cancel
Showing results for 
Search instead for 
Did you mean: 

Active/Discard on Enterasys switches.

Active/Discard on Enterasys switches.

MIS_Support
New Contributor
Active/Discard on Enterasys switches with Policy Manager, has anyone used this and what effects have you had, mine unfortunately haven't been all that great. It is very hit and miss and I think it is probably Windows. My workstations love Active/Default Role with RFC3580 and NPS set to FilterID, Tunnel-Medium-Type,Tunnel-Pvt-Group-ID, and Tunnel-Type. But not using RFC3580 with just the Role Settings and tagging the traffic Windows frown upon. Just looking for any insight.

Thanks,

Floyd
5 REPLIES 5

MIS_Support
New Contributor
Thanks to all parties for your help. And after scouring the many online articles and boy have I read/searched quite a few. These guys in this article below, especially user danstl is very, very, very, similar to my situation except mine is a strictly wired environment. No wireless. Hope this gives better insight into my situation. I'll be fully back in the office January 6th. I'll wait for a call from you guys or call to speak to you Thomas or Gregory. http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/802-1x-with-NPS-and-windows-7-single-sign-on/td-p/54816 Thanks again.

Tom_Currier
Extreme Employee

We're doing a review of the case you have open with the GTAC to further understand the environment and behavior that you're seeing on these systems when in Active/Discard mode. Once we understand all the pieces we should be able to make further recommendations to satisfy your user needs.

The case review is ongoing and we expect to respond tomorrow

MIS_Support
New Contributor
I hope so, I love Enterasys and Policy Manager and Enterasys tech support is awesome. But it is authenticating and shows that BUT it is "flaky" and I don't think it is the fault of the switch but more Windows. As one of the tech guys Ive been working with I think it is a timing problem. Active/Discard is real secure but once I think I got it and go live it is always quite a few users that have problems hence some unhappy users/employees. But for right now I'm using Active/Default which has been pretty solid. But even then I have some users that won't have network drives, Outlook,etc. But I think as the tech pointed out things are "to fast" in authenticating I believe both on the switch/server side. I know I could probably just create a discard VLAN but I want them to be able to "fall back" to the Default vlan just in case the VLAN Assignment screws up. But of course it never happens or stops doing it when I get a tech on the line. So just looking for users that are familiar and or have experience this, I want none domain workstations to not get any access, while still being having a fast and reliable network.

We will definitely keep this going in the community for some other customers thoughts and feedback. In addition, if you have a resolution that comes from working through GTAC, please update the thread just in case others are looking for answers to the same question. Thank you!
GTM-P2G8KFN