We have a core switch with FWSM. All the users Default gateway is FWSM.
There is an access switch where the user is connected. The mode of
deployment for NAC is L2 OOB VGW. The switch is added to the Nac. ADSSO is configured on the nac and the service is started. As soon as i restart the PC, it is not able to contact DC while all the ports are opened to DC. No agent Popup appears. It does not show any keys in Kerbtray.
The sequence is
Since the client username and pass has been cached local so it is able to
The client gets an ip address from the DHCP and it is in authentication
vlan which is 110.Now there is no agent coming up unless i do the below
when i do arp -a in cmd it shows me invalid mac address of the Default GW. Now if i add a static mac address on the client PC, Popup immediately
occurs. OR if a do a ping from the FWSM which is the Default GW
then the pop up immediately occurs.
I capture the packet through ethereal and noticed that the client is
sending arp request but it is not receiving any reply. The capture is also attached. Note that 192.168.3.1 is the gateway and 192.168.3.3 is the client.
FWSM version is 3.1(4) working in FO.
What do you suggest ?
I suspect there's something wrong with the config, but would be very tricky to get resolved with the to-and-fro in the forums.
If you're not able to resolve your default gateway's arp, either the mappings aren't working, or you might have the "Enable subnet-based VLAN retag" option on. If both of these things are set and it still doesn't work, I would like to look at the setup live, so please open a TAC case and lets have a TAC engineer peer over your settings.