NAC controlled port don't return to authentication vlan

ayman emara · ‎07-19-2010

Hi All,

I have NAC version 4.7.1 and i have implmented it as out of band virtual gateway and when i make the port NAC controlled and try to test it works properly but when i remove the pc from the port, the port doesn't go back to authentication vlan.

if i put the same pc in another NAC controlled port it doesn't require authentication and it changes itself directly to authenticated.

the port remains authenticated until i clear the certified list.

can anyone help me to make nac change the port to unauthenticated once i remove the port.

Best regards,

Ayman Yehia

ayman emara · ‎07-19-2010

hi all,

sorry NAC version is 4.1

Besr Regards,

Ayman Yehia

Faisal Sehbai · ‎07-20-2010

Ayman,

Please post your port profile settings, your snmp settings, a show runn from your switch and a show ver from your switch. Also if you have a network diagram that'll help.

Faisal

joeharb · ‎07-21-2010

From what I understood there was a bug that wouldn't allow this to occur but it was resolved in version 4.7.X. You may want to check the BUG toolkit.

Thanks,

Joe

ayman emara · ‎07-22-2010

hi faisal,

Kindly find the attached port profile settings, your snmp settings, switches configuration and show version for the switch.

Ayman Yehia

ayman emara · ‎07-22-2010

core config attached also

Ayman

ayman emara · ‎07-27-2010

hi all ,

have anybody reached a way for this case

Best Regards,

Ayman yehia

joeharb · ‎07-27-2010

We are currently running 4.7.1 and we are not experiencing this issue. What version are you running?

Thanks,

Joe

ayman emara · ‎07-27-2010

Hi joe,

my version i use is 4.1.2.1

Best Regards,

Ayman Yehia

Faisal Sehbai · ‎07-28-2010

Ayman,

Sorry for the delay. Two things to check here. First, are you able to control the switch from your CAM successfully? In other words can you set the initial vlans successfully?

Second, what are you using for your switches? MAC-Notifications or Linkup-Linkdown notifications? Can you check the CAM logs as to what shows up there when you put a new PC in an authenticated port? Does it get a trap? What does it do with that trap?

Post your CAM logs with such an attempt where it didn't work, along with the MAC and IP information of the client. Also post the screen shots of your CAS configuration, specifically the managed subnet page, vlan mapping page, and network information page.

Thanks

Faisal

ayman emara · ‎08-23-2010

Hi faisal,

Sorry for not answering for this long period.

i have managed to make the NAC work but their are some hints i don't have explanation of.

as you told me before to check if the NAC can manage the switches(no it can't) and i don't know why.

second thing if i put MAC address in the filter to be ignored it is not ignored untill i configure its port manually in the trusted Vlan.

for your switches i use MAC-Notifications, Linkup and Linkdown notifications.

can i solve these issues as i support this site and i can't reach this site as it is far away from me and i shall make a visit to fulfill those requirements.

Thanks

Ayman Yehia