We have a NAC appliance system, consisting of one NAC manager and a failover pair of NAC servers. All machines are 3300. It is mostly used to control wireless access to our network with the web login function.
This has worked fine since installation with version 4.1.1, except some Mac and Vista users has had some, for example Safari has users have not been able to log in.
About a week ago I noticed that version 4.1.3 was supposed to fix some problems with some browsers, so I decided to upgrade. I downloaded the cca-upgrade-4.1.3 file from cisco, and uploaded to the manager and servers from the web admin pages. Then I ran the upgrade, first on the manager, then on the servers. Everything seemed to go fine when I checked the logs.
However, after the upgrade users connecting to the net on the unprotected side of the NAC server are not redirected to the login page. Their browser tries to connect to whatever they have as startpage, and then times out.
Machines connected to the protected net get a correct IP, they can look up DNS names, and if they type the name or IP of the login page they get to it, they can login, and then everything works.
I have checked with tcpdump that the first request reaches the active NAC server, but nothing happens. Nothing can be seen in any logs on the server or the manager.
I have checked all the troubleshooting ideas from the manual, the release notes, and the Nac Appliance book, but now I am out of ideas.
Mats L, University West, Sweden