We just started using NAC 4.8 Out-of-band Virtual Gateway and applied NAC to our encrypted SSID running on WCS/WLC 6.0 with 1142/1131 LWAPs. This is our first use off NAC 4.1 and also deploying OOB. We seem to have a problem, especially on mobile devices like the iPhone, where each session is requiring the device to re-auth regardless of being on the CDL. Creating a device filter as a workaround works. I'm having trouble finding the root issue as it seems not all users of the same device type have the issue. For instance, I have an iPhone 4 user who gets locked in a safari page titled "Log In" showing the apple.com site, but none of that behavior on another iPhone 4. Re-auth and page re-direction seems to happen more for some iPhone 3GS users than others. I've seen my macbook re-auth me after waking from sleep last week, but today none of the behavior exists. We have had the OOB port profile option "Change to Access VLAN if the device is certified but not in the out-of-band user list" set this whole time but have still had this issue on wireless. None of the disconnect options for port profile are enabled.
Any ideas? Anyone encounter an issue similar to this experience or know what the root cause/solution could be? I'm making a TAC case, but thought I'd hit this list as well. Thanks in advance. -- Branden Kirk Network Administrator, IT Operations Biola University (562)944-0351 x5032
