Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC controlled port don't return to authentication vlan

Hi All,

I have NAC version 4.7.1 and i have implmented it as out of band virtual gateway and when i make the port NAC controlled and try to test it works properly but when i remove the pc from the port, the port doesn't go back to authentication vlan.

if i put the same pc in another NAC controlled port it doesn't require authentication and it changes itself directly to authenticated.

the port remains authenticated until i clear the certified list.

can anyone help me to make nac change the port to unauthenticated once i remove the port.

Best regards,

Ayman Yehia

10 REPLIES
New Member

Re: NAC controlled port don't return to authentication vlan

hi all,

sorry NAC version is 4.1

Besr Regards,

Ayman Yehia

Re: NAC controlled port don't return to authentication vlan

Ayman,

Please post your port profile settings, your snmp settings, a show runn from your switch and a show ver from your switch. Also if you have a network diagram that'll help.

Faisal

New Member

Re: NAC controlled port don't return to authentication vlan

From what I understood there was a bug that wouldn't allow this to occur but it was resolved in version 4.7.X.  You may want to check the BUG toolkit.

Thanks,

Joe

New Member

Re: NAC controlled port don't return to authentication vlan

hi faisal,

Kindly find the attached port profile settings, your snmp settings, switches configuration and show version for the switch.

Ayman Yehia

New Member

Re: NAC controlled port don't return to authentication vlan

core config attached also

Ayman

New Member

Re: NAC controlled port don't return to authentication vlan

hi all ,

have anybody reached a way for this case

Best Regards,

Ayman yehia

New Member

Re: NAC controlled port don't return to authentication vlan

We are currently running 4.7.1 and we are not experiencing this issue.  What version are you running?

Thanks,

Joe

New Member

Re: NAC controlled port don't return to authentication vlan

Hi joe,

my version i use is 4.1.2.1

Best Regards,

Ayman Yehia

Re: NAC controlled port don't return to authentication vlan

Ayman,

Sorry for the delay. Two things to check here. First, are you able to control the switch from your CAM successfully? In other words can you set the initial vlans successfully?

Second, what are you using for your switches? MAC-Notifications or Linkup-Linkdown notifications? Can you check the CAM logs as to what shows up there when you put a new PC in an authenticated port? Does it get a trap? What does it do with that trap?

Post your CAM logs with such an attempt where it didn't work, along with the MAC and IP information of the client. Also post the screen shots of your CAS configuration, specifically the managed subnet page, vlan mapping page, and network information page.

Thanks

Faisal

New Member

Re: NAC controlled port don't return to authentication vlan

Hi faisal,

Sorry for not answering for this long period.

i have managed to make the NAC work but their are some hints i don't have explanation of.

as you told me before to check if the NAC can manage the switches(no it can't) and i don't know why.

second thing if i put MAC address in the filter to be ignored it is not ignored untill i configure its port manually in the trusted Vlan.

for your switches i use  MAC-Notifications, Linkup and Linkdown notifications.

can i solve these issues as i support this site and i can't reach this site as it is far away from me and i shall make a visit to fulfill those requirements.

Thanks

Ayman Yehia

387
Views
0
Helpful
10
Replies
CreatePlease to create content