We have a Clean Access solution deployed in L3, In-Band. Virtual Gateway mode. Clients are working with Cisco NAC Agent
Everything seems to work fine. The agent pops up, the user is correctly authenticated, but after that the agent keeps poping up for authentication again.
Looking at the CAM, the user is correctly authenticated (they can access the access network devices with no problem), but the agent keeps asking for authentication.
I would appreciate any suggestion om that.
As some first checks, I'd verify the following:
1. Managed subnets are correctly added: a managed subnet should be an IP in the trusted vlan and linked to the untrusted vlan.
2. Static routes are configured for the CAS, pointing to the end user's subnet out of the untrusted interface eth1.
If these few checks did not show any improvements, you may consider opening a TAC case for some more advanced investigations:
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
I have already check those points, and they are correct. The behaviour is still the same.
Thank you anyways.
The problem has been solved.
On the version of code we are running (post 4.5) managed vlans are no longer needed for remote L3 users. They are replaced by static routes.