NAC Clean Access Authentication not doing anything
Hi!
I have instaled an NAC solution, using oob with acl's.
When i get to the Clean Access Authentication page, using the right user and password, or an worng one, the page keeps showing up, requesting to authenticate and without any errors.
Did this happened to anyone?
TKX
Miguel
Hi Miguel,
The configuration so far looks OK.
The only test I would suggest would be to keep the clients on a vlan/subnet different from the CAS untrusted IP's subnet.
I am telling this because usually we have the following:
1. Clients are being assigned to a trusted vlan/subnet, for which we have an IP address configured in the CAS as a managed subnet and assigned to that vlan.
2. In this case, clients are getting an IP on the same subnet as the untrusted interface of the CAS, which is not doing any kind of vlan tagging.
As a further test, you could for example keep the clients on a subnet that is not the same as the one for the CAS untrusted interface and add the corresponding managed subnet for that client vlan.
Alternatively, you could configure the CAS untrusted interface to tag traffic on the same vlan where clients are getting an IP, but this is usually more tricky.
This suggestion comes from the fact that what you are experiencing (clients continuously re-prompted for authentication) is often seen when the CAS is not configured for the proper managed subnets.
One more thing to verify is that the user being authenticated is not falling under the Unauthenticated Role.
This could happen for example when configuring an Authentication Provider with the default role as Unauthenticated and mapping rules: if mapping rules are not triggered correctly, the default Unauthenticated Role will be assigned and the client will keep getting the authentication prompt.
If these further points didn't show any improvements, I would recommend to keep following this through a TAC Service Request:
http://tools.cisco.com/ServiceRequestTool/create/launch.do
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Similar Messages
-
I tried to burn a DVD using iDVD after upgrading to Maverick, first time I tried after upgrading to Maverick a few weeks ago. It seems to get stuck at encoding menu stage and not doing anything. Does anyone else have the same problem?
I did not have a DVD handy to burn but I have just created a small 2 minute video and created a Disk Image and also a VIDEO_TS folder, the encoding worked correctly, so it works with some items.
You may get a better responce in the iDVD forum.
https://discussions.apple.com/community/ilife/idvd
regards -
After I tried to update my Ipad mini to the newest update, it kept saying hello on my lock screen in different languages and then when I slide the screen across, it says connected to itunes but it's not doing anything!! By the way my Ipad mini is plugged into my computer and connected to itunes!! Please help me!!
FORCE IPAD INTO RECOVERY MODE
1. Turn off iPad
2. Turn on computer and launch iTunes (make sure you have the latest version of iTune)
3. Plug USB cable into computer's USB port
4. Hold Home button down and plug the other end of cable into docking port.
DO NOT RELEASE BUTTON until you see picture of iTunes and plug
5. Release Home button.
ON COMPUTER
6. iTunes has detected iPad in recovery mode. You must restore this iPad before it can be used with iTunes.
7. Select "Restore iPad"...
Note:
1. Data will be lost if you do not have backup
2. You must follow step 1 to step 4 VERY CLOSELY. -
Redirect rule not doing anything
Note that the email account the the follwing applies to is a gmail account
I have a rule in Mail that sends all emails from Macworld, Mac-Forums, and MacWeek to a folder (OK, a label in gmail parlance) and flags it "green" (so I can find them easliy and read them later). Problem is the rule is not doing anything. Ideas?Doesn't work for three days, but as soon as I post a message it starts working. #sigh
Actually, restarting the Mail program seemed to fix it. -
i came home and my iphone is now frozzen on the apple screen and it hasnt been doing anything i put it in the charger and its not doing anything how do i get it to work so i can text and call and stuff
I got to that page but clicking on the Subscribe Free had no effect.
Nothing showed in the Podcasts nor the iTunes U.
In fact I also subscribed to Stanford's lectures and despite actually managing to DL them there is still no subscription in iTunes U, just the Intro to Computer Science belatedly.
Peter
I'd like to attach the screen grab of the out of order and randomly DLed selection of Harvard's course, but the forum won't let me attach it even though it is only 456k. Correction, close post and retry and now it lets me. NB how intermittent the DLs are and in no particular order. -
Trying to delete pages 21-24 on iPhoto book but "remove pages" option grayed out and pressing delete button not doing anything. These extra pages resulted from using Autoflow and now we can't seem to get rid of them. Help!
Good morning Old Toad.
I did as you suggested:
1) Booted from install CD.
2) Ran Disk Utilities on internal hard drive--no repairs necessary. For good measure, did the same thing on external drive. Also no repairs necessary.
3) Checked software update--no updates found. About this Mac said I was already running 10.4.7. For good measure, I downloaded the latest and installed it. Since it let me run the install, I'm not sure if I installed something new or reinstalled what I already had.
4) I rebooted from CD, ran disk utilities, ran repair disk--no repairs necessary. Repaired permissions and a lot of permissions repaired.
5) Tried to delete the files and the same old thing happened: kernel panic. The specific message:
panic(cpu 0 caller 0x00102A08): jnl: transaction too big (1587712 >= 1572352 bytes, bufsize 8192, tr 0x29f1fb0 bp 0x2801de40)
So there's no change in my status.
I'm trying to delete the files because:
A) They already take .5 Gb.
B) I can't get rid of them ever. If I move the problem files to a different folder, I can only do one successful drag-and-drop backup to the external drive until the "new" thumb segments become unerasable just like the previous versions and crash the system.
C) I can't even "just" drag and drop every file/folder except the thumbs, because that ends up crashing the system as well. So I have to drag and drop every file/folder in the iPhoto hierarchy individually. Which makes me less inclined to backup, which defeats the purpose of a backup.
D) After the iPhoto fiasco I'm just crabby about all the Apple screw-ups I'm experiencing and I want to get them fixed.
Thanks for your help. Any additional suggestions would be appreciated.
G4 Mac OS X (10.4.6) -
I'm having problems with Siri on my iPhone 6. It worked briefly yesterday and now its not doing anything. I have turned phone off and on and made sure everything is on in settings. Please help!
Do you have an active data connection (wifi or cellular)? Have you tried resetting the phone by pressing and holding the Home and power buttons until the apple appears (this is different than just turning it off and back on).
-
I lost my contacts on my 3gs and was not doing anything with the phone.. it was plugged into the wall charging... can anyone help??
cannect it to a computer and let it sync through iTunes. Contacts are a broad problem. You need to state where your contacts are located i.e. do you use yahoo mail? do you sync to iCloud? there are alot of answers for you problem but you need to be a little more detailed
-
I updated my iphone to the new version and now it tells me to connect to itunes which I did and it's not doing anything else, what do I need to do?
Try to connect in recovery mode, explained in this article:
iOS: Unable to update or restore -
My network symbol keeps working on my home page even when I'm not doing anything, I know there has been problems in the past with this so has it come back, help it's killing my battery!
Close all open apps by double-tapping the home button, then swiping up and off the screen with the app window (not the smaller icon).
Reset your device: hold down the home button along with the sleep/wake button until the screen goes black and you see the Apple, then let go. (No data loss) -
I am trying to use the "This solved my question - 10 points" an the "This helped me - 5 points" but they are NOT doing anything. How do I award the points ?
Are you talking about the "Legend" panel at the right of the window?
Those text are just help texts explaining the reputation points. You can only award points, if you are the original poster of a question. Then you will see active buttons to award points below the answers you receive. See here for more information: https://discussions.apple.com/static/apple/tutorial/reputation.html
Regards
Léonie -
! just got a new docking system so i plugged it in to my computer because it wasnt the wall charge type, so I put in my ipod, then straight away my screen went white and now its not doing anything! i press the home and lock button nothing happens... then i plug it in my computer it doesnt come up in itunes or even the copmuter. please help i can not live with out my ipod!
Your post is abit confusing, especially on getting those weird messages and emails,( assumed in your Windows machine.)
Most likely you have Restored the iPod using the new Macbook pro, using the same name as that in your Windows machine, hence the duplicate name warning, as it is trying to sync Automatically.
If you are syncing your iPod to both the Mac and Windows, you must set it to Manually Manage Music, in the first machine that you setup iTunes with the iPod. Read thsi Apple Support Article
In iTunes, Preference, tick on Prevent devices syncing automatically
Hopefully your music are still in both your iTunes library,
Connect the iPod to the Mac
Restore it (just to fix any filesystem corruption by the Windows end)
Set it to Manually Manage Music
Sync your selected songs in your library.
Whern sync complete, Eject it
Connect it to your Windows PC.
Select the song in the library
Sync it.
It should work if your ipod Hardisk is not giving any problem.
Good luck! -
Force click not doing anything with long press
My force click preference to show definitions and other information is not working. I'm doing like the video shows, but apparently it isn't working. It works when i use the alternative 3 finger tap.
Hi TIA;
We are facing some performance issues in our database since past few days. The some of concurrent requests which use to finish in 10 mins are running for more than 2 hrs. There are no locks in database, and the request is not doing anything in database (Not generating any Undo). When we check at the db server, the database process associated with the request is not shown in top process report, so we realise that it is not doing anything on the server level as well.
What may be cause of the issue. How to identify why request is not doing anything. Does the server process gets disconnected from session. We have two node rac database.What is your OS and EBS? It was working before if answer yes what have u been changed on ur syste?(patch etc)
You have any error message on alert.log and also concurrent log?
Please check below thread which could helps you
Concurrent Manager very slow
Concurrent Manager very slow........
Oracle apps database
Regard
Helios -
NAC/Clean Access Server no longer intercepting Clients after upgrade
We recently upgraded our CISCO Clean Access Manager and Server to version 4.8.2 from 4.8.0. Everything seemed to be working fine but I had a user log in without having the NAC Agent running and they had full access. We didn't change anything other than upgrading to the new version. We have found that the user has access even before the Windows Agent is completed with the assessement of the client. It worked fine before the upgrade....Again, we made no changes other than upgrading to the new version (no route changes, etc).
I even tried an explicit deny for the user's workstation's mac and the NAC SErver still let him through....I am a bit perplexed...Thanks for any assistance.Hmm, i removed the line but it does not help me ?
I did run following command in terminal:
sudo pico /Library/Server/Mail/Config/postfix/main.cf
Removed the "reject_non_fqdn_helo_hostname" from the line smtpd_helo_restrictions.
Saved the file and restarted Mail service
get this in log when i try to send from a windows client with Outlook2010:
Aug 15 17:42:09 lundmark.jetoma.se log[236]: auth: Error: od(annicalundmark,192.168.20.103): Authentication server failed to complete the requested operation.
Aug 15 17:42:09 lundmark.jetoma.se log[236]: auth: Error: od(annicalundmark,192.168.20.103): authentication failed for user=annicalundmark, method=DIGEST-MD5
Have tryed different ports like 25 and 587 with SSL, TLS and "none" in SMTP advanced settings on klient.
I did use the same instructions before in Lion server and there it did work ?!
Any more ideas ?
regards
Jörgen -
NAC appliance local authentication not working
Hi,
i am trying a test scenario for NAC. it is oob virtual gateway
I get the login page when i try to access the web but when i try to authenticate to the local db i don;t receive an error message and i remain on the authentication screen.
I listened with tcpdump on both interfaces. on the untrusted side i see traffic but on the trusted side no diffrence in traffic appears(but maybe this is normal)
can someone please help with the detailed steps the authentication follows
not just host->nas->nam(localdb)
or some ideas
Thank you!I doubt this will help, but here goes. I seem to remember a similar issue here, and I went into my browser's proxy settings and turned them off. Then I could authenticate, but not browse the web. So after authenticating I turned them back on and it was fine. There is a tab on the NAC Device Management > Clean Access Servers > >Advanced> Proxy where you can tell clean access about a proxy server, but I don't know if that's relevant.
I assume you have verified that your local user ID works by testing the auth server with it and that it has a profile that allows you to go someplace.
Maybe you are looking for
-
Multiple ASM instances on a single node
Can i have multiple ASM instances on a single node? This is to have each instance supporting different environment dev,stage etc Thanks Sannidhi
-
How to identify the alternative payee in payment run
Hi All How to identify the alternative payee details in payment run by using transaction code F110 or which table or fields contain the alternative payee details for example REGHU & REGUP. How to identify the alternative payee details from system lev
-
On updating from FF3.5.10 (good :-) to FF3.6.6 (bad :-( ): No session-restore option; no menu drop-down "Recently bookmarked" list. (Sys=winXP sp3) 1. can a non-techy fix this? :-( 2. how do I recover to FF3.5.10? - I liked it very much ! - thanks to
-
Resource files like those in Motif
Dear Community, we have to develop a part of a huge system running under UNIX with Motif. Our part will be developed with Forms 6i. Could we use Motif like resource files for our dialogs to store texts, colors etc.? Any help is appreciated! Attila K.
-
Loss of sound quality from viewer to sequence
Hi, I'm currently putting a track into a piece and when I play it in the viewer as a preview the sound is perfect yet when I insert it into the sequence there's a muffled ticking sound in the background. The audio track has been rendered...any idea w