Hi,
I have a clean access server configured as OOB real IP gateway.
The clients are placed in authentication VLANs on the edge of the LAN that are a couple of L3 hops from the CAS.
We have policy based routing configured to pass client traffic from the authentication VLANs to the CAS.
Once the client is certified it is popped into the clients access VLAN.
All worked ok except that the NAC agent keeps popping up after successful login, attempting to login again.
I have now deployed an ACL to drop traffic from the client Access VLANs to the CAS so the client doesn't keep poppin up.
As far as I can see there is a SWISS service running with the agent that keeps sending data packets to the CAS and causes ths agent in our case to keep trying to authenticate again and again. The ACL I created prevents these packets and stops the continuing login attampts.
The annoying this is that the client can't update its user IP details in the CAM logs when I apply this ACL.
Is this by design? I would have thought once the client is logged on then the agent wouldn't need to keep trying to log on again.
The CAS/CAM/agents are running at version 4.7.2