Have you configured your switch as a managed device?

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of David Stempien
Sent: Thursday, May 08, 2008 4:14 PM
To: [log in to unmask]
Subject: [CLEANACCESS] L2 OOB Virtual Gateway Configuration Problem

I have exhausted my troubleshooting options for what should be a  
simple configuration.  I am trying to add a new CAS as a L2 OOB  
Virtual Gateway.  I've configured L2 IB Virtual Gateways many times  
with no problem.  It appears the configuration in OOB mode is very  
similar to the IB.  Here's what I've done:

- Added CAS to CAM as L2 OOB Virtual Gateway
- Under managed subnet, added IP for untrusted VLAN
- Configured VLAN Mapping for untrusted -> trusted VLANs

DHCP passthrough works just fine.  I can do everything on my test host  
as permitted by my Unauthenticated Role.  On my test host, I even have  
ARP resolution for the managed subnet IP on the CAS.

For the life of me, I can't figure out why the agent is not popping up  
or why web page redirection isn't happening.  It's almost as if the  
CAS is not seeing my host traffic, or maybe it's just ignoring it.  I  
find that hard to accept given my observations in the previous  
paragraph.

Is there something special about the OOB configuration that I may have  
overlooked?

Thanks in advance for any advice!

--
Dave Stempien, Network Security Engineer
University of Rochester Medical Center
Information Systems Division
(585) 784-2427