Hey Shane,
Do you have users connecting from behind an IP phone?

If not, then on the port profiles, enable the "Bounce the port after
VLAN is changed" option and that will fix the issue.

User connects in, gets IP in vlan100, CAM moves user to vlan200 and will
also bounce the port now, user will now get ip address in vlan 200.

Hth
-alok

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Shane Miles
Sent: Tuesday, July 31, 2007 7:51 AM
To: [log in to unmask]
Subject: DHCP responds faster than CAS

Scenario is Layer-3 OOB and the agent is multiple hops away from the
CAS.
  
The CAS is discovered via DNS.  Initial VLAN == 100, Auth VLAN ==  200,
Access VLAN == Initial VLAN.  The problem is when the host boots it g
ets a DHCP address faster than the CAS changes the switchport VLAN to
200.  The
 
result is the host has an IP address from VLAN 100 but the switch port
is
 
now in VLAN 200.  So I have no connectivity and have to release/renew
the
 
IP after which everything works great.  SSO works, posture assessment
and
 
refreshing of the IP all work great.  Then I'll clear the certified
devic e list and "Keep Online User" and reboot.  When the host comes up
the same 

thing happens.  I tried setting the initial VLAN to the Auth VLAN but
tha t only fixes it on the first boot.  The problem re-occurs on all
subsequent
 
reboots (after clearing CDL) because the switch port remains in VLAN 100


even after the switchport loses link.  What am I doing wrong?