Subject: | |
From: | |
Reply To: | |
Date: | Mon, 23 Oct 2006 13:35:28 -0400 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Hi folks, happy I found this list. Great information!
We're a University using CCA for our wireless network. I just deployed CCA
3.6.4 this past August so I'm still learning. Our CCA CAM/CAS is 3.6.4.1,
in-band, virtual gateway mode.
I made the mistake of configuring our CAS with a public IP address not
considering the ramifications. When my wireless clients return home, I can
see lots of hits against port 8906/udp to our CAS on our campus firewall.
They don't make it of course. I now realize I should have used a private
address so this wouldn't happen.
However, after reading through this list, I now understand that the
udp/8906 packets are L3 discoveries from the Agent. I don't need L3 as we
run Virtual Gateway mode and our wireless clients are all local to the
CAS. Under Device Management I do NOT have either the "Enable L3 Support"
or "Enable L2 strict mode for Clean Access Agent" checked but I did
specify my CAS as the Discovery Host.
So, can this be fixed without changing my CAS IP address (which I really
don't want to do mid term)? Should I remove the Discovery Host altogether?
Should I change the Discovery host to a local host with a private address
(one that won't resolve in DNS from home)? If I change this, what will
happen to existing Agent users? Will they be prompted to download
(upgrade) the agent again?
If I can't fix this for existing users, I'd like to at least make it right
for new users of the system. Any help would be appreciated.
Thanks,
-Mike
|
|
|