NAC controlled port don't return to authentication vlan

Unanswered Question
Jul 19th, 2010

Hi All,

I have NAC version 4.7.1 and i have implmented it as out of band virtual gateway and when i make the port NAC controlled and try to test it works properly but when i remove the pc from the port, the port doesn't go back to authentication vlan.

if i put the same pc in another NAC controlled port it doesn't require authentication and it changes itself directly to authenticated.

the port remains authenticated until i clear the certified list.

can anyone help me to make nac change the port to unauthenticated once i remove the port.

Best regards,

Ayman Yehia

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Faisal Sehbai Tue, 07/20/2010 - 08:13


Please post your port profile settings, your snmp settings, a show runn from your switch and a show ver from your switch. Also if you have a network diagram that'll help.


joeharb Wed, 07/21/2010 - 08:15

From what I understood there was a bug that wouldn't allow this to occur but it was resolved in version 4.7.X.  You may want to check the BUG toolkit.



ayman emara Tue, 07/27/2010 - 01:47

hi all ,

have anybody reached a way for this case

Best Regards,

Ayman yehia

joeharb Tue, 07/27/2010 - 07:04

We are currently running 4.7.1 and we are not experiencing this issue.  What version are you running?



Faisal Sehbai Wed, 07/28/2010 - 21:16


Sorry for the delay. Two things to check here. First, are you able to control the switch from your CAM successfully? In other words can you set the initial vlans successfully?

Second, what are you using for your switches? MAC-Notifications or Linkup-Linkdown notifications? Can you check the CAM logs as to what shows up there when you put a new PC in an authenticated port? Does it get a trap? What does it do with that trap?

Post your CAM logs with such an attempt where it didn't work, along with the MAC and IP information of the client. Also post the screen shots of your CAS configuration, specifically the managed subnet page, vlan mapping page, and network information page.



ayman emara Mon, 08/23/2010 - 04:51

Hi faisal,

Sorry for not answering for this long period.

i have managed to make the NAC work but their are some hints i don't have explanation of.

as you told me before to check if the NAC can manage the switches(no it can't) and i don't know why.

second thing if i put MAC address in the filter to be ignored it is not ignored untill i configure its port manually in the trusted Vlan.

for your switches i use  MAC-Notifications, Linkup and Linkdown notifications.

can i solve these issues as i support this site and i can't reach this site as it is far away from me and i shall make a visit to fulfill those requirements.


Ayman Yehia


This Discussion