Thanks to everyone with their insight and suggestions.  We'll be eagerly

looking forward to that feature in an upcoming release, Nick C.  ;-)





On 4/12/07 10:25 AM, "David Stempien" <[log in to unmask]>

wrote:



> Scenario:

> 

> 

> 

> A user has a laptop which is plugged into a wired connection (non-CCA) and a

> 

> wireless connection (CCA).  Both interfaces are active.

> 

> 

> 

> If the user has not-yet-authenticated with the Clean Access Agent, it will

> 

> pop up and ask the user to do so.  User does, but the agent either keeps

> 

> popping back up to ask for credentials again and again, or it eventually

> 

> times-out with an error 500.  I assume the agent is discovering the Clean

> 

> Access server on the wireless connection, but it is sending its traffic to

> 

> the Clean Access server out of the preferred wired connection, thus causing

> 

> this behavior.

> 

> 

> 

> If the user was using wireless-only and had successfully logged into CCA,

> 

> then later plugged into the wired connection, there's no harm done.

> 

> Although I suspect when we later migrate the wired connection to CCA we will

> 

> experience additional pains regarding interface confusion within the CCA

> 

> agent.

> 

> 

> 

> 

> 

> Question:

> 

> 

> 

> Obviously, this is a user training issue (if you're using a wired network

> 

> connection, shut off your wireless first).  Until Microsoft fixes this

> 

> behavior with their wireless network control or Cisco makes the agent

> 

> interface-aware or we recommend a third-party wireless supplicant which can

> 

> automagically shut down the wireless interface, I'm wondering if anyone else

> 

> might have and idea for another technical solution for this problem?

> 

> 

> 

> 

> 

> Thanks,

> 

> 

> 

> --

> 

> Dave Stempien, Network Security Engineer

> 

> University of Rochester Medical Center

> 

> Information Systems Division

> 

> 585-784-2427

> 

>