In Case of out-of-band mode if the client's MAC address is on the Certified List, but not on the out-of-band Online Users list (in other words, the client is certified but logged off the network), you can keep the client on the Access VLAN at the next login (allowing trusted network access), or you can put the client on the Auth VLAN at the next login to force the user to re-authenticate through the CAS. Because the client is already certified, the client does not go through Clean Access certification, only authentication.
Removing an OOB client from the Certified List removes the out-of-band user from the Out-of-Band Online Users List. You can optionally configure the port also to be bounced.
Refer the below URL to know differences about In-Band and OOB:
Please also let me know if you have any further information regarding In-Band mode. I would like to know what is going to happen if user does not do normal logging off in case of web login (i.e. close the browser) or manual exit agent application. Would the next user be authenticated and certified by NAC appliance system?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...