NAC certified list is empty

Unanswered Question
Jun 2nd, 2008
User Badges:

I have a Out of Band NAC deployment in a test sandbox network. I have set up a basic check for Symantec Antivirus 10.0 and current definitions using the Clean Access agent. My switch configuration is correct, authentication works properly and by looking at the report that is generated by the Clean Access agent on my test machine, I can see that the machine is passing posture validation. I am also having the Clean Access agent itself tell me that I have successfully logged into the network. However, the device is not showing up in the certified list, so therefore the machine never gets put into the Access VLAN (I can tell this from looking at the ports configuration on the switch from the CAM) Because it never gets put in the Access VLAN, the Agent just keps popping back up asking me to login even though I have successfully logged in.

Does anyone have any experience with why a device would not show up in the certified device list even though the Clean Access Agent tells me the device has passed posture validation?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gojericho0 Mon, 06/02/2008 - 18:01
User Badges:
  • Bronze, 100 points or more

If you are using in a L3 deployment, make sure that you have a discovery host IP. This should be the address of CAM or CAM cluster.

To find out right click on CCA and select properties.

gojericho0 Tue, 06/03/2008 - 04:21
User Badges:
  • Bronze, 100 points or more

Can you see snmp messages in the syslog of the switch showing the the CAM is trying to communicate via SNMP?

In your port profile, do the access\authentication VLANs match up with the switch settings?

Under Options: Device Connected to Port in bounce the port after VLAN being changed checked?


This Discussion