Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
4
Replies

Cisco Clean Access Server eth0 port inactive on install

bconnaghan
Level 1
Level 1

‎03-26-2008 06:39 AM - edited ‎03-09-2019 08:22 PM

I am trying to learn how the Cisco NAC appliances work. I have created a small self-contained test network with a Server 2003 domain controller, a fake domain setup and some workstations joined to the domain.

I have two NAC appliances, one is the Server and one is the Manager.

When I follow the instructions from the manual to install the server from the CD everything seems to go fine. I plan to use it as a bridge in the network so I applied the same IP address to both the eth0 and eth1 interface (the eth1 interface is not connected to the network during install as per instructions)

Here is the issue I am having: After configuration is finished and the CCA server re-boots, I cannot ping the server when it is connected by eth0. If I swap the network cable over to eth1, however I can ping the device.

Is this normal?

Labels:
0 Helpful
4 Replies 4

cleidh_mor
Level 1
Level 1

‎03-26-2008 11:49 AM

I'm pretty sure that on some models of NAC appliance, the eth0 and eth1 labels are the wrong way round, possibly due to the way that Linux labels them.

0 Helpful

bconnaghan
Level 1
Level 1
In response to cleidh_mor

‎03-26-2008 04:00 PM

That will screw up the licensing then, I think, since I had to give them a MAC address to generate the license file.

Also, when I use the CD to set up the clean access Manager on the other box, I don't have the same problem. eth0 is pingable by IP address.

And...get this. I thought that maybe the NIC was bad, but I tried swapping the machines. Installing manager on Appliance 1 and Server on Box 2 (reverse of the way I did it originally) and the same thing happened. eth0 was not pingable.

0 Helpful

ddrodge
Level 1
Level 1
In response to bconnaghan

‎03-27-2008 07:04 AM

I have the same issue. But it gets even stranger; I had the CAM/CAS working in a test LAN enviroment, got the AD SSO to work by appllying VLANs based on AD group membership of the user logging on. Client was pleased.

Move the two NAC devices to their location and reloaded clean both CAM & CAS from CD, did the same configuration and now eth0 (Trusted) can't see the AD domain controller but can see the CAM. I ran nslookup on the CAS to test the network settings and the result is no server found - the DNS server is the AD domain controller.

0 Helpful

ddrodge
Level 1
Level 1
In response to ddrodge

‎04-09-2008 04:30 AM

I had to add a static route for the VLAN IP address that the DC is on. CAS is available from every VLAN now. AD SSO works with role based VLAN assigned via group membership.

0 Helpful
Customers Also Viewed These Support Documents