We are running Virtual Gateway Mode In-Band on CCA 3140 (EOL, nonetheless) hardware. We decided that during our Fall Break this week we would test the waters and upgrade from 4.6 to 4.7 in hopes that we would be ready for the upgrade for 4.7.2 for Win 7 and Snow Leopard support. The install went fine and had no errors but when I tested my first client, I received the upgrade prompt to download the new agent but once the agent was installed, the login option was grayed out and the NAC agent would never popup. I checked for firewalls, anti-virus, etc. and nothing I tried worked. I reinstalled the 4.6 agent and sure enough was prompted to download the 4.7 agent and yet I could never get the 4.7 agent to pop up or let me choose Login. I figured worst case I wouldn't make the 4.7 agent mandatory and even worse, I could always reinstall 4.6 and restore my snapshot and settings.
So, I opened a TAC case and Cisco found that my managed subnets were incorrect. We originally had CCA 4.02 installed by a consultant in 2006 and we have stayed pretty vanilla with our deployment since then, only upgrading to the latest (or near latest) versions during breaks, holidays, etc. What was incorrect was how the managed subnets were defined. Originally, all of our subnets were: IP/Netmask Description VLAN 10.10.105.10 / 255.255.255.0 Location -1 The TAC engineer was surprised that this had worked for so long (and she said especially that she was surprised it worked in 4.6). She had me add new subnets so that the IP/Netmask setting contained the Trusted VLAN and the VLAN setting to contain the Untrusted VLAN that the user is coming in on. IP/Netmask Description VLAN 10.10.100.10 / 255.255.255.0 Location 105 Sure enough, the second we changed this, the agent popped up and all was fine. I figured I would pass this info on to anyone else that may have run into the same issue as I am not a CCA expert but have maintained our CCA deployment for the past 3 years and had no clue what to look for. HTH... [cid:[email protected]]<mailto:[email protected]>
<<inline: image003.jpg>>
