Basic configuration of NAC appliance

Similar Questions

• Cisco NAC Appliance

  Hello

  I wanted to know if anyone can give me help on a Cisco NAC appliance.

  Honestly, I've heard of them, but I've never installed or worked on a before and I

  have a client who wants to have one installed. So I wanted to know some here can

  point me in the right direction regarding the installation and configuration. Thank you

  the help in advance and have a very nice evening.

  Hello

  Everything you need to get started:

  http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html.

  HTH,
  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Configuration of NAC OOB

  Hello!

  I implement a solution of oob of the NAC. CASE of tTe and CAM are in the data center on a remote network, and I need to check the vlan that my users access on my remote sites.

  How can I make them authenticate on the CASE of distance? (the case is on a remote network)

  TKX

  Miguel

  Hello

  Well, it looks like you are starting, so I advise you to contact the OOB concept and guidelines:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html.

  You have the L2/L3 mode.

  You have the mode OOB/NVI.

  You have the real/virtual Ip gateway mode.

  You have 2 VLAN main for customers: access (of confidence) and authentication (not approved) VLAN.

  The goal is to make the customer enter the LAN virtual auth before logon, and traffic through the CASE so that the CASE can permit/deny the client to pass traffic.

  You also, nice chalk talks where you can see videos explaining the steps to configure several functions/deployments:

  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html.

  HTH,
  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• NAC Appliance and LDAP Lookup

  Hello

  I have two CAM HA and two CASES in HA.

  I set up LDAP search to create role assignment rule.

  In this configuration is only a windows server to find the properties of the user.

  There is a problem when this servers Windows is out of service. There are configurations of attenuation when the server isn't here.

  Thanks to you all.

  The search server configs State LDAP use LDAP authentication provider. LDAP authentication provider says that you can have multiple entries in the unique field

  LDAP

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/413/cam/m_auth.html#wp1158614

  You can add LDAP authentication servers redundancy by recording several LDAP URL in the URL field of the server, separated by a space, for example:

  LDAP://ldap1. ABC.com ldap://ldap2.abc.com ldap://ldap3.abc.com

• NAC Appliance reporting to MARS

  Configurable MARCH for reports received of NAC Appliance CAM/ect? It is not an option for NAC under devices in MARCH.

  Thank you

  -KK

  I apologize for not going too far with my answer. Fortunately, there are NetPros who know much better than I the NAC.

  In summary:

  "During deployment NAC framework in your network, if the NAC router is already configured to send syslogs and NetFlow events to MARS, all you have to do is configure the router to send specific syslogs NAC."

  To answer your question, it is not the CAM/AR but the router that must be set up in MARCH. That's why you see no option under devices of MARCH for the CAM/CAs.

  I hope this helps.

• Basic configuration of TFS 2012 fails on the data layer.

  Hello

  I have a new installation of sql server 2014 and has the last update 7 on it.

  Installed TFS 2012 update 4 and I tried the basic configuration to help start Wizard.

  I am getting...

  "TF255146: Team foundation server requires SQL server 2008 Rs (10.50.1600) or higher." The SQL server instance xxxxxxx you provided is the version 12.0.2495.0.

  I couldn't find much online research help. Any ideas how to solve this problem?

  Thank you

  Vinciane

  
  This issue is beyond the scope of this site and must be placed on Technet or MSDN
  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Aironet 1600 I have the Basic Configuration

  Hello, someone to share the basic configuration to a SSID and security with WPA with the phrase password not numers

  Because I have a problem, I can only see the SSID if I put on the guest mode.

  Excellent.  You can disable the 2.4 Ghz on the AP all together.

  If you think that I helped it would be great if you could evaluate and score the answer.

• Web NAC NAC Appliance Agent Vs agent

  Hello

  What is the difference between 'NAC Appliance Agent' and "NAC Web Agent"?
  I my case I do not get the pop up 'NAC Appliance Agent' screen, although I am able to correctly connect through "NAC Web Agent.
  I would like to know if the connection via "Agent of NAC Appliance" is mandatory.

  PFA, the 'CiscoSupportReport.zip' for 'Agent NAC Appliance'.

  Thank you
  Sagar

  It is not mandatory to use the agent unless you specify in the policy for the role of user assigned to your username.

  The web agent can do most of what makes the installable agent, at least with respect to authentication and posture.

  Check the role assigned to your user as part of the management of devices-> own access and see what is required for this role.

  Hope this helps

• NAC Appliance IPv6 compatibility

  I read in the book "Cisco NAC Appliance: host security with Clean Access application ' (published 2008) that the real mode IP Gateway is only IPv4 compatible but that IPv6 compatibility will be provided in a future update.

  Having searched around, I find no reference to the unit of the ANC being IPv6. Anyone know what ways (if any) are IPv6 compatible?

  Hello

  Although IPv6 has been on the roadmap, currently it is not supported and there is no ETA for IPv6 supports the devices of NAC.

  HTH,

  Tiago

  --

  If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

• NAC Appliance deployment problem

  Hello

  We are going to deploy Cisco NAC Appliance 3310 clean access server in our network. Regarding the deployment, I have several questions.

  My questions are:

  Is that what we required any additional server as WSUS for correction/windows update management?

  NAC device speaks with MS AD for authentication?

  We required server antivirus for endpoint security?

  We required server additional sanitation sanitize the infected end point?

  I will be happy if receive the answer above.

  Kind regards

  Martine

  Martinez,

  No, the CCA system asks the customer to correct itself and the Windows update client on the client computer, then addressed the function options. The two options are going to the servers of Microsoft WU, or if you have a WSUS server defined internally, which will.

  The other thing you can do is to 'offer' customers to download files that you store on the CCA based on different requirements system, but doing it this way would be very difficult to manage since you want to create rules for each patch that would very quickly become tedious.

  View this video-on-demand on how the CCA posture assessment and remediation. Watch VOD 5:

  http://tinyurl.com/d74t9u

  HTH,

  Faisal

• Basic of the NAC deployment question

  Hello

  Do I have reason to assume that at least 2 devices - a server and Manager must consist of a NAC deployment? or is the manager, an application running on a Windows Server? the Manager can run on the same machine as the server?

  My second question concerns Cisco Trust Agent and clean access Agent. CTA has actually managed by CAA? from what I see, CTA was part of the old framework of the NAC until they start using devices.

  Many thanks in advance,

  DOM

  Manager and the server can run on both PC or Cisco devices, which are in fact HP ProLiant DL140 G3 or HP ProLiant DL360 G5 PCs ;) You will need two devices in all cases.

  Second question - no one knows what will happen with all technology in the future. Is it completely replaced by MS NAP? The framework of the NAC is cancelled? Two Cisco solutions are not perfect. What customers actually need, is to have all the features of the NAC appliance to operate directly on the routers and Cisco switches. No clean access server no need in this case, only managing! And the OOB mode which is difficult to set up, support and troubleshoot will disappeared. The NAC framework is executed directly on Cisco devices, but it's not feature-REACH as NAC Appliance.

• What are the basic element of basic configuration of an oracle database?

  What are the basic element of basic configuration of an oracle database?

  It consists of
  one or more data files.
  one or more files of control.
  two or more redo log files.
  The database contains
  multiple users/schemas
  one or more rollback segments
  one or more storage space
  Data dictionary tables
  User objects (table, index, views etc.,)
  The server who access the database consists of
  SGA (dictionary database Cache buffers, a Redo buffers of the newspaper, shared pool SQL buffer)
  SMON (System MONito)
  PMON (Process MONitor)
  LGWR (LoG Write)
  DBWR (data writing)
  ARCH (archive)
  CKPT (Check Point)
  RECO
  Dispatcher
  Associate the user with PGS process

• NAC appliance purchase question

  Dear Experts,

  This summer we bought a Server Appliance from Cisco NAC3315-K9-500-500-NAC3315-K9.

  And we are about to begin its deployment. But to our surprise, we learned that it is a separate physical server to manage the NAC and NAC Manager license is required.

  Unfortunately, we bought the unit of the NAC with support (rather hasty) that management (CAM) and the access server (CASES) are integrated into a single box. But, after checking a configuration guide, he said that one or other of the CAM or CASES can be installed on the device.

  So is it possible to integrate them both on the same machine? Or must buy this CAM server that cost a fortune?

  Or alternatively, the cam can be installed as a virtual machine?

  Looking forward for your answer,

  Thank you very much!

  Hello

  You cannot run the cam and the CASE on a single piece of material (when you install the software, you must choose the Manager or the server prior to installation scripts), you must run on separate devices. However, you can get a job in Ise (licenses), which is the last product that can take advantage of all the features of the NAC in one device. However based on your network (amount of endpoints) it can easily take more material.

  ISE can run on devices that you have purchased, you will need to go to your cisco account representative or your partner of cisco in order to have their with the discount and you get to put on the same page on ISE (providing the demonstration or proof of concept).

  I supported the NAC and ISE and your best approach should not go forward with the NAC product now that ISE is out, it is a design much better in the way it integrates into your network, it uses also not only the manager and server, but it includes the profiling and reviews management services which are all of different products within the line of the NAC.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Virtual gateway Wirelles In-Band NAC Appliance

  Hi, people.

  Knows someone like NAC Wirelles in-band Gateway Virtual Appliance configuration.

  TKS.

  Hello

  Well, it's a pretty simple question and I can say that many people know how to configure NAC to WIreless NVI VG.

  Can you be more clear on exactly what you need?

  ARO

  Tiago

• Cisco NAC appliance - after a success does not change users to connect to the vlan propper

  Hello

  I am new to cisco NAC BURNERS and I have to troubleshoot an implementation. It is a real OOB IP gateway configuration. Users can connect to the Pentecost the CCA, but after the connection of this success, they remain on the role not authenticated, as well as on this vlan. I checked the SNMP protocol and seems to work very well. Also, I checked the logs on nac_manager.log and there is nothing surprising, in fact I see nothing about this user or IP address that connects.

  Also the user does not appear on the list of users online on cam.

  Can someone help me figure out how can I fix? version 4.8, I'll post any information requested

  Thank you

  We recently had the problem with Windows AD SSO and Windows 7 clients.

  Would authenticate the XP clients very well, however, Windows 7 clients would not authenticate and will remain just on the authenticated vlan.

  Our question was looking for CASE SSO account, we installed on AD. It only support the encryption, WHICH has no Windows 7 64. We turned off "Use OF THE encryption" on the account authentication UNIQUE AD and re-tested.

  What are the parameters of the port-profile to which is applied the switchport?

  What is the map settings vlan ports trunk not approved or confidence?