04-02-2008 03:09 AM - edited 03-09-2019 08:25 PM
Hi,
I have installed CAM & CAS with 4.1.2 & configured everything was working fine.Then I upgraded to 4.1.3 then all the configuration of the CAs had to be done again.After cnfiguring I am facing a problem. When I am bouncing the port the port vlan changes to unauthenticated vlan but its not redirecting to download the Agent. I doubt I have mistaken something in the traffic policy.
Can anyone pls guide me in this regard?
Thanks in advance
Sachi
04-02-2008 04:16 AM
Hi, Sachi
Client can download caa agent if
1. his credentials are ok
2. in the Device Management > Clean Access > General Setup >Agent Login u have marked
Require use of Clean Access Agent (for Windows & Macintosh OSX only)
04-02-2008 11:55 PM
Hi Varnavsky,
Thanks for ur response.
Yes it is marked.
The problem is its not redirecting when you try to access network.Only thing happening is its changing to authentication vlan.Do you think any problem in traffic policy?
Thanks again
Sachi
04-02-2008 04:25 AM
Sachi,
I've a question for you. When the authorized client turns off does your switch port change its vlan from access to autentication?
04-07-2008 04:29 AM
1. Can u check whether the SSL Certs are issued to the correct IP addresses?
2. Do u have a Proxy Server for redirection?
then enable proxy IP on the NAS.
3. Is time synchronized betweel all NAC devices?
4. Is name resolution and DNS working fine and configured correctly?
kindly confirm.
04-07-2008 11:42 PM
Hi Ram,
Thanks for ur valued response.
I have checked all the issues u have mentioned. Everything is ok. Still its not redirecting to the Agent download page.
Thanks again
Sachi
04-16-2008 04:28 AM
Hi, Sachi.
Can you explain -When I am bouncing the port the port vlan changes to unauthenticated vlan but its not redirecting to download the Agent.
Do you mean that when the pc is in the unauthenticated vlan the caa does not pop-up?
Or smth else?
04-16-2008 06:44 AM
HiVarna,
Actualy after taking the port under control when I am trying to access anything it should redirected to CAS to download the agent & install it. This redirection is not happening.
Thanks in advanse for ur response
Sachi
04-16-2008 09:17 AM
Hi.
To get redirection the client should open his web-browser with some url and before this client's pc should get correct ip address, default gw, dns server and may be some other type of data from the dhcp-server.
After this your client sends dns request to the dns which is learned from the dchp server to explore the ip adddress of the web-server.
Your NAC server should pass-through dhcp and dns requests to the servers.
After the client's pc has got the ip-address from the dns it will try to connect to this web-server.
And only then your NAC Server catchs http traffic from the client pc and the client should see the login page asking for his credentials.
Are you sure that your dhcp, dns are correct?
Check them, pls.
To get the login page for credentials you should add it to the NAC Manager through Administration > User Pages > Login Page > Add.
May be this helps you.
Regards
07-24-2008 06:06 AM
I'm facing a similar problem. My DHCP is allocating address and parameters correctly but DNS is unreachable from the untrusted segment. DNS is reachable from the CAS itself but it's not letting it through or relaying from unauthenticated clients. What can I check to figure out what is wrong ? Any help appreciated :)
07-24-2008 06:08 AM
I'm facing a similar problem. My DHCP is allocating address and parameters correctly but DNS is unreachable from the untrusted segment. DNS is reachable from the CAS itself but it's not letting it through or relaying from unauthenticated clients. What can I check to figure out what is wrong ? Any help appreciated :)
07-24-2008 07:12 AM
I got it sorted ! The CAS is forwarding the IP packet containing DNS requests and the DNS server lacked of a route entry back to requester.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide