Clean Access Agent can't popup

Unanswered Question
Apr 21st, 2009

Hi, we setup a CAS and CAM in L2 OOB virtuil gateway and the switch is a 3560 using SVI and L3 for routing. We can authenticate using web agent but there is a problem when using a Clean Access agent. I have configured the discovery host using the ip address of the CAM but the login doesn't popup. I changed the discovery host of the ip of the server and tried reinstalling the access agent but login doesn't popup. Do I need to reboot the server when i changed the ip of the discovery host?What do i need to configure on the CAM or CAS?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Mon, 04/27/2009 - 13:04

For L2 or L3 deployments, the Clean Access Agent will pop up on the client if "Popup Login Window" is enabled on the Agent and the Agent detects it is behind the Clean Access Server. If the Agent does not pop up, this indicates it cannot reach the CAS.

To Troubleshoot L2 Deployments:

1. Make sure the client machine can get a correct IP address. Open a command tool (Start > Run > cmd) and type ipfconfig or ipconfig /all to check the client IP address information.

2. If necessary, type ipconfig /release, then ipconfig /renew to reset the DHCP lease for the client.

To Troubleshoot L3 Deployments:

1. Check whether the Discovery Host field is set to the IP address of the CAM itself under Device Management > Clean Access > Clean Access Agent > Installation | Discovery Host. This field must be the address of a device on the trusted side and cannot be the address of the CAS.

2. Uninstall the Clean Access Agent on the client.

3. Change the Discovery Host field to the IP address of the CAM and click Update.

4. Reboot the CAS.

5. Re-download and re-install the Clean Access Agent on the client.

Note The Login option on the Clean Access Agent is correctly disabled (greyed out) in the following cases:

•For OOB deployments, the Agent user is already logged in through the CAS and the client port is on the Access VLAN.

•For multi-hop L3 deployments, Single Sign-On (SSO) has been enabled and the user has already authenticated through the VPN concentrator (therefore is already automatically logged into Cisco NAC Appliance).

•MAC address-based authentication is configured for the machine of this user and therefore no user login is required.

Actions

This Discussion