Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


Clean Access L3 OOB Timeout Configuration

Hey All,

Thanks for the help so far with Clean Access. We are up and running L3 OOB w/ ACLs in our test environment and all is working as expected. I have a question that doesn't seem to have been posed yet. I want to create a rule that will kick a user off of their user VLAN after being logged in for X number of hours. Our policy states workstations are to remain off, but that rarely happens and these workstations should be placed back into the auth VLAN if they are not powered off. I've attempted to set the timeout setting on the CAM, but this did not cause the user to be moved back to the auth VLAN. In a L3 OOB multi-hop deployment, how can this be achieved?



Re: Clean Access L3 OOB Timeout Configuration

New Member

Re: Clean Access L3 OOB Timeout Configuration

Check out the manuals.

What most people do is clear the certified device list at say 02.00am in the morning so the next day, posture assessment can occur again. It's one of the trade-offs for doing L300B. There are kick user commands and scripts you can crete and run.

Cisco are looking into ways of clearing certified users on logout but this is not committed yet.