I have a 5508 wlc trunked to a 6500 switch. Also trunked to the switch on both eth0 and eth1 is the CAS. The CAM is connected with an access port.
The CAS and CAM are on seperate VLANs and the CAS was added to the CAM without issue.
I followed the example document for OOB WLAN (VLANs and mapping etc) but I don't get any authentication going on. The client associates and the WLAN interface is the quarantine VLAN However it seems the client can connect to the network without issue (can web browse to a server internaly to the campus)
The client is shown in the wireless clients on the device page of the CAM
If i close down either of the CAS interfaces the client connectivity is broken.
Just once, randomly the Clean Access Login Page appeared on the client (battery had died and waited about an hour) but when I rebooted the CAS to check it was consistent it never came back.
I haven't configured the SSO part, should this be completed or is it a valid test so far without it?
In Monitor/Clients screen the client is shown to be assigned to the quarantine vlan configured for the dynamic interface on the WLC. However the client can still access servers they shouldn't from this VLAN.
I also notice that if i browse from the client to the CAS and complete a manual authentication the client is certified and the Monitor/Clients screen shows the client has moved to the access VLAN configured for the dynamic interface configured on WLC
I think the VLAN maybe leaking? I don't see any packets on a tcpdump on eth1 for the CAS
I was given access to the core switches and I found a "less than optimal" configuration :-) I removed the NAC VLANs from a port channel and made my switch the root for the NAC VLANs and all is now good :-)
Do you have a good resource for describing how to get the agent software to automaticaly be downloaded to the client?
I'm experiencing similar problem. When i connect to a SSID that i've configured quarantine vlan, my laptop connect directly to an access vlan, not to quarantine vlan. I'm sure the switch have defined the quarantine vlan and access vlan. And i've enabled NAC state in the WLAN.
When i checked the WLC, Monitor -> Clients, the laptop get access VLAN directly when it connects.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :