Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1439
Views
0
Helpful
1
Replies

Clean Access Agent can't popup

jay.tolentino
Level 1
Level 1

‎04-21-2009 02:08 AM - edited ‎03-09-2019 10:14 PM

Hi, we setup a CAS and CAM in L2 OOB virtuil gateway and the switch is a 3560 using SVI and L3 for routing. We can authenticate using web agent but there is a problem when using a Clean Access agent. I have configured the discovery host using the ip address of the CAM but the login doesn't popup. I changed the discovery host of the ip of the server and tried reinstalling the access agent but login doesn't popup. Do I need to reboot the server when i changed the ip of the discovery host?What do i need to configure on the CAM or CAS?

Labels:
0 Helpful
1 Reply 1

vmoopeung
Level 5
Level 5

‎04-27-2009 01:04 PM

For L2 or L3 deployments, the Clean Access Agent will pop up on the client if "Popup Login Window" is enabled on the Agent and the Agent detects it is behind the Clean Access Server. If the Agent does not pop up, this indicates it cannot reach the CAS.

To Troubleshoot L2 Deployments:

1. Make sure the client machine can get a correct IP address. Open a command tool (Start > Run > cmd) and type ipfconfig or ipconfig /all to check the client IP address information.

2. If necessary, type ipconfig /release, then ipconfig /renew to reset the DHCP lease for the client.

To Troubleshoot L3 Deployments:

1. Check whether the Discovery Host field is set to the IP address of the CAM itself under Device Management > Clean Access > Clean Access Agent > Installation | Discovery Host. This field must be the address of a device on the trusted side and cannot be the address of the CAS.

2. Uninstall the Clean Access Agent on the client.

3. Change the Discovery Host field to the IP address of the CAM and click Update.

4. Reboot the CAS.

5. Re-download and re-install the Clean Access Agent on the client.

Note The Login option on the Clean Access Agent is correctly disabled (greyed out) in the following cases:

•For OOB deployments, the Agent user is already logged in through the CAS and the client port is on the Access VLAN.

•For multi-hop L3 deployments, Single Sign-On (SSO) has been enabled and the user has already authenticated through the VPN concentrator (therefore is already automatically logged into Cisco NAC Appliance).

•MAC address-based authentication is configured for the machine of this user and therefore no user login is required.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents