Topology description :
CAS: Untrusted port connecting Internet , Static public IP address A , Trust port -same static public IP A address as untrusted port
CAM: Static public IP address B within the same subnet of CAS ,and connected to trust port
Protected Host: static public IP address C , is connected to CAS trust port
Static public IP address A,B, C are in within the same subnet
Internet-----(Untrust port of CAS ,Trust port of CAS) ------------Switch01
Switch01 ------------------------- CAM
Switch01 -------------------------- Protected Host
Symptom :
when a client PC from Internet access the IP address of Protected Host by http , the IE browser can be redirected to CAS authentication page , and ActiveX alarm pop up , web agent is installed as normal ,and user can login the network successfully .
CAM can detect the client OS version , but CAM cann't get the client's MAC address (shown as 00:00:00:00:00:00) , and the user is only listed in online users ,but not showed as certified device .
In CAM's User Page tab , we checked "using web client to detect MAC address "
In CAS's static route configuration page , we added a static route to client PC's subnet .