07-19-2010 02:03 PM - edited 02-21-2020 10:24 AM
Hi All,
I have NAC version 4.7.1 and i have implmented it as out of band virtual gateway and when i make the port NAC controlled and try to test it works properly but when i remove the pc from the port, the port doesn't go back to authentication vlan.
if i put the same pc in another NAC controlled port it doesn't require authentication and it changes itself directly to authenticated.
the port remains authenticated until i clear the certified list.
can anyone help me to make nac change the port to unauthenticated once i remove the port.
Best regards,
Ayman Yehia
07-19-2010 11:13 PM
hi all,
sorry NAC version is 4.1
Besr Regards,
Ayman Yehia
07-20-2010 08:13 AM
Ayman,
Please post your port profile settings, your snmp settings, a show runn from your switch and a show ver from your switch. Also if you have a network diagram that'll help.
Faisal
07-21-2010 08:15 AM
From what I understood there was a bug that wouldn't allow this to occur but it was resolved in version 4.7.X. You may want to check the BUG toolkit.
Thanks,
Joe
07-22-2010 04:50 AM
07-22-2010 04:51 AM
07-27-2010 01:47 AM
hi all ,
have anybody reached a way for this case
Best Regards,
Ayman yehia
07-27-2010 07:04 AM
We are currently running 4.7.1 and we are not experiencing this issue. What version are you running?
Thanks,
Joe
07-27-2010 07:40 AM
Hi joe,
my version i use is 4.1.2.1
Best Regards,
Ayman Yehia
07-28-2010 09:16 PM
Ayman,
Sorry for the delay. Two things to check here. First, are you able to control the switch from your CAM successfully? In other words can you set the initial vlans successfully?
Second, what are you using for your switches? MAC-Notifications or Linkup-Linkdown notifications? Can you check the CAM logs as to what shows up there when you put a new PC in an authenticated port? Does it get a trap? What does it do with that trap?
Post your CAM logs with such an attempt where it didn't work, along with the MAC and IP information of the client. Also post the screen shots of your CAS configuration, specifically the managed subnet page, vlan mapping page, and network information page.
Thanks
Faisal
08-23-2010 04:51 AM
Hi faisal,
Sorry for not answering for this long period.
i have managed to make the NAC work but their are some hints i don't have explanation of.
as you told me before to check if the NAC can manage the switches(no it can't) and i don't know why.
second thing if i put MAC address in the filter to be ignored it is not ignored untill i configure its port manually in the trusted Vlan.
for your switches i use MAC-Notifications, Linkup and Linkdown notifications.
can i solve these issues as i support this site and i can't reach this site as it is far away from me and i shall make a visit to fulfill those requirements.
Thanks
Ayman Yehia
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: