03-09-2012 05:53 AM - edited 03-10-2019 06:53 PM
Hello all,
I've been thrown a half done NAC installation and this being my first nac deployment, I am feeling a bit overwhelmed.
I've read the installation guide for the appliances back to front, but I am encountering an issue after adding a cas to the cam.
I am able to add the cas to the cam successfully, but almost immediately, the cas and cam can no longer ping each other from the cli.
the event logs states that the cas in connected to the cam, but then logs a error that the cam is unable to push the registration page to the cas. from this point I get several event log issues stating that the cas is out of sync
I've copied out a part of the nac_manager.log that show's the connection process:
2012-03-09 22:33:06.037 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartServer - SSS - connect : get new connectorClient for 10.0.0.100
2012-03-09 22:33:36.433 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartManager - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart
2012-03-09 22:33:38.434 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartManager - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart
2012-03-09 22:33:40.436 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartManager - SSM - addSecureSmartServer : Sleep for 2 seconds for click to restart
2012-03-09 22:33:42.438 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartManager - SSM - addSecureSmartServer : Click state STOPPED
2012-03-09 22:33:42.617 +1100 [TP-Processor24] WARN com.perfigo.wlan.web.admin.SecureSmartPublisher - NAC server 10.0.0.100 is out-of-sync.
2012-03-09 22:33:42.702 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.FilePublisher - FilePublisher - write:setPath failed ...
2012-03-09 22:33:42.793 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.FilePublisher - FilePublisher - write:setPath failed ...
2012-03-09 22:33:42.833 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher - SSM publishAccess: Unable to publish guest registration page
2012-03-09 22:33:42.872 +1100 [TP-Processor24] INFO com.perfigo.wlan.jmx.admin.FileUtil - FileUtil - readFile : /perfigo/control/conf/os-detection.fp
2012-03-09 22:33:42.887 +1100 [TP-Processor24] ERROR com.perfigo.wlan.web.admin.AccessConf - Failed to enable ETH1 on 10.0.0.100
2012-03-09 22:33:42.888 +1100 [TP-Processor24] ERROR c.perfigo.wlan.web.admin.AdminIpAccessInfoManager - AIAIM - publishAccess : failed
2012-03-09 22:33:42.888 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.ServerConf - SC - stopOobSWissServer()
2012-03-09 22:33:42.905 +1100 [TP-Processor24] INFO com.perfigo.wlan.web.admin.SecureSmartManager - 10.0.0.100 added to Clean Access Manager
2012-03-09 22:33:46.922 +1100 [pool-1-thread-1] ERROR com.perfigo.wlan.web.admin.ConnectorClient - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:
java.net.SocketTimeoutException: connect timed out
2012-03-09 22:33:46.922 +1100 [pool-1-thread-1] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher - SSP - connectAndPublish: Could not connect to 10.0.0.100
2012-03-09 22:34:01.614 +1100 [pool-1-thread-2] ERROR com.perfigo.wlan.web.admin.ConnectorClient - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:
java.net.SocketTimeoutException: connect timed out
2012-03-09 22:34:01.615 +1100 [pool-1-thread-2] ERROR com.perfigo.wlan.web.admin.SecureSmartPublisher - SSP - connectAndPublish: Could not connect to 10.0.0.100
2012-03-09 22:34:01.627 +1100 [pool-1-thread-2] WARN com.perfigo.wlan.web.admin.SecureSmartPublisher - NAC server 10.0.0.100 is out-of-sync.
2012-03-09 22:34:05.628 +1100 [TP-Processor19] ERROR com.perfigo.wlan.web.admin.ConnectorClient - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:
java.net.SocketTimeoutException: connect timed out
2012-03-09 22:34:20.618 +1100 [pool-1-thread-3] ERROR com.perfigo.wlan.web.admin.ConnectorClient - Communication Exception : Could not connect to the Clean Access Server Exception creating connection to: 10.0.0.100; nested exception is:
java.net.SocketTimeoutException: connect timed out
I've followed all the installation guides recommendation of disconnecting the untrust interface on the CAS and there is no HA setup presently...
What I don't understand is the cas and cams inability to ping each other but they can ping other devices on the network. The cas and the cam are in different vlans.
Any assistant from a NAC guru would be greatly appreciated.
Thanks
JS
Solved! Go to Solution.
08-13-2012 01:17 AM
Thanks a lot man...you saved my day
03-14-2012 12:13 AM
Hi All,
Not that there was a ton of help, but I got it sorted myself. Turned out that I needed to tag the management vlan on the eth0 interface.
The cisco NAC appliance hardware document is pretty vague around this setting, but it turns out I had to tag the management vlan on that port to allow the CAS to connect to the CAM.
Now to try to workout why a simple layer 2 connection between the two eth2 interface on my CAS servers for the heartbeats isn't communicating....any ideas of this.....anyone?
JS
08-13-2012 01:17 AM
Thanks a lot man...you saved my day
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide