Cisco Support Community
Community Member

Urgent- Login disabled for NAC Agent

Hi All,

Not able to Login NAC Agent after downloading and installing in windows XP machine.

Please find the  attached Logs collected through cisco log packager.

Please help us in trouble shooting this issue.

An early response is apprciable.




Cisco Employee

Re: Urgent- Login disabled for NAC Agent

Hi Abuzar,

Is this a L2 or L3 setup?

Is the CAS in VGW or Real-IP mode?

On the NAC Agent logs I see that the client tries first TCP/8905 discovery to (default GW) and (Discovery Host), then UDP discovery both in L2 to address (on port 8905) and in L3 to the address (on port 906), but none of these discovery methods returned a response from the CAS.

Make sure that the discovery traffic hits the CAS, and then that the SSL certificate installed on the CAS points correctly to the IP address of the CAS (the service IP if you're in HA mode).

In L2, the discovery should succeed with the attempt to contact the default gateway, as the CAS is either going to be the default gateway itself (in case of L2/Real-IP) or it's going to intercept this traffic (in L2/VGW).

If you're in L3 (meaning that you have at least 1 hop between the client machine and the CAS) make sure that L3 support is enabled on the CAS and that the traffic to the discovery host crosses or hits the CAS (the discovery host may be the CAS itself or a host on the trusted side of the network..); in this case you will need to configure policy based routing accordingly.

I hope this helps.




If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

Community Member

Re: Urgent- Login disabled for NAC Agent

Hi Federico,

Thanks alot for the quick reply and information.

It helped me a lot and now I am able to get the "Login" screen.

I am extremely thankfull.



CreatePlease to create content