We have a working L2 OOB VG deployment. The NAC agent pops up then says it has granted full access. The issue is about 45 seconds later it pops again then says it has granted full netowrk access. Then it does it again...etc.... The CAM thinks things are fine as it just keeps adding the user to the OUL. Anyune seen this before?
Is this a new deployment? If so, then you need to configure an ACL which blocks all discovery traffic to the CAS untrusted interface. If you have oob logging configured then you will need to redirect these discover packets to the CAS trusted interface.
The ports that you need to redirect are tcp/udp 8905 and udp 8906.
It was an SNMP issue with 12.2(33)SXH. This is below the recommended minimum as stated in the NAC 4.9 documentation. Also, the ACL is no longer needed. Apparently the new verison of NAC does not allow the entry in the click tables. We have three other locations working fine without the ACL in L2 OOB VG mode. The switch was upgraded to 12.2(33)SXI9, our current tested production standard, and it worked fine
When you looked at the SNMP info sent in the trap it was not complete. We did a grep on the set and request and found they were getting to the CAM. We then looked at the actual packet via TCPDUMP and found the vlan information was not in there, so the port did not transition from auth to access VLAN.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...