I saw the same thing in our setup (4.0.x, Inband, Real IP Gateway, HA) in mid December that happened out of nowhere without any configuration changes.
We have two other CAS pairs that configured identically and I was able to move the managed subnets from the problematic CAS pair to them and they worked without a problem. I was assuming that we would have to wipe and reload the problematic CAS but we tried the upgrade to 4.1.3 and haven't seen any problems since. It was a rather bizarre problem - Did you try adding a static ARP entry to your client? ________________________________ Walt Howd Network Systems Admin Information Technology Services Truman State University SunGard Higher Education Managed Services 100 East Normal Street Kirksville, MO 63501 [EMAIL PROTECTED] -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of William Doyle Sent: Thursday, January 10, 2008 12:34 PM To: [email protected] Subject: CAS blocking arp reply Good Day, I am testing out 4.1.3 and seeing some odd behavior. The agent and CAS are on the same subnet. When The agent is started the workstation arps the gateway address but there is no reply. It continues to arp and the SWISS protocol packets fail to transmit. When I make a static entry of the gateway mac in the arp cache everything is OK and the SWISS packets transmit and the Agent pops up as it should. This happens with different computers which do transmit SWISS protocol packets after successfully arping the gateway. I entered the mac of the gateway in the filter/allow list but same results. I've opened a case with TAC but haven't heard anything yet so if anybody has a clue what might be going on I'd greatly appreciate hearing about it. Thanks Bill Doyle International House UC Berkeley
