Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC OOB

dear all,

I have this outline in my lab:

I use L3 OOB VG,

quarantine VLAn 100(172.16.100.0/24), Access VLAN 10(172.16.10.0/24).

The untrusted interface IP 172.16.100.1

The trusted interface IP 172.16.10.3

Router's interface for Access VLAN 172.16.10.1

and the CAM ip 192.168.1.1/24

When I connect a PC to a switch, the switch changes the port to VLAN 100 and the PC obtains an IP address 172.16.10.5 which is what I expected.

The problem is that the PC can not get the login page.

Could anyone help please? thanks.

4 REPLIES
New Member

Re: NAC OOB

Did you configure the dns server? If the pc doesn?t resolve the name of the link the authentication page doesn?t work.

New Member

Re: NAC OOB

Hello,

You specified that you are OOB VG mode, if this is correct, then only VLAN ID number is translated from your untrusted auth VLAN (100) to your trusted, production VLAN (10) so the IP address obtained from your untrusted VLAN will not have to be renewed or changed when bounced to the VLAN 10 or prod VLAN. Also, make sure when in the Auth VLAN (100), that your default GW points to the IP address of the CAS, so it sees traffic go through, then the agent will trigger and ask for authentication...

Dominic

New Member

Re: NAC OOB

If your configured in VGW then your GW should not point to the CAS at all

New Member

Re: NAC OOB

If DNS is not configured then, can u ping the Untrust Interface IP of the CAS?

Try to browse to the Untrust Interface IP of the CAS "https://Untrust-Int-IP" and see whether re-direction happens or not?

Have u configured User pages or not?

Have u configured any user role with "Require use of clean access agent".?

157
Views
0
Helpful
4
Replies
CreatePlease to create content