Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC: Logoff & Exit agent application condition


I have a few questions regarding the NAC appliance as follows:

In case of In-Band, what is going to happen if user does not click LOGOFF button (web login) or EXIT agent application? How can the user MAC address be removed from the certified list?

And how about this case in Out-of-Band mode?

Could you please clarify them for me?

Thank you very much,



Re: NAC: Logoff & Exit agent application condition

In Case of out-of-band mode if the client's MAC address is on the Certified List, but not on the out-of-band Online Users list (in other words, the client is certified but logged off the network), you can keep the client on the Access VLAN at the next login (allowing trusted network access), or you can put the client on the Auth VLAN at the next login to force the user to re-authenticate through the CAS. Because the client is already certified, the client does not go through Clean Access certification, only authentication.

Removing an OOB client from the Certified List removes the out-of-band user from the Out-of-Band Online Users List. You can optionally configure the port also to be bounced.

Refer the below URL to know differences about In-Band and OOB:

New Member

Re: NAC: Logoff & Exit agent application condition

Thanks for your reply.

Please also let me know if you have any further information regarding In-Band mode. I would like to know what is going to happen if user does not do normal logging off in case of web login (i.e. close the browser) or manual exit agent application. Would the next user be authenticated and certified by NAC appliance system?