yes, it must be enabled. Upgrading by default disables it. "L3 capability will be disabled by default after upgrade or new install of 3.5(5), and enabling the feature will require an update and reboot of the Clean Access Server." Having L3 enabled by default opens a tremendous security hole with users of routers. Due to the nature of NAT, only 1 user has to validate behind the router thus any other devices are allowed out. This problem is compounded when users bring wireless nat routers up.

Simon


>>> [log in to unmask] 9/6/2005 1:41 PM >>>
We are also having trouble with Agent 3.5.6 and the use of routers.  When
the user behind a wired or wireless router updates to v3.5.5, the "login"
remains greyed out, and they are unable to do the automatic upgrade to
v3.5.6 and cannot log in afterwards.  They were fine under version 3.5.4!

This may be due to the new default stance for v3.5.5 servers is that support
for multi-hop L3 is off by default.  Does anyone know if this must be
specifically enabled to allow the use of wireless or wired routers on a
managed network?

-Bill
Network Security Administrator
Housing Technology
Colorado State University