Cant connect NAC Server(CAS) to the Network

Unanswered Question
Oct 5th, 2009
User Badges:

Hello there! I'm stuck and need your help please.

I have installed NAC Server (ver 4.5(1). I'm deploying OOB VG. I've connected both CAS and CAM on a 6506 Cisco switch. My problem is that i can reach the CAM but cant reach the CAS.

Below are some configs:



Gateway :


[[email protected]-CAS01 ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:1C:C4:10:E8:06

inet addr: Bcast: Mask:


RX packets:3064 errors:0 dropped:0 overruns:0 frame:0

TX packets:1459 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:326115 (318.4 KiB) TX bytes:93376 (91.1 KiB)


[[email protected]-CAS01 ~]# netstat -rn

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface U 0 0 0 fake0 U 0 0 0 fake1 UG 0 0 0 fake0

[[email protected]-CAS01 ~]# ping

PING ( 56(84) bytes of data.

64 bytes from icmp_seq=1 ttl=64 time=0.011 ms

64 bytes from icmp_seq=2 ttl=64 time=0.010 ms

64 bytes from icmp_seq=3 ttl=64 time=0.012 ms

But cant ping

[[email protected]-CAS01 ~]# tracepath

1: xx-CAS01 ( 0.089ms pmtu 1500

1: no reply

2: no reply

ON the Cisco switch

interface GigabitEthernet1/42

description NAC Server Eth0 - Trusted Interface


switchport trunk encapsulation dot1q

switchport trunk native vlan 998

switchport trunk allowed vlan 100,101

switchport mode trunk

GigabitEthernet1/42 is up, line protocol is up (connected)

Hardware is C6k 1000Mb 802.3, address is 0023.334e.c169 (bia 0023.334e.c169)

Description: NAC Server Eth0 - Trusted Interface

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT

input flow-control is off, output flow-control is off

Clock mode is auto

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:50, output hang never

Last clearing of "show interface" counters never

Input queue: 0/2000/44/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 1000 bits/sec, 3 packets/sec

5 minute output rate 13000 bits/sec, 20 packets/sec

720426 packets input, 46358725 bytes, 0 no buffer

Received 716545 broadcasts (0 multicasts)

0 runts, 0 giants, 0 throttles

4 input errors, 0 CRC, 0 frame, 40 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

5564875 packets output, 462967399 bytes, 0 underruns

0 output errors, 0 collisions, 3 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 0 percent (0/5)

interface Vlan101

description NAC SERVER

ip address

interface Vlan100

description NAC-MANAGER

ip address

Please assist.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
IT_Data_CorporateNet Tue, 10/06/2009 - 11:53
User Badges:

I manage to resolve the problem. It was a routing problem on my 6500 switch. The server subnet was being routed somewhere else.

pszczola1 Thu, 10/08/2009 - 07:39
User Badges:


Please note that in VG mode both CAS interfaces have the same IP with VLAN mapping enabled in CAS.

There was a very good Power Point Presentation on Cisco website by Alok Agrawal once upon the time. Don't have a link, but it was cisco NAc Appliance Chalktalk series, maybe you can still find it.

hope it helps a little bit



This Discussion