Dlink DES-1005E switch and 10.8.2

Similar Messages

• Trunk between Cisco Catalyst and DLINK DES-7210

  Hi,
  i would like to configure a Trunk with all VLANs between a Cisco Catalyst 3650 an a DLINK DES-7210.
  On the DLINK is the def. GW via VRRP defined.
  Now i get the following Error:
  %ARP-4-DUPADDR: Duplicate address 172.28.72.1 on interface VLAN 72 port TenGigabitEthernet 5/3, sourced by 24e9.b397.2c34
  This is the Uplink Interface on the Cisco Switch.
  What can cause this?
  here`s the config of the Cisco Port:
  interface TenGigabitEthernet1/1/4
  switchport mode trunk
  switchport nonegotiate
  load-interval 30
  udld port disable
  spanning-tree bpdufilter enable
  end
  sh inter trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Te1/1/4     on               802.1q         trunking      1
  Port        Vlans allowed on trunk
  Te1/1/4     1-4094
  Port        Vlans allowed and active in management domain
  Te1/1/4     1,8,12,16,20-24,32,36,40,44,48,56,64,68,72,76,80,88,92,96,201,211,239-242,244-249,260,264,268,1212,1216,1220,1224,1228,1232,1234,1236,1240,1244,1248,1252,1256,1260,1264,1268
  Port        Vlans in spanning tree forwarding state and not pruned
  Te1/1/4     1,8,12,16,20-24,32,36,40,44,48,56,64,68,72,76,80,88,92,96,201,211,239-242,244-249,260,264,268,1212,1216,1220,1224,1228,1232,1234,1236,1240,1244,1248,1252,1256,1260,1264,1268
  and here is the DLINK Switch:
  interface TenGigabitEthernet 5/3
  switchport mode trunk
  description test
  sh int ten 5/3 trunk
  Interface                Mode   Native VLAN VLAN lists
  TenGigabitEthernet 5/3   On     1           ALL

  Do you have the same IP configured on both switches ?
  Jon

• Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)

  Hello All.
  I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
  Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
  SWPADRAO]display stp root
  MSTID  Root Bridge ID        ExtPathCost IntPathCost Root Port
    0    32768.cc3e-5f3a-2939  0           0
  [SWPADRAO]display stp brief
  MSTID      Port                         Role  STP State     Protection
    0        GigabitEthernet1/0/47        DESI  FORWARDING    NONE
    0        GigabitEthernet1/0/48        DESI  FORWARDING    NONE
  [SWPADRAO]display stp instance 0
  -------[CIST Global Info][Mode RSTP]-------
  CIST Bridge         :32768.cc3e-5f3a-2939
  Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
  CIST Root/ERPC      :32768.cc3e-5f3a-2939 / 0
  CIST RegRoot/IRPC   :32768.cc3e-5f3a-2939 / 0
  CIST RootPortId     :0.0
  BPDU-Protection     :enabled
  Bridge Config-
  Digest-Snooping     :disabled
  TC or TCN received  :17
  Time since last TC  :0 days 0h:1m:52s
  SWNHAM17#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.54db.7200
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Altn BLK 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p
  SWNHAM18#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.0cbc.4300
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Desg FWD 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p

  Hello, David.
  Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible.

• HT5012 I am having difficulty XMIT/REC text messages to family members using Android phones?  I have a 3GB data plan and all switches and buttons are set properly.  Any suggestions?

  I am having difficulty XMIT/REC text messages to family members using Android phones?  I have a 3GB data plan and all switches and buttons are set properly.  Any suggestions?

      Hello APVzW, we absolutely want the best path to resolution. My apologies for multiple attempts of replacing the device. We'd like to verify the order information and see if we can locate the tracking number. Please send a direct message with the order number so we can dive deeper. Here's steps to send a direct message: http://vz.to/1b8XnPy We look forward to hearing from you soon.
  WiltonA_VZW
  VZW Support
  Follow us on twitter @VZWSupport

• How do I use switch and case statements to fill more than one other field?

  Hi all,
  I'm new to the community.
  I'm trying to make an existing form more user friendly for my coworkers. I want to use a switch and case approach in a drop-down list field so that the selection fills two seperate other fields with different info related to the selection.
  I can already do this with one field, but if I add a second target field under an existing case the text doesn't appear there when I make the selection from the dropdown.
  Basically, I'm asking if I can do this:
  switch 
  (sNewSel){
     case "1": // Selection 1    Row2.Field1
  = "text for field 1";
      Row1.Field2 = "text for field 2"; 
      break;
  etc.
  It works if the "row1.field2" option isn't there, but not when it is present.
  Any takers?

  I'm not sure if I will be able to send you the form. There may be too much to redact.
  Would this last bit of code in the cell affect anything?
  if 
  (bEnableTextField)
  {Row2.Field1.access
  = "open"; // enable field
  Row2.Field1.caption.font.fill.color.value= "0,0,0"; // set caption to black
  That is, do I also need to repeat the same thing for the second target cell (Row1.Field2)?
  What would be possible hang ups that would prevent it from working correctly?
  Dave
  By the way, I'm not sure if my other attachment posted. I am trying again.

• Screen has a bluish tint after fast user switching and then warning tone

  Hi all I'm having a bit of a problem that I hope someone can help me with. First the details, I have a MBP bought in late '07 and running Tiger. I was doing full backups using "Backup" and I also had Safari, iTunes, and Word open. I briefly switched to my other account using fast user switching and when I returned to the original account the whole screen had a blue tint to it. Like the color profile was off. This has happened before and a restart usually cures it, I haven't restarted yet but I am fairly certain it will correct the problem this time too. But is there anyway to prevent this? My second question is the one I'm more worried about. It also has happened before but usually when using more CPU intensive applications. When I went to System Preferences and opened up the display preferences in an attempt to correct the previous problem I heard a very loud tone. Like some type of warning tone, it was loud enough that it startled me. I had iTunes playing and after the tone the music got very quiet but relaunching it brought it back to normal. I'm just wondering is this some type of warning tone? Is it something I should be concerned about? Besides the music everything else seemed unaffected, although the previous times that this has happened usually when using handbrake there was noticeable problems after the tone (like applications crashing). All of these problems are gone after the computer is restarted though. Does anyone have any insight on these issues? Thank you.
  -James

  OK I ran TechTool and everything passed except for the volume scan. Then I checked this with Disk Utility and the HD failed for a few minor reasons, like invalid block count. I repaired it using the fsck -fy command in single user mode. The computer seems a little faster now. I don't know if this error is related to the beep in any way, I may try talking to an Apple genius to see if they know. Since it seems like pretty minor errors I'm not too worried about it but it does seem to be happening often. The last time I had this error was when I posted a question here about it which I just checked was on March 1st. So this error happened again after a little more than 2 weeks which seems excessive to me. Any thoughts?

• Email Notifications for Switches and Routers

  Dear All,
  How may I configure switches and routers to send email notifications when link is UP/Down.
  We have Switches - ((C3750-IPBASE-M), Version 12.2(25)SEB4) & Routers - (C2900-UNIVERSALK9-M), Version 15.1(4)M3.
  Thanks in Advance,
  Best Regards,
  Taufeeq.

  You can use EEM scrip to achieve the same. Just check EEM scripting in the community directory for some examples.
  Regards,
  Sathvik 

• How to get "fast user switching" and network shares playing nice

  I've been alternating between banging my head against a wall and reading every forum I could find to try and get a reasonable compromise between using "Fast user switching" and sharing a folder from a file server.  It baffles me how the network share/mount model of OSX/AFP is completely killed by fast-user-switching; this is a big problem with Apple requiring users to be actively logged in to share music/video from iTunes which therefore essentially requires fast-user-switching if anyone else wants to use the computer.  (anyone find it odd that you can share files without being logged in, but sharing songs requires an active login for each user who is sharing?  Apple: time to make iTunes sharing a service!)
  For the sake of example, lets just say I want to share my /Groups folder from my desktop and have it be accessible to my laptop.  Here are all the things that I tried:
  Apple Method 1) Share /Groups in the Server.app on the desktop (running Lion Server), use finder on the laptop and drag the share icon to "Login Items", alternative use a startup Apple script using "mount volume"  Both of the options work and will mount the /Groups folder under /Volumes/Groups, of course when the second person logs in via fast-user-switching (and occasionally the first person for no apparent reason), they will get /Volumes/Groups-1 since /Volumes/Groups is already taken.  Tomorrow we log in a different order and now the previously /Volumes/Groups-1 user has their mount at /Volumes/Group and vice versa.  Any links, aliases, finder sidebar references, and application settings which pointed to yesterday's location are now BROKEN.  Not very user friendly to my mother-in-law who is trying to find those pictures of the kids and doesn't know anything about mount points. I also can't reasonably mirror the file location structure on the desktop so that application preferences that are synced between the two (portable home directories) work.   fail.
  Apple Method 2) Use automounter and set up by hand direct maps for /Groups or an indirect maps for the children of /Groups.  Now it will automatically get mounted to /network/servers/SERVER/Groups/ on the laptop and on the desktop it will automatically create a similar symlink structure so that the same path (/network/servers/SERVER/Groups) work both on desktop and laptop.  Cool.  Except when the second person logs in, the /network/servers/SERVER/Groups/ mountpoint is already owned by the first user and they don't have any permissions to access it.  Fail.
  Apple Method 3) Use mount_afs and specify directly the mount-points.  Have each user have their own startup AppleScript which mounts /Groups to a different location (e.g. /Users/Shared/username/Groups) that way they don't conflict with multiple users.  On the desktop, set up symlinks from /Users/Shared/username/Group to /Groups so that it will be the same as the client and applications settings will work when synchronized back/forth by portable-home-directories.  Will it work, yes it does, but what a bear to maintain.  Is this really what I should expect to do just to have multiple users on my desktop and laptop (which again is essentially required now if I want to do any type of iTunes sharing).  This can't be what apple expects.
  What I ended up doing - the "not quite apple" solution.
  Non-Apple Method 4) After a read of "Autofs: Automatically Mounting Network File Shares in Mac OS X" (http://images.apple.com/business/docs/Autofs.pdf) at the very end there is a single paragraph  of "Kerberized NFS": "A Kerberized NFS mount can have multiple connections from multiple users, each using the correct user’s credentials for each transaction. This allows administrators to support multiple users, each authenticated with their own credentials to the same mount point. This is very different from AFP and SMB mounts," (emphasis mine)
  It appears that by using good 'ole NFS (abeint with Kerberos for security!) you can actually have multiple users on the same mount point.  Roughly following the guidance at https://support.apple.com/kb/TA24986?viewlocale=en_US.  What I needed to do was:
  1) create /etc/exports on my desktop and add a single line "/Groups -sec=krb5".  The existence of /etc/exports triggered a start of nfsd which no longer has any GUI options in Lion.
  2) Add a line to /etc/auto_master on my laptop "/-  auto_mymounts" to reference a new direct map.
  3) Create /etc/auto_mymounts and add a single line "/Groups         SERVER:/Groups" to create the direct map.
  THAT'S IT.  Three lines in three files.
  Now when I log into my laptop, there is a /Groups that is a network mount of my desktop's /Groups, same location AND it works for all of my users, even simultaneously. 
  In the end I'm happy with what I've got, but man was this a difficult path just to support fast-user-switching.  In Lion, Apple appears to be getting away from NFS (no longer turned on by default and remove from the GUI controls) but clearly this really useful functionality which doesn't exist in AFP. 
  I'm really curious, after all this work.  Any other ways to accomplish this?

  In my example above, yes I chose to mount the share "Groups" to the top of the root since that is where I put it on my server and I wanted to keep them similar; but that was just my preference, it isn't a requirement.  You can export and mount from other directories.

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• What are the major differences between a Access Switch and Aggregation Switch w.r.t Carrier Ethernet domain?

  In a Carrier Ethernet domain,Could someone please help me understand what's the basic difference between Access Switch and Aggregation Switch both in terms of s/w and h/w functionalities. MEF deals OAM,CFM, EVC provisioning only at the access edge switches. Do we need to repeat all these at the aggregation level? or  is it just used for routing purpose? Do we have a separate Fault Management at the aggregation level?

  Duplicate posts.  :P
  Go here:  https://supportforums.cisco.com/discussion/12137156/what-are-major-differences-between-access-switch-and-aggregation-switch-wrt

• CiscoWorks user options "device type groups|switch and Hubs"

  Hi,
  We are using CiscoWorks software to deploy new configuration to our network devices.  Because our environnement is mixed about version of network devices we have to create a new netconfig job for each device model, because in some plate-forme configuration option, syntax maybe different of each other.
  When I create a new netconfig job with my username under "device type groups|switch and Hubs" I have a list there of all plate-forme we have in our production environnement managed by CiscoWorks software.  I know thoses group was'nt define by on of us and thoses are define by default in CiscoWorks software, but they are hiden by default per user basic.
  We have a new one in our team, I had created his user name and password, but I can find the option where I can asked to make visible to him plate-form device type group as I have in my user configuration.
  Also, is it possible to copy private define group to an other user without to make thoses as public ?
  Thanks a lot !

  Here,
  is a view of what I have with my user
  but in his profile he is only see
  Device type Groups
       + Routers
       + Switches and Hubs
       + Wireless
  if he clic on the plus sing to develop group "Switches and Hubs" he see all switches and hub managed by CiscoWorks software.  I know He did not create Cisco Catalyst 2912 XL Switch and Cisco Catalyst 2924 XL Switch group in my profile.  I know we have to modify an option in CiscoWorks per user basic to view those group, the person who where that option should be modifiy is currently in vacation, but he will need that option enable before our specialist will be back !
  Thanks a lot !

• Home setup - network switch and 2 Time Capsules

  I have an ADSL modem/router (Billion BIPAC 5200G). I have used it previously with wireless turned off. I then used a time capsule  in bridge mode so that NAT etc is turned off, and then use it to broadcast wifi and as a backup. It is attached to the modern with ethernet. It worked fine.
  I am now in a house with a lot of ethernet ports, linked to a massive hub thing. But it needs a switch to link it all together.
  So I am thinking of this setup:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  NETWORK SWITCH
  to
  VARIOUS ethernet enabled devices in different rooms (i.e. printers, Apple TV, TV, Time capsule)
  Then I want to use my 2nd time capsule to extend my ground floor network by plugging it in essentially directly into the time capsule via ethernet in roaming mode.
  Is this the optimal setup for this? My other idea was to forgo the network switch and do it this way:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  VARIOUS ethernet enabled devices INCLUDING the TIME CAPSULE and PRINTER.
  then:
  To the TIME CAPSULE:
  to
  VARIOUS ethernet enabled devices INCLUDING Imac, Apple TV and another TIME CAPSULE in roaming mode.
  My main questions are: which setup will give me better speeds to all devices. Ie: is the switch even necessary? In my 2nd example, will the first time capsule and printer be available to the Imac.
  There seems to be no real advantage to having the TIME CAPSULE in router mode while keeping the BILLION ROUTER as a pass through with NAT off (To avoid Double NAT) except for the guest network capabilities.
  If its just simpler to have the network switch, then perhaps that's the way to go. If so: any suggestions on network switches that work well?

  It doesn't allow me to select ethernet as an option for internet connection, only dchp, ppoe and one more which isn't ethernet.
  DHCP is correct setting. .it will use ethernet but the new AC TC has problems.. it needs a crossover cable with some switches. Or you need to return it and get it replaced as there is something wrong with its wan port.. the new AC model needs a hardware revision and about 3 or 4 firmware upgrades before it hits the status of the Gen4 it replaced.
  My questions are: should I connect my time capsules together directly with ethernet using another available port in my new time capsule. I thought my switch would work better. Also, does one time capsule have to be in router mode instead of having both of them in bridge.
  Both should be in bridge.. but you can rearrange things to see if any of the other devices works better.
  You can use the billion or the old TC.. plug the new TC into those.
  Bob is correct though.. the switch is the correct thing for everything to be plugged into .. but in home situation what works is more important than what is best. It if fails in all of them then the WAN port is proven faulty.
  Should I be able to use the hdd on the 2nd (older) time machine as essentially a networked hdd for putting movies and music on, and use my new time capsule as the sole backup (occurring both over ethernet for my iMac and wifi for our laptops)
  Yes, that is ok.. you just need to get the AC version TC actually working properly.
  Give us a few screenshots of things.. that really helps to see.
  Click on each unit and show the summary pages.

• Switch and Broadcast filtering

  I read this article in the cisco curriculum, but I did not understand it well :
  " Occasionally, a device will malfunction and continually send out broadcast frames, which are copied around the network. This is called a broadcast storm and it can significantly reduce network performance.
  A switch that can filter broadcast frames makes a broadcast storm less harmful.
  Today, switches are also able to filter according to the network-layer protocol. This blurs the demarcation between switches and routers. A router operates on the network layer using a routing protocol to direct traffic around the network. A switch that implements advanced filtering techniques is usually called a brouter. Brouters filter by looking at network layer information but they do not use a routing protocol ".
  Can the switch filter the broadcast ? Yes, it can,,,,as Cisco says :"This filtering is achieved through the implementation of virtual local-area networks or VLANs ".,,,,,Is there any other type of filtering ?
  What is the main difference between router and brouter

  hi
  if u would like to control the broadcast and multicast storms you can refer the link for configuring the storm control for both broadcast and multicast.
  you can define up the values and shut the port if it exceeds the threshold limit..
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hif_r/int_s4h.htm#wp1229258
  About the difference between a router and a Brouter afaik BROUTER u use in most of the SP network where you got customers in either DSL or Metro ethernet network where you will have the aggregation of the whole network traffic and from where it will be forwarded to upstream.
  It depends on the ios code too which is available to serve the purpose for the same..
  you got to have something like 7200 or 7300 in place to serve your purpose of brouter.
  regds

• Problems with SRW224G4 switch and Bridged Network Cards

  Hello,
  We have recently installed a SRW224G4 switch and have discovered that when we plug our DELL PowerEdge 2900 server into the switch, the switch loses all network connectivity and all of the LED's on the switch start flashing.
  The server works perfectly well plugged into another switch, but as soon as we introduce the SRW224G4 into the network, either with the server plugged into that switch or any other, the problem re-occurs.
  The only way we found we could eliminate this issue was if we disabled the Bridged Network connection on the two network cards on the server. If we do that, everything is fine, except the network performance of the server has dropped significantly.
  The server is plugged into the 1GB ports on the switch, although we tried it on the 100MB ports and received the same problems. The switch reports that the ports are running at full-duplex.
  Has anyone noticed this behavior before, and more importantly been able to rectify it.
  Thanks in advance for your assistance,
  Paul

  I had this problem as well with any Linksys 2024 or rackmountable switch..  The trick is, you need to use the network cards management software to "team" or bridged the 2 NIC's otherwise the switch detects a loop and the whole thing locks up. So lame...  Windows built in bridge mode stinks dont use it.  When you use the Intel management software or Dell or HP's NIc management software you have the option to actually choose "redundant mode" where you can pick a Nic to be the primary, or you can choose Load Balancing where you can essentially double your throughput by joining the 2 nics.
  In Windows 2008 Server, you actually do this by going to the Properties on the NIC in  Device Manger.  the software controls are now built right into the driver.  pretty neat.  2003 you can check Device Manager the same way but not sure if it's the same as 2008, you might need to run the actual NIC management app.
  Hope this helps
  fdigi 

• Not Working-central web-authentication with a switch and Identity Service Engine

  on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
  I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
  The interface configuration looks like this:
  interface FastEthernet0/24
  switchport access vlan 6
  switchport mode access
  switchport voice vlan 20
  ip access-group webauth in
  authentication event fail action next-method
  authentication event server dead action authorize
  authentication event server alive action reinitialize
  authentication order mab
  authentication priority mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  spanning-tree portfast
  end
  The ACL's
  Extended IP access list webauth
      10 permit ip any any
  Extended IP access list redirect
      10 deny ip any host 172.22.2.38
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  The ISE side configuration I follow it step by step...
  When I conect the XP client, e see the following Autenthication session...
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
             Interface:  FastEthernet0/24
            MAC Address:  0015.c549.5c99
             IP Address:  172.22.3.184
              User-Name:  00-15-C5-49-5C-99
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  single-host
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
       URL Redirect ACL:  redirect
           URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC16011F000000490AC1A9E2
        Acct Session ID:  0x00000077
                 Handle:  0xB7000049
  Runnable methods list:
         Method   State
         mab      Authc Success
  But there is no redirection, and I get the the following message on switch console:
  756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
  756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  I have to mention I'm using an http proxy on port 8080...
  Any Ideas on what is going wrong?
  Regards
  Nuno

  OK, so I upgraded the IOS to version
  SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
  I tweak with ACL's to the following:
  Extended IP access list redirect
      10 permit ip any any (13 matches)
  and created a DACL that is downloaded along with the authentication
  Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
      10 permit ip any any
  I can see the epm session
  swlx0x0x#show epm session ip 172.22.3.74
       Admission feature:  DOT1X
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
  And authentication
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
       Interface:  FastEthernet0/24
       MAC Address:  0015.c549.5c99
       IP Address:  172.22.3.74
       User-Name:  00-15-C5-49-5C-99
       Status:  Authz Success
       Domain:  DATA
       Oper host mode:  multi-auth
       Oper control dir:  both
       Authorized By:  Authentication Server
       Vlan Group:  N/A
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
       Session timeout:  N/A
       Idle timeout:  N/A
       Common Session ID:  AC16011F000000160042BD98
       Acct Session ID:  0x0000001B
       Handle:  0x90000016
       Runnable methods list:
       Method   State
       mab      Authc Success
  on the logging, I get the following messages...
  017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
  017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
  017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
  017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
  017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
  017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
  What I'm I missing?