Hi, we are doing a testbed with NAC appliance. We are doing basical tests with latest version 4.1.1 (30 april).
We are in an OOB test with virtual gateway mode. Our problem is very basic. For this test we are using local database.
When we authenticate trough the Web Page (no agent required) all is good we are moved to the access vlan and we can work. Sniffing we can see snmp that reatributes the access vlan. In this case the state and the display in logged in users is consistent, we are shown with the AllAccess role.
If we authenticate through the CAA, the authentication is displayed as successfull on the agent. The logged OOB users displays the test user with our AllAccess profile, but the logs show that we were moved to the Temporary Role (discrepancy here). If we snif SNMP from CAM to Switch, no SNMP is generated from the cam to switch. In this case we stay in the Auth vlan and we loop always for reauthentication. As the CAM consider us as logged in but didn't move the vlan. For this test we use a compliant machine).
If we test with an uncompliant machine, we stay in the AuthVlan, wich is normal, and we can access sites for remediation (normal behaviour).
In the three cases the config of roles etc is exacltly the same, the only difference is that we authenticated via a different way.
So for a compliant machine with authentication through CAA, we have a problem.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...