NAC 4.8 adding cas to cam issue

Answered Question
Mar 9th, 2012

Hello all,

I've been thrown a half done NAC installation and this being my first nac deployment, I am feeling a bit overwhelmed.

I've read the installation guide for the appliances back to front, but I am encountering an issue after adding a cas to the cam.

I am able to add the cas to the cam successfully, but almost immediately, the cas and cam can no longer ping each other from the cli.

the event logs states that the cas in connected to the cam, but then logs a error that the cam is unable to push the registration page to the cas. from this point I get several event log issues stating that the cas is out of sync

I've copied out a part of the nac_manager.log that show's the connection process:

2012-03-09 22:33:06.037 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartServer       - SSS - connect : get new connectorClient for 10.0.0.100

2012-03-09 22:33:36.433 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartManager      - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart

2012-03-09 22:33:38.434 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartManager      - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart

2012-03-09 22:33:40.436 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartManager      - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart

2012-03-09 22:33:42.438 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartManager      - SSM - addSecureSmartServer : Click state STOPPED

2012-03-09 22:33:42.617 +1100 [TP-Processor24] WARN  com.perfigo.wlan.web.admin.SecureSmartPublisher    - NAC server 10.0.0.100 is out-of-sync.

2012-03-09 22:33:42.702 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.FilePublisher           - FilePublisher - write:setPath failed ...

2012-03-09 22:33:42.793 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.FilePublisher           - FilePublisher - write:setPath failed ...

2012-03-09 22:33:42.833 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher    - SSM publishAccess: Unable to publish guest registration page

2012-03-09 22:33:42.872 +1100 [TP-Processor24] INFO  com.perfigo.wlan.jmx.admin.FileUtil                - FileUtil - readFile : /perfigo/control/conf/os-detection.fp

2012-03-09 22:33:42.887 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.AccessConf              - Failed to enable ETH1 on 10.0.0.100

2012-03-09 22:33:42.888 +1100 [TP-Processor24] ERROR c.perfigo.wlan.web.admin.AdminIpAccessInfoManager  - AIAIM - publishAccess : failed

2012-03-09 22:33:42.888 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.ServerConf              - SC - stopOobSWissServer()

2012-03-09 22:33:42.905 +1100 [TP-Processor24] INFO  com.perfigo.wlan.web.admin.SecureSmartManager      - 10.0.0.100 added to Clean Access Manager

2012-03-09 22:33:46.922 +1100 [pool-1-thread-1] ERROR com.perfigo.wlan.web.admin.ConnectorClient         - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:

java.net.SocketTimeoutException: connect timed out

2012-03-09 22:33:46.922 +1100 [pool-1-thread-1] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher    - SSP - connectAndPublish: Could not connect to 10.0.0.100

2012-03-09 22:34:01.614 +1100 [pool-1-thread-2] ERROR com.perfigo.wlan.web.admin.ConnectorClient         - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:

java.net.SocketTimeoutException: connect timed out

2012-03-09 22:34:01.615 +1100 [pool-1-thread-2] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher    - SSP - connectAndPublish: Could not connect to 10.0.0.100

2012-03-09 22:34:01.627 +1100 [pool-1-thread-2] WARN  com.perfigo.wlan.web.admin.SecureSmartPublisher    - NAC server 10.0.0.100 is out-of-sync.

2012-03-09 22:34:05.628 +1100 [TP-Processor19] ERROR com.perfigo.wlan.web.admin.ConnectorClient         - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:

java.net.SocketTimeoutException: connect timed out

2012-03-09 22:34:20.618 +1100 [pool-1-thread-3] ERROR com.perfigo.wlan.web.admin.ConnectorClient         - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:

java.net.SocketTimeoutException: connect timed out

I've followed all the installation guides recommendation of disconnecting the untrust interface on the CAS and there is no HA setup presently...

What I don't understand is the cas and cams inability to ping each other but they can ping other devices on the network. The cas and the cam are in different vlans.

Any assistant from a NAC guru would be greatly appreciated.

Thanks

JS

I have this problem too.
0 votes
Correct Answer by khurram-noor about 1 year 8 months ago

Thanks a lot man...you saved my day

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
James.S.Smith Wed, 03/14/2012 - 00:13

Hi All,

Not that there was a ton of help, but I got it sorted myself. Turned out that I needed to tag the management vlan on the eth0 interface.

The cisco NAC appliance hardware document is pretty vague around this setting, but it turns out I had to tag the management vlan on that port to allow the CAS to connect to the CAM.

Now to try to workout why a simple layer 2 connection between the two eth2 interface on my CAS servers for the heartbeats isn't communicating....any ideas of this.....anyone?

JS

Actions

Login or Register to take actions

This Discussion

Posted March 9, 2012 at 5:53 AM
Stats:
Replies:2 Avg. Rating:5
Views:888 Votes:0
Shares:0
Tags: cas, nac, access, cam, clean, cca
+

Related Content

Discussions Leaderboard