NAC agent login issue from remote site

szakacsge · ‎04-30-2010

Hi,

We have just deployed a NAC system with CSA. (CSA is not activated yet, but NAC checks the installation of CSA agent on the machines) We have one remote site connecting to the main site through GRE tunnel.

The problem is the following at the remote site:

- If the swithcport is in controlled state and the user logs into the windows domain the PC remains in the AUTH VLAN and then nothing happens.

- If the swithcport is in controlled state and the user logs into the agent locally forexample with the local guest user account then it gets the full access to the network.

The SSO is working fine on the main site, we only having problem on the remote site. I have checked the IP connection, routing is seems to be fine.

What can be the problem?

Thanks,

Gergely

Faisal Sehbai · ‎04-30-2010

Gergely,

Quite a few things could be wrong here. I'd start by verifying that the SNMP strings are all kosher on all sides and ensure that after logging in, the SNMP set from the CAMs are reaching the switch and being treated right.

HTH,

Faisal

szakacsge · ‎05-02-2010

Thanks for the answer, but I dont think that there would be a problem with the SNMP because if I log in to the NAC agent with a NAC local , so no windows domain user I get the corrent VLAN on the switchport and get the full network access.