NAC OOB config issue

Dear fellows,
I have installed CAM and CAS version 4.0.3 in OOB mode and having this problem of clean access agent repeatedly popping up even after successfuly logging on to the server.
Also the clients are always requested to download and install the clean access agent even when it is already installed in the system.
After the succesfull log on I can see the respective client as sucessfully logged on to the system. Also the VLANs are correctly switched from Authentication to User VLANs, but still I'm repeatedly asked to log on to the system.
These symptoms familar to anybody and appreciate any idea to help me come out of this.
Thanks.

Insert the distribution CD-ROM that contains the CAM or CAS .iso file into the CD drive of the installation server machine.
Connect to the machine directly with a keyboard and monitor, or by terminal emulation console over a serial connection.
Reboot the machine. The installation script starts automatically after the machine restarts.
At the "boot:" prompt, type custom and press Enter.
The program will prompt you for the driver diskette, then the update diskette. The installation then proceeds normally.

Similar Messages

  • NAC 4.7.2 OOB SNMP issues

    Hello,
    I am setting up a NAC CAM and CAS 4.7.2 OOB setup in a test environment (NAC failover for CAM and CAS), and I am seeing some strange SNMP issues.  I am testing with a 3750 switch (12.2(53)SE1) using SNMP v2 and v3 since v3 and accessing the switch port configuration in the NAC manager is extremely slow.  I click OOB Management -> devices -> switch XXX and it takes several minutes for the port listing to display.  Then sometimes it comes up quickly but a 'show debug snmp' on the switch shows that it isn't polling the switch so it apparently starts pulling the ports page from cache, but I can see now logic in how it does this.
    Q1) When and why does the ports page pull cached info?
    Q2) Why is SNMP queries operating so slowly with NAC 4.7.2 OOB?
    Here is my test switch/NAC SNMP config (with pseudo names and fake passwords):
    snmp-server community switch_read ro   (matches OOB Management -> Profiles -> Device -> SNMP Read v2 settings)
    snmp-server view v1default iso included
    snmp-server user switch_write switch_group v3 auth md5 <my-password>  (matches OOB Management -> Profiles -> Device -> SNMP Write v3 settings)
    snmp-server group switch_group v3 auth read v1default write v1default
    snmp-server user cam_notify cam_group v3 auth md5 <my-password>
    snmp-server host 10.200.11.100 traps version 3 auth cam_notify mac-notification snmp  (matches OOB Management ->  Profiles -> SNMP Receiver v3 settings)
    snmp-server group cam_group v3 auth read v1default write v1default notify v1default
    What is wrong with my setup?  Any help is appreciated.

    Did anyone ever find a solution to this issue? I'm having the same problem.... it takes minutes to open the ports on a switch in the CAM. It shouldn't take minutes to manage ports for each switch, it should take less than 10 seconds...

  • NAC OOB VIRTUAL GW PROBLEM

    Hi,
    I am trying to setup a NAC OOB Virtual GW Scenario (attached is the visio schematic of the setup):
    Switch: 3550 (ios 12.2(46) adv ip serv)
    NAC 4130 appliances: v4.1.6 (also tried v4.5)
    Switch Configuration of the trunks to the CAS):
    - int f0/23 (connected to CAS e0) -> dot1q trunk with native vlan 999 and allowed vlans 199 (mgt vlan of cas) and 10 (hosts access vlan)
    - int f0/21 (connected ro CAS e1) -> dot1q trunk with native vlan 998 and allowed vlans 100 (hosts authentication vlan)
    - SVIs on switch: 199, 10, 200 (CAM mgt vlan), 99 (dns, dhcp)
    The problem I am facing is that the host once connected to a managed port is able to acquire an ip from the access vlan from the dhcp server but is not redirected to the login page. I tried to follow some hints provided in previous posts but none of them worked for me. I configured the following:
    - Login Page
    - Configured IP based traffic control on the unautheticated role to permit all traffic (also host based to permit https://192.168.199.1 -> cas' ip with trusted dns my dns server 192.168.99.1)
    - Managed subnet with unused ip in access vlan (192.168.10.253) and vlan id that of the auth vlan (100)
    - vlan mapping between untrusted vlan 100 and trusted vlan 10
    - tried to access a resolvable website by my dns from the host (as per the suggestion from a previous post for someone who was facing the same prob)
    - also tried to access the cas' login page from the host with vain, eventhough it is accessible from trusted subnets
    Note: I followed the configuration guide of both v4.1.6 and v4.5 and with both versions I was facing the same problem.
    I would be very thankful for any hints to help me solve this issue.
    Questions: When the host is connected to a managed host (assigned to the managed vlan 100) and it is assigned an ip from the a access vlan 10. Shouldn't I be able to access the managed subnet case I configured ip traffic control policy to permit all traffic from untrusted to trusted? also shouldn't I be able to resolve website's ip with "nslookup x.com" since dns traffic is by default configured and also trusted dns server 192.168.99.1 is configured?
    Thanks in advance for any help.

    It arised to be that the 3550/3560/3750 are not supported for Central Deployment. The problem is solved.
    Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment
    For Cisco Clean Access (NAC Appliance) in In-Band Central Deployment mode, when a Cisco Catalyst 3560/3750 series switch is used as a Layer 3 switch and if both ports of the Clean Access Server (CAS) are connected to the same 3560/3750 switch, the minimum switch IOS code required is Cisco IOS release 12.2(25)SEE.
    Because caveat CSCdu27506 is not fixed on the Catalyst 3550 series switch, when the Catalyst 3550 is used as a Layer 3 switch, it cannot be used in NAC Appliance In-Band Central Deployment.
    For further details, refer to switch IOS caveat CSCdu27506:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdu27506
    See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB).
    Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)
    Table 6 describes Cisco Catalyst switch model support for the Virtual Gateway VLAN Mapping feature of the Clean Access Server for either in-band (IB) or out-of-band deployments (OOB). This table is intended to clarify CAS network deployment options when connecting the CAS in Virtual Gateway (bridge) mode to the switches listed.
    Table 6 Switch Support for CAS Virtual Gateway In-Band/OOB VLAN Mapping Feature
    Cisco Catalyst Switch Model Virtual Gateway
    Central Deployment
    (both interfaces into same switch) Edge Deployment
    (each interface into different switch)
    6000/6500 Yes Yes
    4000/4500 Yes Yes
    3750/3560 (L3 switch) Yes with 12.2(25) SEE and higher 1
    Yes
    3550 (L3 switch) No 1
    Yes
    3750/3560 (L2 switch) Yes Yes
    3550 (L2 switch) Yes Yes
    2950/2960 Yes Yes
    2900XL No 2
    Yes
    3500XL Yes Yes
    28xx NME Yes with 12.2(25) SEE and higher 1
    Yes
    1 Due to switch caveat CSCdu27506. See Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment for details.
    2 2900 XL does not support removing VLAN 1 from switch trunks.

  • Urgent-NAC OOB VG Deplyment

    hi all,
             Iam in the middle of design of NAC OOB Virtual Gateway.
    I have the following doubts regading the placement of NAC Server to my existing Network
    I have two Core ( redundancy -HSRP ) running VTP & 25 Edge Switches ( VTP Client )
    According to CISCO , we can place NAC Server either in the Core or distribution Switches only , not on the edge switches, in OOB Virtual Gateway deployment.
    But currently my existing core switches is not having copper connectivity, customer don't want to invest on core switches.
    so I have to forcefully move the NAC server to one of the EDge Switches with both interfaces ( trusted & untrusted ) connected to same Edge switch, but CISCO is not recommending to do so in NAC OOB VG Deployment.
    I need to know why we cannot place NAC server at one of the Edge Switches. ( NAC OOB VG Deployment ) , what are the issues behind that ?
    One more thing is that , as my Network is running VTP , what are the things to be consider during the design of NAC OOB VG Deplyment.
    Iam attaching the Network Diagram, Please go through that.
    Expecting your valuable suggestions.
    Regards
    Dileep

    Dileep,
    You can put them on the edges, but you have to make sure you extend all the VLANs necessary to that edge. It's just bad design, but I don't see why it won't work.
    Unfortunately you don't have enough details in the map you provided to get a more detailed answer :-)
    HTH,
    Faisal

  • NAC OOB and 6500 in Virtual Switch Mode

    Is there any issue or special care to implement NAC OOB in Central Deploy, VGW, using AD SSO for wired clients where the Core Switch is a pair of 6500 in Virtual Switch Mode?
    The customer uses Radius IAS for authentication. How does it fit with the AD SSO?

    Hi Bruce,
    I am afraid there are some arguments missing in your db command.
    To manually add the OID of  Cat4507R+E to CAM's database here is the  procedure to do this.
    [root@cca-3140-cam ~]# psql -h localhost -U postgres controlsmartdb -c "INSERT INTO supported_switch VALUES ('1.3.6.1.4.1.9.1.1286', '4', 'Cisco Catalyst 4507 R+E')" INSERT 0 1
    psql: warning: extra command-line argument "INSERT" ignored
    psql: warning: extra command-line argument "0" ignored
    psql: warning: extra command-line argument "1" ignored
    INSERT 0 1
    Then to make sure it is there:
    [root@cca-3140-cam ~]# psql -h localhost -U postgres controlsmartdb -c "SELECT * FROM supported_switch" | grep 1286
    The output should be:
    1.3.6.1.4.1.9.1.1286      |     4 | Cisco Catalyst 4507 R+E
    Restart perfigo service on NAC Manager and try to manage the switch  using the model used by the above command.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • I can sync bookmarks on my Firfox for android, but folders aren't sync, i can only get bookmarks from bookmarks main folder. Is a bug or a config issue?

    I can sync bookmarks in firefox for android, but only the ones that are on Bookmarks main folder, the folders create below the main folder are not synchronized. Is this a bug or a config issue?
    Thanks

    Thanks Barney, I tried that but all that comes up in Spotlight are the log files that show the file paths! I don't know how Steam works. Are all the files held by Steam on their server perhaps?

  • NAC - OOB - Virtual IP - users lost connecti

    Hi.
    So my problem is the follow:
    I have i my customer a NAC OOB - Virtual Ip Gateway.
    So, we have a many port profiles. Each Port profile witch its own authentication vlan and access vlan, for example:
    TI -  auth vlan 585 -  access vlan 85
    ENGINEERING - auth vlan 586 - access vlan 86
    And works very very fine.
    BUT
    There is a common location called PLATFORM (auth vlan 587, access vlan 87) where, to put port profile on each User interface on the switch after 20 minutes or less, the machines that are on this profile (VLANs 587, 87) lose network connectivity, without bounce.
    I checked and, some machines for no reason, are changed to vlan authentication without snmp Linkdown and even get stuck in with User certifield device list.
    Other machines remain in vlan access, but lose all connectivity to the network without ping gateway and any other device.
    Another vlan (for ex: vlan 1) that is not controlled by NAC continues to communicate normally.
    I tried to see any logs on the switch but could not see anything abnormal (yet).
    Other locations with others port profiles work normally.
    The uplinks on this switches and interfaces users dont have any CRC or errors.
    Could anyone help me? This is causing problems in my account.

    Hi,
    I understand then that the clients are not connecting through local or SSO mode, is that correct?
    I would suggest 3 things so far:
    1. Check the logs on the switches where the CAS's are connected, I had a similar problem where CAS would stop responding and the switches would complain about vlan mismatch or mac flapping, if you notice errors on the switches verify that you have:
    * Vlan mapping enabled correctly
    * Different native VLAN on the switch interface for trusted and untrusted CAS ethx.
    * The correct vlans configured on each port: for untrusted just the authentication (layer 2) vlans, for trusted interface the access vlan (20) and the management vlan.
    2. Enable the management vlan tag on the trusted interface of the CAS and use your CAS management vlan.
    3. On the CAM go to the Clean access server section, manage one of your CAS's, the first window will show the services currently running on the CAS, verify if the SSO service is running, if it's not running, verify the configuration. If it's not allowing you to enable it, verify the time settings on your devices, the AD user and all the other settings needed for this to work.
    Hope this helps,
    Regards,

  • NAC OOB Logoff feature workaround ?

    Hi,
    We have a NAC OOB, Real-Ip Layer2 setup and the new option "Logoff Clean Access Agent users from network on their machine logoff or shutdown" does not apply when using OOB mode (which is annoying). Anybody found a way to make sure that when a users logs off from his PC he's automatically put back to the authentication VLAN ? We thought of maybe put a program in Windows XP logoff script that would disable/enable the NIC card but it seems a bit tricky...
    I'm sure I'm not the only one who's trying to find a solution for this. Hopefully Cisco will support this feature right from the clean access agent in a future release...
    Thanks.
    Dominic

    for now we are waiting for the feature to become available from Cisco in Q2 or Q3 of 2007.
    And yes, we are using SSO in a Windows XP - Windows 2003 environment.
    Dominic

  • 851 Router Config Issue

    Hi all,
    Hopefully this will be a nice easy one for you all.
    I have recently configured and installed an 851 router successfully :) I now only have one issue, the damn thing switches itself off after a period of inactivity!
    If I want to use it again I have to issue a reset command then a boot command.
    This takes me to the:
    router>
    prompt. I then have to issue a copy start run command. And then a no shut on each of my interfaces.
    Obviously I would just like the router to stay up and running. But I cant work out how to do it. Im sure that this is just a simple config issue and I would dearly love for you all to solve it!
    If any of you know the answer can you please provide clear an accurate commands as I will copy it parrott fashion into the router.
    Thank you all in advance.
    Stuart

    Hello,
    as spremkumar already pointed out the config register usually is set to 0x2102. You can reconfigure the register by:
    Router#configute terminal
    Router(config)#config-register 0x2102
    Router(config)#end
    Then perform a reload and check whether the config is present after the router finished booting.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • NAC OOB Configuration

    Hi!
    I'm implementing an NAC oob solution. tTe CAS and CAM are in the Data-center on an remote network, and i need to control the vlan's that my users access on my remote sites.
    How do i make them authenticate on the remote CAS? (the Cas is on an remote network)
    TKX
    Miguel

    Hi,
    Well, it looks like you are starting now, so I would advise to get in touch with the OOB concept and guidelines:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html.
    You have L2/L3 mode.
    You have OOB/InB mode.
    You have Real-Ip/Virtual gateway mode.
    You have 2 main VLANs for the clients: authentication (untrusted) and access (trusted) vlans.
    The goal is to make the client fall into the auth vlan prior to login, and the traffic flow through the CAS so that the CAS can permit/deny the client from passing traffic.
    You have also, nice chalk-talks where you can see VODs explaining the steps for configuring several features/deployments:
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • NAC OOB VRF L3 - PC sleeps instead of shutdown - Client comms issue.

    I was wondering if anyone had come across this issue and had figured out a method to prevent the situation whereby when a user leaves the office for the evening, they DONT shutdown there PC, after a few hours the PC goes to sleep causing a toggle of the switchport from trusted to untrusted role.
    As we know in the OOB L3 deployment as soon as the port is toggled to the untrusted role this is assigned to the untrusted L3 VRF IP addressing e.g 192.168.1.X.  when the user comes in the following day he activates his PC again and the client cannot gain access to the network due to it still having the trusted IP Address of the network 10.1.1.X and being allocated to the untrusted VRF.  The bounce option of the port profile cannot be set due to the user having the PC connected to the network via an IPT phone!  Has anyone overcome this situation ?  Your assistance is appriciated.

    Well I dont think both layer 2 and layer 3 are going to work. When you add your CAS to the Nac manager it will ask the type of deployment. I am using layer 3 OOB. You also do not need a trunk port with this type of deployment. I would make the untrusted network a SVI Vlan off your core and then lock things down via an ACL. You will need to allow the 8906, 8906 TCP,UDP & 8910 TCP. You will also need to allow all of the MS ports DHCP, DNS. Here is an example of the ACL I use.
        10 permit icmp any any echo-reply
        15 permit icmp any 10.20.1.0 0.0.0.255
        20 permit udp any any eq bootpc
        30 permit udp any any eq bootps
        40 permit udp any any eq domain
        50 permit tcp any 10.20.1.0 0.0.0.255 range 49152 65535
        60 permit udp any 10.20.1.0 0.0.0.255 range 49152 65535
        70 permit udp any 10.20.1.0 0.0.0.255 eq 389
        80 permit tcp any any eq 8905 (116 matches)
        90 permit udp any any eq 8905 (370 matches)
        100 permit udp any any eq 8906
        110 permit tcp any 10.20.1.0 0.0.0.255 eq 389
        120 permit tcp any any eq 8910
        130 permit tcp any host 10.20.1.1 eq 443
        140 permit tcp any host 10.20.1.1 eq www
        150 permit tcp any 10.20.1.0 0.0.0.255 eq 88
        160 permit tcp any 10.20.1.0 0.0.0.255 range 135 139
        170 permit tcp any 10.20.1.0 0.0.0.255 range 1025 1026
        180 permit tcp any 10.20.1.0 0.0.0.255 eq 3268
        190 permit tcp any 10.20.1.0 0.0.0.255 eq 445
        200 permit udp any 10.20.1.0 0.0.0.255 range 135 netbios-ss
        999 deny ip any any

  • NAC.OOB.L2.Real IP GW.dhcp-relay issue.

    Hello.
    I have CAM (manager) which is configured as L2 OOB real-ip gateway. central deployment.
    ethernet 0 (trusted) is L3. (ip add x.x.x.x)
    ethernet 1 (untrusted) is .1q and several authentication vlans (a,b,c,d) are connected to it.
    of cause managed subnets are configured for auth vlans on eth1.
    Manager is configured as dhcp-relay.
    Is it ok that manager changes dhcp packets to the dhcp server so that it's ethernet 0 ip address (x.x.x.x) becomes the source address of the requests to the dhcp server?
    how can dhcp server recognize auth vlan a from auth vlan b if all packets have the single source (x.x.x.x)???
    Where could be my mistake?
    Regards

    Hello varnavsky!
    You have to configure vlan mapping (at the CAM) for all authentication vlan! After the authentication and posture validation, the NAC client won't give a new IP address, so the client has to have an IP address from the proper access vlan. When you configure these vlan mappings CAS always acquire an IP address from the proper range.
    By(e) Miki

  • ISE reimage 1.1.4 on NAC 3355 Server Issues

    g'day All,
    I'm having trouble with an ISE re-image of a NAC 3355 server presently. I have successfully download the iso for 1.1.4 ise and burnt it to dvd, I've gone through the remiage process, with all the packages being installed successfully (or so it appears) there were no issues during the packages being uploaded and installed from the DVD.
    My issue is, when the box reboots and I am presented with the login prompt where I can type 'setup' to start the initial config script, I can enter all the relevant details and the system brings up the newtork interface, pings the default gateway and nameserver successfully (I don't see any errors that the pings have failed) and it appears to start installing ISE.
    I get the on screen message about not using "Ctrl C from this point", then I see the 'installing applications....' on screen message, but rather than seeing the 'Installing ISE' on screen message as detailed in the 1.1.x hardware installation guide, my install jumps straight to on screen message 'generating configurations' then the box reboots.
    Once the box reboots, I am able to log in with the username/password combo I entered in the intial setup script, but I don't get any further on screen messages or prompts to create a database password, etc. I only get the cli prompt. I am able to navigate around the cli fine, I can ping gateway and nameservers from the CLI fine, but if I do a show application, it comes back with nothing. If I do a application configure ise, the cli states that ise is not installed.
    help please guys.
    Cheers,
    JS.

    Hello James,
    How do you made your install ? Using KVM or Serial port ?
    I had same problems with serial install : I was imaging (1.1.4) some appliance (3315 & 3395) at the same time with one PC/console cable that I plug & unplug from one appliance to another for following the install progress. But on several appliance, I was not prompt for the admin & user database passwords.
    The result was the same than you : The appliance booted, but ISE application was not installed.
    I have got no problems the next time when I have try to reimage the appliance with serial cable but WITHOUT UNPLUG IT from the begining to the end ! The database users/admin DB password were asked and the install was successfull on all my appliances.
    Also you have to check the system time/date/timezone in the BIOS setting of Appliance as describe on the hardware install guide.
    http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_install_guide.html
    Have you check the MD5 or your ISO ?
    Hope you'll able to finish properly your install.

  • NAC OOB problem - moving users between ports

    Hi,
    I have a problem with an OOB deployment I am currently working on: when I move an authenticated OOB client from one switch to another, it remains stuck in the auth VLAN. It seems that NAC doesn't detect the new port correctly.
    This is what I did to replicate the issue, in detail:
    1) A computer is connected to port 'a' on switch 'A' (A[a]). The port is automatically changed to auth VLAN and authentication and posture assessment are performed.
    2) The computer passes both, and the port is changed back to the designated Access VLAN. OOB user appears in the Online Users list, and the computer is added to the Discovered (Wired) Clients list. All the detailed information on both pages is correct.
    3) The computer is disconnected. OOB user is removed from the Online Users list, but the computer remains in the Discovered Clients list.
    4) The computer is connected to port 'b' on switch 'B' (B[b]). It is automatically changed to auth VLAN and authentication and posture assessment passes successfully one more time. However, the information in the Discovered Clients list is not updated and, moreover, OOB user appears once again in the Online Users list - but the specified location is port A[a]!
    The end result is taht the computer remains stuck in the Auth VLAN and NAC Agent Authentication dialogue keeps popping out.
    I tried the reverse scenario (port B[b] to port A[a]) after manually clearing all user and client information, and the result was pretty much the same...
    Thanks,
    Boris

    Faisal,
    The configuration includes the following lines (on both switches I used for access):
      snmp-server community *** RW
      snmp-server community *** RO
      snmp-server trap-source Vlan2 (management subnet)
      snmp-server location 10.0.0.101 (NAM IP address)
      snmp-server enable traps snmp linkdown linkup
      snmp-server enable traps mac-notification change move threshold
      snmp-server host 10.0.0.101 version 2c cisco  mac-notification snmp
    Also, NAC added the following line on monitored interfaces:
      snmp trap mac-notification change added
    Is this all that is required to send MAC-change and MAC-move traps?
    I captured SNMP traps with a 'tcpdump' on the NAM and I can confirm it receives traps from both switches, with correct source IP addresses. I will try to look into a "raw" dump to see the exact traps it received...
    Regards,
    Boris

  • NAC OOB L2 VG Managed Subnet

    I have configured OOB Virtual Gateway. However, the CAS fail to detected and redirect to the login web page.
    sometime i change the managed subnet, I work...
    I wonder what exact IP address should be typed into the managed subnet?
    Suppose I have 10 trust VLANs (10,11,12,13 ...) , and i create related 10 untrusted VLAN (20,21,22,23...)
    IP address for VLAN 10: 192.168.10.0/24
    IP address for VLAN 11: 192.168.11.0/24
    IP address for VLAN 12: 192.168.12.0/24
    IP address for VLAN 13: 192.168.10.0/24
    I have tried 4.1.x version of CAM/CAS, the page allowed us to input subnet address.
    However, in 4.5.x or above, we must input host ip address. Now i upgraded to 4.7.2 versions, what IP address and VLAN should i type into this page?
    192.168.10.254/24 VLAN20
    192.168.11.254/24 VLAN21
    192.168.12.254/24 VLAN22
    192.168.13.254/24 VLAN23
    or
    192.168.10.254/24 VLAN10
    192.168.11.254/24 VLAN11
    192.168.12.254/24 VLAN12
    192.168.13.254/24 VLAN13
    also, I wanna to ask the Network page of CAS. The Set management VLAN ID of untrust interface should set to "0" ,"left it blank" or "one of trust VLAN"??
    I'm green hand in NAC...hope someone guide. Many Thanks

    Successful to get IP NOW... coz some VTP set to transparent and can't learn all VLAN.
    Even that... some issues i face.. Since User Flat network is big enough and cover thousand of switches. I find some characteristic ..
    The big flat network is using "3750 stack" as core switch. The version of IOS is 12.2(25). I did check with doc.
    Extracted as below:
    Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment
    For Cisco Clean Access (NAC Appliance) customers with OOB deployments running stacked Cisco Catalyst 3750 switches with Cisco IOS 12.2(25) SEC2 or lower, SNMP mac-notifications can fail, and SNMP does not report MAC addresses to the OOB Clean Access Manager and Server.
    So.................... my Question is:
    Although this Switches might fail to snmp notification to CAS/CAM, all other switches connected to this 3750 would fail to report snmp notification also???
    My case seems like all switches connected away from the switch connected to CAS/CAM is success performing login and authentication by CAS, However, all switches connected to this core 3750 fail to perform the login ..even no login page find..
    SW1 --- 3750 -- SW2 --- SW3 --CAS & CAM
    SW2 and SW3 could success performing CAS login.
    SW1 fail to get login page and fail to do authentication. But could get DHCP and stuck in untrust VLAN.

Maybe you are looking for

  • How can i show sales order details for specific partner in view

    Hi All,           My Requirement is that I want to display the sales order id,sataus,amount in sales order assignment block  in Customer FACTSHEET. I created a new componnet and new view for Sales Order View  using BTQRSlsOrd BOL Entity in ONEORDER I

  • Importing B&Ws glitch

    I've been trying to import some black and whites for a while now. Every time they turn out as black (sometimes even "noisy") thumbnails and the photos themselves are extremely low in contrast and negative. Even weirder, I've tried moving the contrast

  • HT4060 When I plug my iPad into charge it constantly beeps whereas in the past it just beeps once.

    When I plug my iPad Air into charge it bleeps constantly whereas in the past it just bleeped once then charged

  • Saving the PO send by email in sent items

    Hi All I am able to send PO via email to the Vendor in SAP. The trouble is that I want that PO to be saved in the sent items folder of the user's mail for the sake of record. I have checked many avenues but to no avail. Please tell me whuse to achiev

  • Anyone help me in cross tab report

    Hi All, this is my first time to build cross tab report in xml publisher my code is <?xml version="1.0"?> <!-- Generated by Oracle Reports version 10.1.2.0.2 --> <TEST> <LIST_G_SUMFIXED_ASSETS_COST> <G_SUMFIXED_ASSETS_COST> <LIST_G_ASSET_NUMBER> <G_A