We have seen the following situation in our lab testing.
The scenario is Layer-3/OOB using a 3750 and the agent installed. When
a device is NAC'ed it gets put onto the certified device list and placed
into the Access VLAN. That seems to work. If the device is flushed
from the certified device list either through a timer or manual
intervention the switch port gets put back into the Auth VLAN. The
problem is the PC does not know this and still has an IP address from
the Access VLAN so all connectivity is lost. The user would have to
reboot, ipconfig/release/renew or unplug the NIC to get an IP address in
the Auth VLAN before getting certified again. We will want to flush
this list routinely and PCs don't get rebooted on a regular basis here.
