I'm testing a NAC 4.1.3 L3 OOB Real IP configuration and have come across an anomaly. Can someone help please.
I have configured two switches to be managed by NAC and have configured a role for Web Authentication and set all ports to be controlled.
When I connect a PC to switch 1 and authenticate all works well and the View Online Users displays the PC/role/Switch Port correctly.
I then disconnect the PC and patch it into the Switch 2. I then authenticate but instead of the port being moved to the correct VLAN it is left in the authentication VLAN and the Web Login cycles and asks me to log in again. Looking at the Online Users display it says I'm online on Switch 1 on the port I have disconnected from. This is INCORRECT!
Looking at switch 1, it has moved the port I was connected to the VLAN it should be after authentication. This should have been done to the port I'm now on at the Switch 2!
MAc notifications are used and Linkup/downs are enabled on the switches. They are not stacked. When disconnecting from the switches it correctly removes me from the online users. After authentication on the new switch it puts me back on the original switch where I was!!!!!!
This is most infuriating, it means the product is useless if I have users moving from one desk to another ending up on a different switch where they will no longer be able to work as they cannot get past authentication.
>>I then disconnect the PC and patch it into the Switch 2. I then authenticate but instead of the port being moved to the correct VLAN it is left in the authentication VLAN and the Web Login cycles and asks me to log in again. Looking at the Online Users display it says I'm online on Switch 1 on the port I have disconnected from. This is INCORRECT!
Have a look at the Switch Management ->Port Profiles and below "Options: Device Connected to Port" (the second one) "Change to .... if the device is certified" there should be Access VLAN option -make it active.
It's not working properly because the device still thinks your logged in but it getting the information from a different switch so it doesn't know what to do. I have run across this during testing and in production it worked fine because people are plugging from one switch to another with in seconds.
You will need to boot yourself off from the authenticated users, then you shouldn't have the problem.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...