Cisco Nac Agent type condition Audit
Hi experts,
I can configure a condition audit (mandatory or optional) type, so that the client will always access the network, the user will not be informed, and the information will be sent to the heap.
It is possible to generate an email or a similar automated process to inform administrators on these audits?
(version 4.7.2 running)
Thank you
Andrea
Hello Andrea,
In 4.7.2 there was not much you could do in the cam itself - really you could export from the graphical interface in a spreadsheet and analysis on this basis.
The CAM has an API, but allowing you to export reports via the interfaces of script and give you all the information you could then manipulate. You can access the documentation of the API of CAM by accessing:
https:///admin/api/cisco_api_doc.jsp
(The function "getreports" is probably what you want to watch in).
In version 4.8 and later there was a new section of "Reporting" of the GUI you can see more details about passed and has no requirements:
Thank you
Nate
Tags: Cisco Security
Similar Questions
-
There is a problem that is coming with the customers, sometimes on some of the connection start screen customer Cisco NAC Agent is not displayed on the login screen for some of the newly added machines. Are there special requirements for cisco Agent on the client machines.
Concerning
Waqas
Waqas,
No specific requirement, except that they be on the list of the OS supported. For example server OSs don't are not so supported if you were trying to install/run on a Server 2003 or 2008, which will not work.
HTH,
Faisal
-
difference between cisco NAC agent and cisco Clean Access Agent
Hi all
If anyone has the idea on different between cisco NAC agent and cisco Clean Access Agent, please let us know your ideas.
Thank you
In 4.6, the agent has been revised and is now called the NAC agent. Previous versions were called the clean access Agent. So roughly, 4.5 and 4.1.3.2 agent are own access agents, and agents 4.6.x and 4.7.x are called NAC agents.
Some of the changes are moving a lot of the agent configuration in an XML file, redesign of the GUI, adding a service portion (of the sort that the agent of heel is no longer necessary) and the best journaling agent.
-
Hey guys! My school uses the Cisco NAC Agent for security on our network, but it gives me problems at the moment. My Windows is fully updated, a mandatory requirement. However, I have done some Windows updates automatically for a while now, and I spent the last few hours manually, download, installation, System Restore to a date in the past and then redownloading, etc..
I'm in my third year on that campus, and I always had minor problems, which none has caused me a problem until now. I'm not sure what the underlying problem is, and I don't know if this is a common problem for this stage, but I was hoping that I could receive aid better here that guys in the student technology services desk. I am working from my laptop on campus wireless, but this isn't helping me get my Office Online
I have attached the newspaper report of Cisco of the packer.
Hello
We can see the agent to tell you:
"Your computer is missing one or more critical updates. Run Windows Update and check that you have all critical patches installed. »
And it's true that Agent to do some checks which is a failure.
Now these controls check some registry keys related to Internet Explorer and a few other internal items.
Unfortunately, it is that your network administrator which should help you to solve this problem, because the application of the NAC Manager will have a detailed report of what exactly a failure in your machine and then the requirements are changed to allow you to access or your machine must comply with the requirements.
HTH,
Tiago--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Dear,
I have two devices ISE installed in a distributed deployment ("ISE1' primary and secondary"ISE2"), each node has three personas installed on it. The servers are recorded together and replication is working properly between nodes.
When we work on the first node, all right, if I try to unplug it from ISE1 and do my tests on ISE2, the cisco NAC agent don't popup, unless I have to uninstall and reinstall again the ISE2. Then it will not work properly.
Note: the version of the agent of the NAC is the following: nacagent - 4.9.0.37.
Any idea?
Concerning
Zahi
I don't have access to an ISE at the moment to find, but try this:
Policy > policy elements > results > customer Provisioning > resources
Edit profile, and there should be a box of discovery host.
My apologies, I guess a little without access to the box, but it is certainly configurable, you don't have to add it manually.
-
Cisco NAC server and check active number? Would this work?
Hi all
A client has achieved a question when we introduced Cisco NAC today. They wondered, lets say, a client of Cisco NAC agent installed may be connected to the network switch. It has all valid requests and patch levels on his machine (posture validation check pass)
However, even if the customer takes the position of all the parameters, they want to know that if the host name of the client (for most Windows laptops) does not exist in their active database (this database is a database of estate number which is in a similar format or .csv) posture validation must fail.
Have you met such request like this before? Is there a function on the NAC server which checks a field against an external database as an active database?
See you soon.
Dumlu,
Currently, it is not possible. You can create controls who can check values locally, but not against external data warehouses, so for this card against your thinking, NAC would have to know all the names of workstation before hand and then check against that. It is unwieldy and very very difficult to scale.
If it's something you and your client think would be a good addition (and it sounds like a good idea) Please engage with your account team and ask them to request a feature for you.
Thank you
Faisal
-
ISE - profile of the NAC agent
Dears
I want to deploy via GPO NAC agent and I need to create the agent profile, I know how to create on ISE, but how to get the file in xml format which will be distributed?
You can try to install only a single PC (whether by a manual installation or captive portal). If you have set up rules of posture while ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml.
Then you can browse the following directory and find the NACAgentcfg.xml file in your PC.
C:\Program Files (x 86) \Cisco\Cisco NAC Agent
After that, you can deploy mass agent of the NAC as well as the xml file. Well that is not required to deploy the xml file as a I said, every time, there is a rule of posture the NAC agent will download the last available the ISE Server NACAgentcfg.xml.
Please rate if this can help.
-
Anyone encounter this error on the Cisco NAC Web Agent before (see table)? I am setting up Cisco NAC Aplliance in Out-Of-Band gateway mode virtual for the deployment of Unified Wireless using the WLC. Grateful if someone can help to inform of what could be the cause of the error. Thanks in advance.
This means that the CAM has not received a SNMP trap for this MAC address. Check that the WLC is configured to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
You can see if the cam with got a trap for a specific MAC looking under OOB management > devices > discovered customers.
-
Hello
I have some doubts if any1 can clearly it will be great. I have the deployment of gateway NAS OOB real ip in my network.
Assuming that all ports are Nac_controlled. So as soon as the client caches they are in the local network virtual auth.
now I have a cisco nac Profiler in my network which I will configure IP phones and printers.
by example, if the port of the ip phone is connected to it will be also under auth vlan.
so as soon as as ip phone gets plugged, Profiler cisco will see the profile and change the vlan auth to its vlan respective by mapping the profile and the profile of the NAC that we have mapped in the Profiler and given of the vlan in the user profile of the NAC for the ip phone.
Please correct me if I'm wrong, for the understanding of the operation. I need profile of ip phones. I am not able to connect.
It would be very useful if you can help me.
Thanks in advance.
Nitesh salvation,
the NAC has no control over the voice VLAN, then this would be defined locally on each switch ports.
For example, you assign it not the point endpoint IP Phone profiled in any role, because the input is 'ignored' and the phone works on the configured locally voice VLAN without going through the NAC.
The IP phone case is different from that of printers and ATM... as in this case, these devices are looking at VIRTUAL local network access (which is commissioned by the NAC), and you do not expect to see all other devices (MAC addresses) on the same port of a printer, ATM or other endpoints without an agent. That being said, you can assign profiles different points of endpoints to different roles in this case.
I hope that answers your questions.
Kind regards
Federico
-
Connection disabled for the Nac Agent
Hello
After installing the NAC Agent on Windows XP.
The login window does not appear.
Please see the attached support cisco report.
Please suggest to overcome this problem.
Thank you
Abuzar
Well, the default gw is an L3 device you have on your network, and if there is a firewall you will need to open the communication to these ports.
What is the configuration of VLANS on the switch where the client is connected?
Do you have an organizational chart?
See you soon,.
Tiago
-
Being trained by Cisco NAC nuts! Help!
Hi all
Getting desperate here... been trying to get the solution NAC Cisco (Cisco NAC 3310) to work, but with limited success, and the results are currently desperately randomly. I have a lot of experience with Cisco product and so far this has been the most painful :-( Here, any help would be appreciated gladly!
OK, here's the Setup: the cam and CASES are configured in mode OOB VG (Layer 2). I install everything by following the guide from Cisco (I hope) - different VLAN for the CASE, the cam and VLAN mapping, managed subnets, etc. to switch profiles configured. Yet, I get strange answers: some PCs are unable to connect to the network, even if successfully managed switch port informs the cam a new MAC is detected (varies the switch port to the vlan auth of vlan initial). I have accumulated my brain trying to figure out what's wrong, newspapers event does not indicate a lot of problems. Just to check on some uncertainties:
1. for the managed subnet IP, should I check the box "Enable subnet based Vlan change?"
2. for the subnet managed, if I put the IP address of subnet managed as the IP of the gateway? E.g. 110 VLAN (vlan not reliable) mapped to 10 VLANS (VLAN trust) which is the 10.1.10.0/24 subnet. The gateway is 10.1.10.254. So should I configure managed subnet IP/netmask as 10.1.10.254/255.255.255.0? Or choose another unused IP address from that subnet (for example 10.1.10.1)?
3. I am also the experience of the situation where to connect with success (pass the verification of the NAC etc.), I unplugged my laptop on the port managed switch and after a while connected. This time no authentication happens, but the network connectivity is broken (even if the Cisco Agent is running). Seems that the network port is placed in the VLAN Auth, yet nothing is invited to open a session. Any ideas?
W
Woon,
What policies do they install on your current user roles?
You can try allowing all TCP/UDP and fragments to see if not connect at all times.
Right-click on the agent access as well and select Properties. Make sure that there not a host of discovery, since it is an implementation of L2
You also have to note the previous post, so if others have similar problems that they will look at this thread
Thank you!
-
Cisco NAC discovered host field use OOB L3 and L2 OOB
Hi all
We are in the phase of project initiation in a huge deployment of Cisco NAC.
Customer has of 8 regional offices who will be deployed in OOB L2 mode with its own servers of NAC.
Client also As 25 small offices who will be deployed in OOB L3 mode (using the access control list) with two central servers of the NAC.
NAC agent will be deployed at the Center through Microsoft Windows Domain Services on each computer in the domain. However, users could move from a small office to a regional office occasionally.
I was wondering how we should use the Host field discovered in the XML of the Agent?
My opinion is the definition of the scope of the host of the discovery to the IP address of the central servers of the NAC. This setting will be used when the user is in a small office and when in an office regional, the NAC in mode OOB L2 server will already intercept the traffic of the user and the IP address in the host discovery field won't matter in this case?
Am I wrong?
Any help much appreciated.Dumlu
Hi Dumlu,
If your concern relates to users of L2, then this will work regardless of the address of the configured host discovery.
This is the case, the Agent will try the host address configured discovered on top of the default gateway address.
In L2, the NAC server is between the host and the default gateway, so the L2 discovery process will still work.
Consider that for users of L3, the discovery packet sent to the discovered host address just reach the server of the ANC, no matter if so the agent can reach this address; the point is to ensure that the NAC server receives this package in order to meet with the NAC server specific info.
I hope that answers your question.
Kind regards
Federico
--
If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.
-
The NAC Agent running application scan
Ladies and gentlemen,
My client is to be on ISE PoC. They want to test the functionality of Posture to run the application.
I would like to ask: what is the NAC agent scan interval. If I want to use Agent NAC to scan the PC, an illegal demand, but initially, during the connection, the application is not running. After NAC agent notify that it respects the customer, user start this application. The question therefore, Agent NAC detectable by whom?
Kindly share your experience about it. Thank you for your support.
Kind regards
Hiep
Hiep,
The feature you requested is passive revaluation and is made on intervals configured by the administrator.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_pos_pol.html#...
Thank you
Tarik Admani
* Please note the useful messages *. -
NAC agent the wireless runs whenever we have controllers
Hello everyone, we have a problem in our environment and wanted to inquire about this. We have a Cisco wireless infrastructure in place - 5508 2 controllers and about 200 3502 AP we have split the AP evenly between 2 controllers. We backend system with an own server in the strip of the NAC device for post assesment. What we are seeing, is that when a user "passes" a point of access to the other, and if the AP is connected to 2 separate controllers, the NAC agent will take place once again. Newspapers in cam supports this, as we see the user is disconnected and then reconnected. We have 2 controllers configured in a mobility group which should allow roaming. So what would be the expected behavior? Is the controller always send RADIUS Accounting Stop packets to the CAs when it tends a session wireless to another controller, even if they are in a group of mobility? Any help or thoughts would be appreciated.
Thank you
The f
Jeff,
Since you're using dot1x, I found the following note in the configuration guide for mobility:
http://www.Cisco.com/en/us/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html
All clients configured with 802. full authentication is complete by 1 security X/Wi-Fi Protected Access (WPA) to conform to the IEEE standard.
Your radius server that you see a second authentication attempt from the second controller? If Yes, then most likely, this is because of the management of accounts radius stop and start messages while roaming.
Thank you
Tarik Admani
* Please note the useful messages *. -
I have a security failure Audit, what can be done?
Event type: Failure Audit
Event source: security
Event category: monitoring detailed
Event ID: 861
Date: 11/05/2013
Duration: 02:16:51
User: Authority NT\SERVICE network
Computer: RICHARD-33JHYZY
Description:
The Windows Firewall has detected an application to listen for incoming traffic.
Name: -.
Path: C:\WINDOWS\system32\svchost.exe
Process ID: 1236
User account: NETWORK SERVICE
The user's domain: NT AUTHORITY
Service: Yes
RPC server: No.
IP version: IPv4
IP Protocol: UDP
Port number: 49400
License: no
Informed user: No.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Hello
Windows Firewall writes entries in the security log when a computer is started and when a program or system service attempts to listen for unsolicited incoming traffic but is blocked. These topics provide information about the State and the configuration of the Windows Firewall, including information about applications and ports that allow traffic through Windows Firewall. These entries also has information on ports and protocols a program or system service attempts to use for you can configure required exceptions in Windows Firewall. These security log entries are viewed with Event Viewer, which can filter event ID entries. Associated with the firewall event ID Windows are of the order of 848 through 861.
Here is some information of the Windows Firewall to let us know that there are listening applications on the machine. We can view the logs and determine if it's something that we want to listen for incoming traffic on the machine or not.
Here is some information of the Windows Firewall to let us know that there are listening applications on the machine. We can view the logs and determine if it's something that we want to listen for incoming traffic on the machine or not.
For more information, please see the link.
http://TechNet.Microsoft.com/en-us/library/cc737845.aspx#BKMK_858You can run an online scan to ensure that your computer is free of viruses and spyware.
A quick way to search for viruses is to use an online, such as the Microsoft Safety Scanner scanner. The scanner is a free online service that helps you identify and remove viruses, clean your hard drive and generally to improve the performance of your computer.
To run the Microsoft Safety Scanner:
a. go to the page Web of the Microsoft Safety Scanner Download scan.
http://www.Microsoft.com/security/scanner/en-us/default.aspx
b. click on Download nowand then follow the instructions on the screen.
Note: The data files that are infected must be cleaned only by removing the file completely, which means that there is a risk of data loss.
It will be useful.
Maybe you are looking for
-
after update, firefox will not open
After the update, firefox does not start. Maybe because I thought that it will re-start the first time I started computer. the instructions have always given this option
-
Shared network stuck real Variable
I have a Boolean NSV on a cRIO which now seems to be stuck in a real state. All Vi on the cRIO are arrested, LV is closed on my system and development still in the DSM, I can try to set the variable to False and it will jump to True. I have not (sh
-
Updates for windows vista - code error 646
I had 8 update to install, and only 4 have been downloaded. 4 other updates are kb973593, kb973704, kb975960 and kb974561, I get the error message 646 have tried repeatedly, but they will not download. Any suggestions?
-
Somehow my diary of the administrator password does not work, no disc reset
original title: locked out! Help, please Somehow my diary of the administrator password does not work. I tried everyting. I use Windows Vista. I continue to be asked to provide a 'A' floppy to recover my password, but there is no floppy drive on my c
-
How to find the name of the producer of my vidio card?
HP Pavilion dv7 - 4183cl using Windows 7 64 bit, no error msg.