NAC controlled port don't return to authentication vlan

Unanswered Question
Jul 19th, 2010
User Badges:

Hi All,


I have NAC version 4.7.1 and i have implmented it as out of band virtual gateway and when i make the port NAC controlled and try to test it works properly but when i remove the pc from the port, the port doesn't go back to authentication vlan.


if i put the same pc in another NAC controlled port it doesn't require authentication and it changes itself directly to authenticated.


the port remains authenticated until i clear the certified list.


can anyone help me to make nac change the port to unauthenticated once i remove the port.



Best regards,


Ayman Yehia

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ayman emara Mon, 07/19/2010 - 23:13
User Badges:

hi all,


sorry NAC version is 4.1


Besr Regards,


Ayman Yehia

Faisal Sehbai Tue, 07/20/2010 - 08:13
User Badges:
  • Gold, 750 points or more

Ayman,


Please post your port profile settings, your snmp settings, a show runn from your switch and a show ver from your switch. Also if you have a network diagram that'll help.


Faisal

joeharb Wed, 07/21/2010 - 08:15
User Badges:

From what I understood there was a bug that wouldn't allow this to occur but it was resolved in version 4.7.X.  You may want to check the BUG toolkit.


Thanks,


Joe

ayman emara Thu, 07/22/2010 - 04:50
User Badges:

hi faisal,


Kindly find the attached port profile settings, your snmp settings, switches configuration and show version for the switch.



Ayman Yehia

ayman emara Tue, 07/27/2010 - 01:47
User Badges:

hi all ,



have anybody reached a way for this case


Best Regards,


Ayman yehia

joeharb Tue, 07/27/2010 - 07:04
User Badges:

We are currently running 4.7.1 and we are not experiencing this issue.  What version are you running?


Thanks,


Joe

ayman emara Tue, 07/27/2010 - 07:40
User Badges:

Hi joe,


my version i use is 4.1.2.1



Best Regards,


Ayman Yehia

Faisal Sehbai Wed, 07/28/2010 - 21:16
User Badges:
  • Gold, 750 points or more

Ayman,


Sorry for the delay. Two things to check here. First, are you able to control the switch from your CAM successfully? In other words can you set the initial vlans successfully?


Second, what are you using for your switches? MAC-Notifications or Linkup-Linkdown notifications? Can you check the CAM logs as to what shows up there when you put a new PC in an authenticated port? Does it get a trap? What does it do with that trap?


Post your CAM logs with such an attempt where it didn't work, along with the MAC and IP information of the client. Also post the screen shots of your CAS configuration, specifically the managed subnet page, vlan mapping page, and network information page.


Thanks

Faisal

ayman emara Mon, 08/23/2010 - 04:51
User Badges:

Hi faisal,


Sorry for not answering for this long period.


i have managed to make the NAC work but their are some hints i don't have explanation of.


as you told me before to check if the NAC can manage the switches(no it can't) and i don't know why.


second thing if i put MAC address in the filter to be ignored it is not ignored untill i configure its port manually in the trusted Vlan.


for your switches i use  MAC-Notifications, Linkup and Linkdown notifications.


can i solve these issues as i support this site and i can't reach this site as it is far away from me and i shall make a visit to fulfill those requirements.



Thanks


Ayman Yehia

Actions

This Discussion