A problem in newer IOS Cisco switches has been detected.
When an unknown
computer connects, a DENY from FreeNAC is received and the switch port
blocks access. If later the properties of the connecting device are
modified in order to allow it access the vlan, the port will remain in
the blocked stated for that device, preventing any further VMPS
requests from reaching the FreeNAC server. The amount of time the port
remains in the blocked state is variable. A port restart doesn't change
the port status, neither does disconnection of the network cable from
the switch port.
After some analysis, it has been discovered that
removing the MAC address from the switch's CAM table will remove the
blocked state and the port will work as expected. Therefore such a 'clear mac'
function has been added to FreeNAC in V3.0.3 as a complement to
port_restart
See the thread in the forum where this problem was initially discussed.