Cisco Support Community

NAC, L3 ,In-band , Virtual Gateway mode ,CAM cann't get client's MAC address via web agents or NAC agent

Topology description :

CAS:   Untrusted port connecting  Internet , Static public IP address A , Trust port -same static public IP A address as untrusted port

CAM:    Static public IP address B within  the same subnet of CAS ,and connected to trust port

Protected Host:  static public IP address C , is connected to CAS trust port 

Static public IP address A,B, C are in within the same subnet

Internet-----(Untrust port of CAS ,Trust port of CAS) ------------Switch01

                                                                                      Switch01 -------------------------  CAM

                                                                                      Switch01 -------------------------- Protected Host

Symptom :

when a  client PC from Internet access the IP address of Protected Host by http , the IE browser can be redirected to CAS authentication page , and ActiveX  alarm pop up , web agent is installed  as normal ,and user can login the network successfully .

CAM can detect the client OS version , but  CAM cann't get the client's MAC address (shown as  00:00:00:00:00:00) , and the user is only listed in online users ,but  not showed as certified device .

In CAM's  User Page tab , we checked "using web client to detect MAC address " 

In  CAS's  static route configuration page , we added a static route to client PC's subnet .