Question

2.21K viewsFebruary 14, 2020

0

jes olais February 6, 2019 0 Comments

Hi All,

We are trying to monitor & control multiple networks. done configuring cisco core as trunk port allowing particular vlans.

on genian side, done configuring as trunk port with sample IP below

# configure terminal
# interface eth0.1 address 10.1.1.5 255.255.255.0
# interface eth0.1 gateway 10.1.1.1
# interface eth0.1 vlan 1,10,15
# interface eth0.1 management-server enable
# interface eth0.1 node-server enable
# interface eth0.1 radius-server enable
# exit

But the problem is, after configuration, we can't access nor ping the ip 10.1.1.5. please help.

Regards,

Olais

4 Answers

score 0 · Answer 1 · 2019-03-12T20:48:30+00:00

In my Case

192.168.55.0 network native VLAN. - Untagged VLAN

192.168.60.0 network VLAN 60.- Tagged VLAN

You must distinguish between tagged VLAN and Untaged VLAN.

eth0.X interface. It is an interface that supports tagged VLAN.

eth0 interface supports untagged VLAN. (native VLAN)

Switch

interface FastEthernet1/0/8
switchport trunk enapsulation dot1q
switchport mode trunk
switchport trunk native vlan 1

-------------------------------------------------------------------

GeniansNAC

interface eth0.60 address 192.168.60.20 255.255.255.0
interface eth0.60 gateway 192.168.60.1
interface eth0 address 192.168.55.20 255.255.255.0
interface eth0 gateway 192.168.55.254
interface eth0 management-server enable
interface eth0 node-server enable
interface eth0 radius-server enable
interface eth0 vlan 60
interface wlan0 mode monitor

ip default-gateway 192.168.55.254

score 0 · Answer 2 · 2019-03-12T18:21:30+00:00

Hi Jes,

For starters, trunk encapsulation must be set to dot1q. Also, you have configuration conflict with the native vlan settings. You can either remove the native vlan settings from the trunk port, or make the following config changes.

Remove: using syntax > no interface eth0.1 address 10.10.10.5 255.255.255.0

interface eth0.1 address 10.10.10.5 255.255.255.0
interface eth0.1 gateway 10.10.10.1
interface eth0.1 management-server enable
interface eth0.1 node-server enable
interface eth0.1 radius-server enable

interface eth0 vlan 1,

Replace with:

interface eth0 address 10.10.10.5 255.255.255.0
interface eth0 gateway 10.10.10.1
interface eth0 management-server enable
interface eth0 node-server enable
interface eth0 radius-server enable

In this case eth0 will function as the untagged vlan.

Lastly, you must configure a sensor interface on each vlan on the sensor by command line.

Example setup:

Switch

interface FastEthernet2/0/12
description 802.1q Trunk Port for Genian NAC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk

ip default-gateway 10.10.10.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 10.10.10.0 255.255.255.0 10.10.10.1
ip route 10.10.30.0 255.255.255.0 10.10.30.1
ip route 10.10.40.0 255.255.255.0 10.10.30.1
ip http server

Genians - Interfaces and gateways must be configured on the sensor by command line using the following syntax:

> interface eth0.20 address 10.10.20.3 255.255.255.0
> interface eth0.20 gateway 10.10.20.2

interface eth0.10 address 10.10.10.4 255.255.255.0
interface eth0.10 gateway 10.10.10.1
interface eth0.10 management-server enable
interface eth0.10 node-server enable
interface eth0.10 radius-server enable
interface eth0.1 address 10.10.1.3 255.255.255.0
interface eth0.1 gateway 10.10.1.2
interface eth0.20 address 10.10.20.3 255.255.255.0
interface eth0.20 gateway 10.10.20.2
interface eth0.30 address 10.10.30.3 255.255.255.0
interface eth0.30 gateway 10.10.30.2
interface eth0.40 address 10.10.40.3 255.255.255.0
interface eth0.40 gateway 10.10.40.2
interface eth0 vlan 1,10,20,30,40
interface wlan0 mode monitor

More info at: https://docs.genians.com/system/change-interface-type.html

score 0 · Answer 3 · 2019-03-11T01:04:27+00:00

Hi Scott,

Trunk port of the switch is properly configured. See switch config below

---- Switch------

interface GigabitEthernet 0/7
switchport mode trunk

interface VLAN 1
ip address 10.10.10.2 255.255.255.0
!
interface VLAN 10
ip address 192.168.10.2 255.255.255.0
!
interface VLAN 20
ip address 192.168.20.2 255.255.255.0
!
interface VLAN 30
ip address 192.168.30.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1

Interface Native VLAN VLAN lists
GigabitEthernet 0/1 1 ALL
GigabitEthernet 0/7 1 ALL

-------------Genian---------------------------------------------

interface eth0.10 dhcp enable
interface eth0.1 address 10.10.10.5 255.255.255.0
interface eth0.1 gateway 10.10.10.1
interface eth0.1 management-server enable
interface eth0.1 node-server enable
interface eth0.1 radius-server enable
interface eth0.20 dhcp enable
interface eth0.30 dhcp enable
interface eth0 vlan 1,10,20,30
interface wlan0 mode monitor

ip default-gateway 10.10.10.1
ip name-server 8.8.8.8

The problem is I still can't ping the management IP of genian, Please help on how to properly configure genian in a Trunk environment

Regards,

Jes

score 0 · Answer 4 · 2019-02-06T14:40:44+00:00

Hi Jes,

First, ensure that the trunk port is properly configured. Next make sure that the network sensor is set to host mode to enable vlan visibility.

Let me know if this helps.

4 Answers

Next-Gen NAC

Products

Get Started

Company

Follow Us