our management 
> subnet (we use a completely different range for
> management: 10... vs a real IP 132... the students are assigned.)
> 
> -Tim
> 
> Tim Kelley
> ResNet Coordinator
> California State University, Chico
> m. 530.230.7400
> o. 530.898.5148
> 
> 
> 
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Dennis Xu
> Sent: Thursday, August 10, 2006 10:39 AM
> To: [log in to unmask]
> Subject: Re: No filter but still no web login
> 
> Can other users get IP correctly? 
> 
>  
> 
> Once I have seen one specific user could not being directed 
> to web login page because he got the same IP as CAS IP in 
> management subnet. Make sure to exclude CAS IP in management 
> subnet from central DHCP range. 
> 
>  
> 
> ------------
> 
> Dennis Xu
> 
> Network Analyst (CCS)
> 
> University of Guelph
> 
> 519-824-4120 x 56217
> 
> [log in to unmask]
> 
> ________________________________
> 
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Kelley, Tim
> Sent: Thursday, August 10, 2006 1:22 PM
> To: [log in to unmask]
> Subject: No filter but still no web login
> 
>  
> 
> Hi All,
> 
> I have been banging my head against the wall for the past 
> three days with this problem so I thought I would submit it 
> to the group.  
> 
> The Setup:
> 
>         IB, Real IP, Failover CAS & CAM bundles
> 
> Briefly, here are the symptoms:
> 
> No users except on one VLAN (the test VLAN in my office) are 
> being redirected to the login page on requesting a url.  It 
> works as expected on my test VLAN.
> 
> Here is what I have done to test it:
> 
> 1)      Verified that there are no subnet filters on both the CAS and
> CAM
> 
> 2)      Verified that there are no device filters on the CAS or CAM
> 
> 3)      Checked the 'Unauthenticated' role filter and see 
> that there is
> allow access to the following (untrusted -> trusted):
> 
> a.      UDP & TCP untrusted = *:* trusted = 132.241.66.8
> /255.255.255.255 :* (our  vpn server)
> 
> b.      TCP untrusted = *:*  trusted = 132.241.82.62 /255.255.255.255
> :80 (our resnet web server)
> 
> c.      UDP DNS
> 
> d.      Otherwise, block all
> 
> 4)      Allowed hosts are the stock setup
> 
> 5)      Bandwidth management not enabled.
> 
> 6)      My test devices are not on the 'Certified Devices' list.
> 
> 7)      I added a 'deny' filter for my test device's MAC and 
> I verified
> that I was not able to access the Internet (to test to see if 
> there was a layer 3 bypass to the CAS).
> 
> And then I started "poking it with a stick" because I was out 
> of ideas:
> 
> 8)      I verified that I was being issued an IP in a range 
> appropriate
> to the managed subnet.
> 
> 9)      I deleted the managed subnet from the CAS and verified that I
> could not access the internet. 
> 
> 10)     I checked /proc/click/intern_validation_table on the 
> CAS for 00
> MACs as per Kyle Evans on the ListServ:
> 
> "We are running IB VGW, and we had a similar problem one 
> time.  I don't know what caused it exactly, but I suspect it 
> had to do with managed subnets not being created properly.  
> Anyway, cd to /proc/click/intern_validation_table on the CAS. 
>  Then do "cat table".
> We found that if any IP addresses in that table had mac 
> addresses of all 0s, then whomever had that IP address could 
> use the network unfettered."
> 
>         No 00:00... macs
> 
> I am out of ideas.  I would love some help.
> 
> -Tim
> 
> Tim Kelley
> 
> ResNet Coordinator
> 
> California State University, Chico
> 
> m. 530.230.7400
> 
> o. 530.898.5148
> 
>  
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU