Hi all, After a year-plus hiatus in evaluating NAC, I¹ve been told to dust off our rather large junkpile of 3350s and give another evaluation a go. Seems like the higher powers here are going to require NAC at some point, and we either eat our own dog food or someone else¹s. Personally, I like knowing where my Alpo comes from, so here I am.
At last evaluation, we were using 4.1.8. At that time, the Active Directory/SSO integration was too painful to bear, forcing us to shutter this for awhile. Of course, we subsequently removed all our NAC gear from maintenance to save a few jobs' worth of cash. You know, in these troubled economic times and all... In the last few days, I installed 4.7 fresh on a HA-pair of CAMs and an HA-pair of CASes. HA is working fine. However, when I try to add the HA CAS pair to the HA CAM, I get, ³Failed to add server: Could not connect to 10.145.143.3" <--- HA address of our CAS-pair. Seems like I can ping it just fine from the CAM. I've tried using authorization and no-authorization techniques, made sure the SSL certs were common within each HA pair, copied/pasted the DNs into the authorization fields as suggested in Cisco's documentation, etc. I rebooted each of the CAMs and CASes multiple times. I re-ran the perifgo config script to ensure the master password was the same, and so on... Oh, and I did install a license in the CAM for the CAS I'm trying to import! I'm going to try to sneak a new service request into TAC. Maybe even pester our Cisco SE for some help if that doesn't work. In the meantime, does anyone recognize my problem or have any tricks to share? I'm guessing this new CAS/CAM association technique started around 4.5. I've been lurking in this mail list even though I myself haven't been active in quite awhile. Seen lots of people leave for other solutions. Seen even fewer discussions around 4.5+ releases. Hoping that this list isn't quite dead yet! Thanks for any advice! -- Dave Stempien University of Rochester Medical Center Information Systems Division Networking/Security/Communications (585) 784-2427
