NAC client connectivity problems

Unanswered Question
Oct 8th, 2008
User Badges:

Dear Support,

We have Cisco CAM & CAS that is deployed for OOBVG mode when connecting the client machine and trying get web access the client is already in the authentication vlan due to switch management port profile settings but the client cannot get an ip address through dhcp so is there any configuration to be done on the switchs or core to enforce authentication vlan to be directed to the access vlan as i configured the port profiles and vlan mapping and managed subnets what can i check to get the correct access connectivity

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Tue, 10/14/2008 - 06:59
User Badges:
  • Bronze, 100 points or more

For In-Band clients and Out-of-Band clients which are still assigned to the Authentication VLAN, the Clean Access Agent uses SWISS discovery packets to verify connectivity with the CAS. Once a client machine is on the out-of-band network and no longer communicates directly with the CAS, additional configuration is required for the client to determine whether it is still on the Access VLAN or moved to the Authentication VLAN.To ensure OOB users are able to maintain network connection when the Cisco NAC Appliance administrator is forced to "kick" users out (and move the session back to the Authentication VLAN), you can configure the Cisco NAC Appliance system to have the Clean Access Agent renew the IP address via DHCP release/renew.

drienties Wed, 10/15/2008 - 06:13
User Badges:

Did you configure DHCP relay mode for the CAS?

Device Management > CCA Servers > List of Servers > manage(your cas) > DHCP

for more information on this, refer to the "CAS installation and configuration guide"(page 126)

ahmedelfeki Wed, 10/15/2008 - 09:34
User Badges:

Dear Drienties;

for virtual gateway mode dhcp is passthrough.


This Discussion