Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
0
Helpful
2
Replies

Nac - web login pop-up with oob L3

jaume.cervello
Level 1
Level 1

‎12-01-2010 10:19 AM - edited ‎02-21-2020 04:10 AM

Hi,

we've got a L3-real ip oob implementation.

One of the roles use web login authentication and vlan change based on user role. The users are able to authenticate but the pop-up showing the session time and the logout button doesn't appear.

Does The pop-up work in a L3 oob implementation? are there any special requeriments for the pop-up?

If users can't logout manually the switch ports are not moved back to the authentication vlan so we have to wait until the certified devices timers (one per day for roles based on web authentication)

Is there any workaround for loging out users or moving back ports to authentication vlan? (apart from nac agent or nac web agent)

Regards,

Jaume

0 Helpful
2 Replies 2

Lauren Sullivan
Level 1
Level 1

‎12-01-2010 10:51 AM

Hi Jaume,

In pre-4.8 setups, there's no logout button.  Basically, the design then was that once the user was in the access VLAN, they should no longer communicate with the CAS, and if they can't communicate with the CAS, they can't log themselves out.  If the devices are directly plugged in to the switchport, you can use SNMP linkdown traps to remove them from the OUL, but if they're behind another device like an IP phone, pretty much the only option is to use a CDL timer.

4.8 introduced the OOB logoff feature, which will work as you described - that is, users stay in communication with the CAS even in the access VLAN, and can log themselves out either through the agent or by logging off of Windows.  Here's some more information on that: http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/48/48rn.html#wp1105594

Thanks,

Lauren

0 Helpful

jaume.cervello
Level 1
Level 1
In response to Lauren Sullivan

‎12-01-2010 04:10 PM

Hi,

thanks for your answer.

We are using 4.8 and we've implemented oob logoff feature and it's working as expected. The problem is that feature is for users or roles with nac client.

My question was regarding a role based on web authentication (without client). I think the only way to logout those users is using the logout feature from the pop-up. But that pop-up is not shown to the users. Should it appear to the users or is just an inline feature?

REgards,

Jaume

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card