We have had an issue with our NAC setup. We are using 4.8 with one CAM managing one CAS. Every so often we get a "SW_Management: Unable to process out-of-band login request from [00:00:00:00:00:00 ## 172.16.1.10] username. Cause: MAC address of 172.16.1.10 not found." It doesn't matter which switch, whether the user authenticated with Agent or Java web app, Windows or MAC, whether a posture assessment occurs, or whether the device was found before or new. Its intermittent and no users have been calling about it. TAC doesn't seem to have info as we cannot replicate it and give them information from the client perspective to troubleshoot. We have enabled SNMP disconnect notifications for the host ports. We have reached out to the users with no response. Here is what I see in the logs:
1. User logs in to NAC successfully. (Authentication: [C4:2C:03:39:72:E6 ## 172.25.1.204] b.j.jackson15755 - Successfully logged in as out-of -band user, Provider: RADIUS, Role: Students_OSUpdate, OS: Macintosh OSX) 2. 5 to 10 minutes later, 2 or 3 logs are generated (SW_Management: Unable to process out-of-band login request from [00:00:00:00:00:00 ## 172.25.1.204] b.j.jackson15755. Cause: MAC address of 172.25.1.204 not found.) 3. 10 minutes later the user is kicked (SW_Management: Kicked OOB user [OOB ## C4:2C:03:39:72:E6 ## 172.25.1.204/NA] b.j.jackson15755 on port 10030 of switch 192.168.2.197) Anyone seen anything like it? Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: [email protected]<mailto:[email protected]> http://security.nsu.edu
