Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
2
Replies

NAC Agent never seems to initiate communication with CAS

colmfahy
Level 1
Level 1

‎11-10-2010 03:25 AM - edited ‎02-21-2020 04:09 AM

I can (occassionally) get the pilot NAC devices to log-in to the CAS server through a combination of restarting the NAC Agent service, re-starting the NAC Agent UI, and bouncing the port.

My configuration is an L3 OOB GW - my issue does not seem to be with NAC but rather with getting the agents to initiate communication with the CAS in the first place.

I am using NAC CAM/CAS 4.7.2 and agent version 4.7.2.10

The unauthenticated/untrusted roles have been allowed full unrestricted inbound access through the CAS as part of the troubleshooting process.

I have attached a copy of the report generated by the log packager utility on a machine which was failing to log-in.

(incidentally I note on every machine I have attempted to run the log packager on that the 'log agent plugin' fails to return a response within 300 secs and hence does not generate any useful output. - is there ANY way to get visibility into these logs eithere through a different utility/viewer or by entending the 300-second timeout when packaging logs?)

Thanks in advance

Colm

74989-CiscoSupportReport.zip
0 Helpful
2 Replies 2

Lauren Sullivan
Level 1
Level 1

‎11-10-2010 02:29 PM

Yeah, it looks like there's something weird going on with the agent - the only log included only goes from Nov 9th 15:06:58 to 15:07:15 and basically just covers the NAC service launching the GUI. 

Is this virtual gateway or real IP gateway?  If you go back to blocking port 80 and 443 traffic on the CAS, do you get redirected to the CAS when you open up the web browser?

0 Helpful

colmfahy
Level 1
Level 1
In response to Lauren Sullivan

‎11-11-2010 08:10 AM

Attached is a new log generated today for comparison... without the ability to interpret these logs files myself I'm not sure if they are of any more use than the last set.  (this log was generated on a user workstation that has the agent installed but is NOT logging in to the CAS.

The CAS in this case is a (pair of) Real IP Gateway(s) configured OOB.

In response to your question - it is possible on any of these workstations to log into the CAS using the WEB login (by explicitly typing the IP address of the url for the cas) - did you want me to specifically deny 80 and 443 traffic and then see if any attempted web connection will result in a prompt within the IE window?  (I can consider doing so although there is a proxy server in use on site which is situated 'behind' the CAS from the perspective of these users)

Is there anything unusual about the fact that one of the plugins initiated by the log packager never completes within the 300 seconds or is this something you see fairly regularly?

75084-CiscoSupportReport.zip
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card