We have been experiencing a similar problem also. We are running both our CAS pairs in L2 Real-Gateway mode. We are running v4.1.3 and v4.1.3.1 of the Windows Agent using Clean Access for the DHCP server.
I have a TAC case open with Cisco on this problem but so far we haven't really found what the problem really is. We hand out /29 addresses to our clients. Check you client and see that they are receiving the correct gateway address from the Clean Access DHCP server. What I'm seeing is that for random /29 subnets within my bigger /23 network which are managed by Clean Access it is giving the wrong gateway address out. You can try creating a reserved address for one of your clients so they pickup a different IP and in a different subnet if you are using smaller /29 or /30's. I'd like to go back through my config and remove the managed VLAN that is experiencing the problem and let it re-create the auto-generated subnets to see if that solves the problem. Still waiting for Cisco to call me back to walk us through that and make sure it's not going to hose anything else. I'm hoping that fixes it, but I still don't know what the cause is - - we haven't changed the config since the start of this semester and this just started happening about 2 weeks ago. --greg Gregory A. Fuller - CCNA Network Manager State University of New York at Oswego Phone: (315) 312-5750 http://www.oswego.edu/~gfuller On Wed, 13 Feb 2008 11:44:31 -0800, Mahabub Alam <[EMAIL PROTECTED]> wrote: >Hello: > >This issue started few days ago. This building is a L3 segment to the >CAS. New students can get a IP address and can install the CCA agent >just fine. But after that the agent never pops up and let them login. If >the users moves to another building which is a L2 segment to CAS, the >agent pops up just fine. Now, if I use an laptop with CCA agent >installed which worked previously from the L3 building works just fine >now. But now the problem is isolated to only new CCA agent installation. >After the agent gets installed, I can ping both the CAS and CAM from the >laptop. So, IP connectivity is there from the laptop to the CAS and CAM >server. There is not access list on the any routers that will prevent >UDP 8906 packets. > >I did a tcpdump and grepped for udp 8906 on the cas server and found the >following: > >11:31:48.555663 IP dhcp-10-12-0-186.dyn.csudh.edu.37597 > cam1.8906: >UDP, length 83 >11:31:48.555674 IP cam1 > dhcp-10-12-0-186.dyn.csudh.edu: icmp 119: cam1 >udp port 8906 unreachable >11:31:50.352120 IP A01270-39XV741.dyn.csudh.edu.1317 > cam1.8906: UDP, >length 92 >11:31:50.352127 IP cam1 > A01270-39XV741.dyn.csudh.edu: icmp 128: cam1 >udp port 8906 unreachable >11:31:50.506156 IP 10.148.0.195.1404 > cam1.8906: UDP, length 83 >11:31:50.506164 IP cam1 > 10.148.0.195: icmp 119: cam1 udp port 8906 >unreachable >11:31:50.885464 IP A01270-39XV741.dyn.csudh.edu.1317 > cam1.8906: UDP, >length 92 >11:31:50.885471 IP cam1 > A01270-39XV741.dyn.csudh.edu: icmp 128: cam1 >udp port 8906 unreachable > >I am not sure what this port 8906 unreachable means. Does it mean that >CAM is not listening on 8906 and it is supposed to? > >This is a very weird problem and is frustrating. Hope someone can help. > >Thanks. > >------------------------------------ >CSU Dominguez Hills >Mahabub Alam >Network Analyst >[EMAIL PROTECTED] >1000 East Victoria St, >Carson, CA 90747 >tel: 310-243-2430 >------------------------------------
