Cisco Support Community
Community Member

Cisco NAC Configurations

I have been tring to work with a few TAC guys on getting an Out of Band, Virtual Gateway configuration implemeneted, but for various reasons, we seem to be missing each other.

I belive I have everything configured properly, however, I am unable to get a correct IP address in my authentication roles, and when looking at the CAM manager pages, I see the connection to the authentication vlan, but the test user never gets any further. Anyone have any suggestions? (short of opening a TAC case.)


Re: Cisco NAC Configurations

Are you talking about Clean Access?

Is DHCP working on the authentication VLAN? I recommend setting the CAS to do DHCP for this VLAN.

I think we've no IP address you're going nowhere.

Community Member

Re: Cisco NAC Configurations

Yes, I am discussing Clean Access. When configuring a OOB VGW, you dont get a choice on where your DHCP is hosted - meaning the CAS will not host dhcp for you if your in VGW mode. I since opened a tac case, and we have encountered a more pressing issue - im able to get ip now (had the wrong vlan on the edge switch) but, NONE of the rules are being enforced. Clients that do not have the Clean Access agent are allowed free reign on the network.

no clue why or how thats happeneing.

Re: Cisco NAC Configurations

are users being authenticated?

are they getting put into correct VLAN?

Requirement of CCA Agent is set per Role under Device Management > Clean Access > General Setup.

Traffic rules are set under User Management > User Roles > Traffic Control.

Community Member

Re: Cisco NAC Configurations

Well, I think thats part of the rub - the agent on the test box only shows local DB, or Radius. I have setup an LDAP connection to my AD, but its not an option on the client. (my test user is on the raidus, so its getting authenticated).

2 questions -

1. How do I get the LDAP authentication option to show up for the clients that are OOB (and NOT for the INBand)


2. How do I make sure the correct user role is assigned to OOB users VS Inband?


Community Member

Re: Cisco NAC Configurations

Check that the LDAP radio button is selected on the User Page definition. If it isn't, it won't show up on your client.



CreatePlease to create content