Daniel,
What mode is your CAS? We are currently running Layer 2 Virtual Gateway (In-Band & Out-of-Band). In this mode, the CAS will not talk with anything on its subnet except the default gateway, That's why the CAS & CAM need to be on separate subnets. I hope this helps. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Sichel Sent: Friday, January 11, 2008 11:21 AM To: [email protected] Subject: [CLEANACCESS] CAS blocks arp >I am testing out 4.1.3 and seeing some odd behavior. The agent and CAS are on the same subnet. When The agent is started the workstation arps the gateway address but >there is no reply. It continues to arp and the SWISS protocol packets fail to transmit. When I make a static entry of the gateway mac in the arp cache everything is >OK and the SWISS packets transmit and the Agent pops up as it should. This happens with different computers which do transmit SWISS protocol packets after >successfully arping the gateway. > >I entered the mac of the gateway in the filter/allow list but same results. I am encountering the same issue here. No response from Active Directory Servers who had been responding fine. A packet dump shows requests but not replies. There was a change in the click router on the CAS to fix a problem with flat networks that may have something to do with this. It allows, in affect VLSM so you can have authentication server traffic go out the secure port even though the addresses of the server on the same network as a client on the insecure interface. Don't know if this has anything to do with the issue, but I thought I would mention it. I would be very interested to hear the resolution. Thanks, Daniel Sichel, CCNP, MCSE,MCSA,MCTS Network Engineer Ponderosa Telephone [EMAIL PROTECTED]
