I am having a strange issue with a L3 IB VG install. When using either the client or the web login I can log in with local or AD credentials and I see the user logged in on the CAM. The client gives a timeout message after a couple minutes and the web login just never completes.
The user is logged in according to the CAM. So, I do a continuous ping to an address that is allowed for the role of the logged in the user. The device being pinged sees the icmp packet and responds, the device that logged in to NAC does not get the reply. After 6 minutes the client machine that logged in to NAC will start getting the icmp reply packets.
So there must be a breakdown in communications somewhere and some kind of timer that lets the traffic pass after 6 minutes, but I just don't know where to look at this point.
This error indicates a communication issue between the Agent and the CAS. The Agent pops up initially indicating that the Agent is able to reach the CAS and vice versa. However, at some point the communication is lost resulting in the error message. This error can reflect a timing issue after the VLAN has been changed for the user machine in OOB deployments. Increasing the VLAN Change Delay (under Switch Management > Profiles > SNMP Receiver > Advanced Settings) from the 2 second default to 3 or 4 seconds may resolve the issue.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...