Re: Reauthenticate by NAC

alex goshtaei · ‎08-21-2012

Hi All,

we have deployed L3 in-band scenario for wireless 2 years ago and the solution was working without any problem. we have upgrade wireless controller to 5508, since then, when users login to the first page and certified, and they want to browse to the internet, NAC redirects the web page and ask for authenticatin again, despite the users' devices are being shown as certified devices in the list.

any suggestion would be appreciate.

thanks

Alex

Tarik Admani · ‎08-22-2012

Hi can you check your floating device, seems that with the hardware change this will cause the Nac solution the see the same ip from two Mac addresses, one from the agent and the other from the network.

Thanks,

Sent from Cisco Technical Support iPad App

alex goshtaei · ‎08-22-2012

Hi Tarik,

thanks for the reply, we are not using clean access agent, only use web login. should I add WLC device as floating device to the NAC to fix this problem?

thanks

Alex

Tarik Admani · ‎08-22-2012

Yes if you are using the webportal, you can detect the clients mac address by using the java tools so that can also pose the disconnect as to which mac address is learned from the respective ip address. Do you have a floating device configured that shows the old mac address from the controller that existed before the upgrade?

Thanks,

Tarik Admani
*Please rate helpful posts*

alex goshtaei · ‎08-22-2012

no, I haven't configured floating device.

alex goshtaei · ‎08-22-2012

How about rebooting the NAC appliances. is it going to help and remove old MAC addresses ?

Tarik Admani · ‎08-22-2012

Please check and see if you have any entries configured here:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_cca.html#wp1040166

Thanks,

Tarik Admani
*Please rate helpful posts*