Active/Discard on Enterasys switches.

  • 0
  • 1
  • Problem
  • Updated 4 years ago
  • Solved
Active/Discard on Enterasys switches with Policy Manager, has anyone used this and what effects have you had, mine unfortunately haven't been all that great. It is very hit and miss and I think it is probably Windows. My workstations love Active/Default Role with RFC3580 and NPS set to FilterID, Tunnel-Medium-Type,Tunnel-Pvt-Group-ID, and Tunnel-Type. But not using RFC3580 with just the Role Settings and tagging the traffic Windows frown upon. Just looking for any insight.

Thanks,

Floyd
Photo of MIS Support

MIS Support

  • 112 Points 100 badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of Tamera Rousseau-Vesta

Tamera Rousseau-Vesta, Extreme Alumna

  • 2,760 Points 2k badge 2x thumb
We have many customers that have insights on Policy Manager and I hope you have some responses soon.  This is a great question that I am sure many would see huge value in getting some guidance.  Thanks for asking!
Photo of MIS Support

MIS Support

  • 112 Points 100 badge 2x thumb
I hope so, I love Enterasys and Policy Manager and Enterasys tech support is awesome. But it is authenticating and shows that BUT it is "flaky" and I don't think it is the fault of the switch but more Windows. As one of the tech guys Ive been working with I think it is a timing problem. Active/Discard is real secure but once I think I got it and go live it is always quite a few users that have problems hence some unhappy users/employees. But for right now I'm using Active/Default which has been pretty solid. But even then I have some users that won't have network drives, Outlook,etc. But I think as the tech pointed out things are "to fast" in authenticating I believe both on the switch/server side. I know I could probably just create a discard VLAN but I want them to be able to "fall back" to the Default vlan just in case the VLAN Assignment screws up. But of course it never happens or stops doing it when I get a tech on the line. So just looking for users that are familiar and or have experience this, I want none domain workstations to not get any access, while still being having a fast and reliable network.
Photo of Tamera Rousseau-Vesta

Tamera Rousseau-Vesta, Extreme Alumna

  • 2,760 Points 2k badge 2x thumb
We will definitely keep this going in the community for some other customers thoughts and feedback.  In addition, if you have a resolution that comes from working through GTAC, please update the thread just in case others are looking for answers to the same question.  Thank you!
Photo of Tom Currier

Tom Currier, Employee

  • 720 Points 500 badge 2x thumb

We're doing a review of the case you have open with the GTAC to further understand the environment and behavior that you're seeing on these systems when in Active/Discard mode.  Once we understand all the pieces we should be able to make further recommendations to satisfy your user needs.

The case review is ongoing and we expect to respond tomorrow

Photo of MIS Support

MIS Support

  • 112 Points 100 badge 2x thumb
Thanks to all parties for your help. And after scouring the many online articles and boy have I read/searched quite a few. These guys in this article below, especially user danstl is very, very, very, similar to my situation except mine is a strictly wired environment. No wireless. Hope this gives better insight into my situation. I'll be fully back in the office January 6th. I'll wait for a call from you guys or call to speak to you Thomas or Gregory.
http://community.arubanetworks.com/t5...

Thanks again.

This conversation is no longer open for comments or replies.