I am having a strange issue with a L3 IB VG install. When using either the client or the web login I can log in with local or AD credentials and I see the user logged in on the CAM. The client gives a timeout message after a couple minutes and the web login just never completes.
The user is logged in according to the CAM. So, I do a continuous ping to an address that is allowed for the role of the logged in the user. The device being pinged sees the icmp packet and responds, the device that logged in to NAC does not get the reply. After 6 minutes the client machine that logged in to NAC will start getting the icmp reply packets.
So there must be a breakdown in communications somewhere and some kind of timer that lets the traffic pass after 6 minutes, but I just don't know where to look at this point.