I just had a TAC case on this same issue after upgrading the system from 4.1.1 to 4.1.3.1. Turns out that if you have the IP the same on both interfaces and you are running in HA Failover mode you have to go to the CAS config page and set the ip address of the Trusted and untrusted side to the same service ip address. It wont start the service ports and will behave exactly like you say. We set this and rebooted and suddenly life was happy.
David L. Pifer - N9YNF - CCNA Network Engineering Services Indiana State University, Office of Information Technology 210 N. 7th St., Rankin Hall R044, Terre Haute, IN 47809 812.237.2923 office 812.237.4361 fax >>> "Stempien, Dave" <[EMAIL PROTECTED]> 5/13/2008 07:57 >>> The switch is configured as a managed device, and the CAM and CAS are on different subnets. I am able to authenticate via a web browser by opening up the IP address of the CAS manually, and everything else seems to work as expected (switch port VLAN reconfiguration/bounce/etc.) The web redirection isn't happening, nor is the client automatically popping up. Via tcpdump, I'm seeing the SWISS packets arriving on the untrusted interface of the CAS. Still stumped... On 5/13/08 7:37 AM, "Northcutt, Kevin A. (Information Services)" <[EMAIL PROTECTED]> wrote: > Are they all on different subnets? > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of Osborne, Bruce W. > (NS) > Sent: Thursday, May 08, 2008 4:25 PM > To: [email protected] > Subject: Re: L2 OOB Virtual Gateway Configuration Problem > > Have you configured your switch as a managed device? > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[EMAIL PROTECTED] On Behalf Of David Stempien > Sent: Thursday, May 08, 2008 4:14 PM > To: [email protected] > Subject: [CLEANACCESS] L2 OOB Virtual Gateway Configuration Problem > > I have exhausted my troubleshooting options for what should be a > simple configuration. I am trying to add a new CAS as a L2 OOB > Virtual Gateway. I've configured L2 IB Virtual Gateways many times > with no problem. It appears the configuration in OOB mode is very > similar to the IB. Here's what I've done: > > - Added CAS to CAM as L2 OOB Virtual Gateway > - Under managed subnet, added IP for untrusted VLAN > - Configured VLAN Mapping for untrusted -> trusted VLANs > > DHCP passthrough works just fine. I can do everything on my test host > as permitted by my Unauthenticated Role. On my test host, I even have > ARP resolution for the managed subnet IP on the CAS. > > For the life of me, I can't figure out why the agent is not popping up > or why web page redirection isn't happening. It's almost as if the > CAS is not seeing my host traffic, or maybe it's just ignoring it. I > find that hard to accept given my observations in the previous > paragraph. > > Is there something special about the OOB configuration that I may have > overlooked? > > Thanks in advance for any advice! > > -- > Dave Stempien, Network Security Engineer > University of Rochester Medical Center > Information Systems Division > (585) 784-2427
