Guest

Preview Tool

Cisco Bug: CSCsz86456 - CCA Agent VLAN change detect can fail with hostname-based discovery host

Last Modified

Feb 22, 2014

Products (1)

  • Cisco NAC Appliance (Clean Access)

Known Affected Releases

4.5(1)

Description (partial)

Symptom:

Issue is with Cisco Clean Access (CCA also known as NAC hardware) agent VLAN change
detect.

The agent correctly uses VLAN change detect when in the authentication VLAN and
when it is moved to the access VLAN (after the user authenticates), but once the user is
removed from the certified device list (CDL), and the port is put back into the authentication VLAN,
the agent no longer attempts to send any icmp traffic and never refreshes the IP address.

Conditions:

Issue is only observed with a hostname based discovery host address.
Issue was observed when using icmp-based VLAN change detect.  Unknown whether the issue
affects ARP-based VLAN change detect.

Issue is by its nature specific to out of band setups in which the IP address is different in the
access VLAN than the authentication VLAN.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.