We were able to track this down to a switch configuration problem. the switch was only
sending SNMP trap information to the old CAM and not the new one. Once we corrected this
it worked as it had in our test environment. Sorry to have asked for naught (maybe this
post will help someone else someday?)
--
Isabelle Graham
Information Security
American University
Isabelle Graham wrote:
We are working on a layer 3, out of band deployment for portions of our
network. We had set up a fully functional model in our test network
using one of our production CAS pairs. We recently moved the CAS pair
from the test CAM back to the production CAM and added the port and
switch profiles, as well as the production switch (which was also used
in testing). Since this migration none of the devices on CCA controlled
ports are showing up in the Discovered Clients table, the Certified
Devices table nor the Online Users table. As a result, the users could
not be decertified and were allowed constant access. We double checked
the configuration and tried removing the switch, manually stetting the
VLANs for those ports to the in band VLAN, then re-adding the switch and
converting the users to out of band again through the web interface on
the production CAM, but the problem persists. When in the authentication
VLAN, the client and the web based login page give an error to the
effect that the MAC address of the device cannot be found. Has anyone
run across this?
