Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSSC fixed some stuff but broke a big thing

Hi All,

We use Cisco Secure Services Client, we are currently using 4.2, 4.051 and 4.2.1. We found that going from 4.051 to 4.2 really fixed a lot of issues but it broke one major option.

Going from 4.051 to 4.2 or 4.2.1 the client does not allow the computer to access the guest or auth-fail vlans prelogin. This is an issue in an environment that runs updates while the computer sits at the login screen. With 4.051 after a few seconds the computer would pop onto the guest vlan, if a user logged in it would pop them off the guest vlan and then onto the vlan they should be on.

So the question is can 4.2 and 4.2.1 be configured to allow access to the guest or auth-fail vlans prior to login or is this a hard coded issue?

I have already tried setting the login to machine/user thinking the machine would attempt login and knock it onto the auth fail vlan, which seems but now the regular user login doesn't work.

Thanks

2 REPLIES
New Member

Re: CSSC fixed some stuff but broke a big thing

Hi All,

If I set the switchport access vlan to the guest network that seems to get the prelogin network access to work. 802.1x still changes the vlan when a user logs in to their apropriate vlan.

So the next question is wether this is a good idea? Is there more of a security risk by adding the "switchport access vlan " command then there is for having the guest vlan and auth-fail vlan? I am setting the switchport access vlan to the guest net, so I am guesing there are no extra security risks then there already are when dealing with vlans.

Thanks

New Member

Re: CSSC fixed some stuff but broke a big thing

Sorry, I may have spoken too soon, this did not work. It seems the act of adding the switchport access vlan command while the computer was at the login caused the CSSC client to allow access to the network but when I restarted the computer it is still not allowing access to the guest vlan even though the show vlan show that interface on the guest net and the sho int shows the interface is up and connected.

So it looks like I am up for any ideas again:(

Thanks

141
Views
0
Helpful
2
Replies