Clean Access L3 OOB Timeout Configuration

Unanswered Question
Mar 7th, 2007
User Badges:
  • Bronze, 100 points or more

Hey All,

Thanks for the help so far with Clean Access. We are up and running L3 OOB w/ ACLs in our test environment and all is working as expected. I have a question that doesn't seem to have been posed yet. I want to create a rule that will kick a user off of their user VLAN after being logged in for X number of hours. Our policy states workstations are to remain off, but that rarely happens and these workstations should be placed back into the auth VLAN if they are not powered off. I've attempted to set the timeout setting on the CAM, but this did not cause the user to be moved back to the auth VLAN. In a L3 OOB multi-hop deployment, how can this be achieved?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ishah Thu, 03/22/2007 - 16:45
User Badges:

Check out the manuals.

What most people do is clear the certified device list at say 02.00am in the morning so the next day, posture assessment can occur again. It's one of the trade-offs for doing L300B. There are kick user commands and scripts you can crete and run.

Cisco are looking into ways of clearing certified users on logout but this is not committed yet.


This Discussion