I ended up having to turn on:
OOB Management -> Profiles -> Port -> <profile name> -> Bounce the port after VLAN is changed We were previously not using this setting. Here is the explanation from TAC (we are running 3310 CAM and CAS): Hi Jeremy, For agentless OOB, bouncing the port is always recommended as we can’t do VLAN detect nor use IP Refresh since those are agent functions. That ‘race’ condition between the DHCP packet and SNMP OOB operation is a tight one. And from looking through the logs, it appears are hitting this. For devices in the filter list that boot in a VLAN other than their Access VLAN (like 221), if the OOB operation takes 30-40 ms to occur they renew DHCP correctly in the Access VLAN (203/205). But if it takes much more than 100ms to complete that operation, the IP is being renewed in the initial VLAN (whatever that is). This is why it doesn’t happen consistently, many times that OOB change occurs <100ms, other it’s a little higher. I can only assume that with 4.8 on your HW there’s just a tad more load at times that makes that response a little longer. Thanks, Jeremy L. Shoemaker Systems Administrator Dakota Wesleyan University 605-995-2147 [email protected] <mailto:[email protected]> Strategic - WOO - Maximizer - Achiever - Learner -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Jeremy Shoemaker Sent: Tuesday, August 10, 2010 10:13 AM To: [email protected] Subject: 4.8 OOB Delays Since installing 4.8, we have been having problems with our filtered devices on our wired OOB. If a user shuts down their system and restarts or plugs it into switch port, they are receiving an IP from the wrong VLAN. They get an IP from the authentication VLAN instead of the VLAN that is associated with the user role that the device is filtered into. The port on the switch changes to the correct VLAN, but it appears to be after the system has already received an IP. I have a request in with TAC and was promised a call back on Friday, but no call yet. Anyone else seeing this? Any help would be greatly appreciated. Thanks, Jeremy L. Shoemaker Systems Administrator Dakota Wesleyan University 605-995-2147 [email protected] <mailto:[email protected]> Strategic - WOO - Maximizer - Achiever - Learner
