Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
0
Helpful
1
Replies

What would cause NAC to issue an Untrusted and Trusted IP Address at the same time?

karendrew
Level 1
Level 1

‎10-05-2011 12:18 PM - edited ‎03-10-2019 06:27 PM

We have c3750s running NAC 4.8.  Occassionally, a workstation will flap between the untrusted and trusted vlans.  We updated the NIC drivers on the workstation, we verified SNMP was functioning correctly on the switch, and we allowed the phones to act as the pass-through between the workstation and the switch.  What could cause the workstation IP Address to not redirect to a TRUSTED VLAN from the NAC_UNTRUST VLAN?  All updates have been downloaded to the workstation.

Labels:
0 Helpful
1 Reply 1

Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎10-06-2011 11:22 AM

Hi Karen,

If I understand the problem correctly, it is an OOB setup, with PCs behind IP phones, and sometimes, authenticated users, are put back in the unauthenticated role. (or, users in access VLAN are put back into authentication VLAN even though they didn't log off).

1. Is there any session timeout for the role that they are in when they are authenticated?

2. Is some one else connecting to the same phone? (Cisco IP phones can act as a 3 port switch. 1 port for the phone, and upto two computers). When the switch learns a different mac address, it sets the port to authentication vlan, since that mac address is not in the trusted user list.

3. Is this issue reproducible easily and consistently?

4. What happens on the user pc, when the VLAN changes back to authentication VLAN?

5. If possible, please collect the cam trace logs at the time of the incident, and post them here.

Live logs can be collected using the command "tail -f /perfigo/control/tomcat/logs/nac_manager.log" on the CAM CLI.

-Shrikant

0 Helpful
Customers Also Viewed These Support Documents