Cisco NAC discovered host field use OOB L3 and L2 OOB

Similar Questions

• Open a read-only text field using the button and javascript

  Hello

  I have a form with text fields that I préremplira data. The text fields will be in read-only by default. I want to ensure that when a user wants to make changes, he will need to click on a button and in turn, background of the text field will become gray and he can make changes to the text field. I can already do gray running in background, but I can't make the text box open.

  This is the code that will run after the button is clicked:

  color.ltGray = new Array ("G", 0.75);

  this.getField('TestField').fillColor = color.ltGray;

  this.getField('TestField').access = "open";

  Background of the text box becomes gray, but it is always read-only. Any ideas?

  Thanks in advance!

  If you have created the form in Acrobat (as opposed to LiveCycle Designer), change the last line to:

  this.getField('TestField').readonly = false;

• Base installation of Cisco NAC

  Hello

  I bought a Cisco NAC server and a Cisco NAC Manager.  I have it in the laboratory to test for the moment, but I would extend approximately 200 users possibly on campus lan.  I just check that a user is valid on active directory.  Perhaps the best way I can do that is by making a discovery on the server of the NAC to valid mac addresses.

  What is the best way to do this? That is to say

  user connects to a port on the campus lan

  Active directory checks that they are a valid user on the domain

  they get their usual dhcp address once they are authenticated

  If they are not a user validates on the field that they will not be authenticated

  I'm not worried about the verification of the antivirus, pc built... for now

  For the moment, I installed the server of the NAC and the NAC Manager and both can access it through a layer 3 switch.

  Thank you

  Kevin

  Kevin,

  Essentially, you ask for advice on how to do this. As I just pulled out of 1000 users NAC L2 VG OOB (who looks like, it's what you want to do) and a 3000user of the NAC L3 RIP OOB as well as OOB wirless and looking IB VPN right now. My best advice would be to buy the next book.

  Cisco NAC Appliance 'Host security with clean Access Application' by James Heary for about $60. (available on Amazon)

  This covers all deployment scenarios and is invaluable for me when I created the NAC. What it does is put in the necessary steps and is easier than flitting back and forth between the CAM and CASE manual.

  Hope that helps

• Creation of an another OSB field using same Middleware home

  Hello

  I am about to create another area of osb with an addition to the existing one. The existing domain is to Server Admin and only a single server managed of the BSO in stand-alone.

  I start the existing domain usually using java node base or based script manager. Node Manager by default start port 5556.

  If I create a new field using config.sh and if I give you a new number (5558) port for configuration steps node Manager that will work?

  Because a domain Manager node already existing is running (5556) and for logs are get generated and nodemanager.properties file has already been set.

  Please suggest if you see no major problem on this.

  Main reason to separate the management of two nodes.

  If I stop at a domain, I stop there including nodemanager also using wlst script.

  So I don't want that the field of another should be assigned for this.

  Hello

  It is a feature of 12 c, not available in WebLogic 11 g.

  However, 11 g, you can have a Node Manager for each area. For example, if your domains are configured unde/u01/fmw/domain1 and/u01/fmw/domain2, create a directory 'nodemanager' in each of these homes of the area. Then copy the startNodeManager.sh script (found in the bin/server/WL_HOME directory of $) for each directoy and change the Node Manager home to point to the respective directories. Then, start the first and you should see a nodemanager.properties file. You can leave the first one as it is, but the second Node Manager to change the listening port in order to have both running at the same time.

  Let me know if future clarifications are necessary.

  Concerning

• Cisco NAC Web Agent error.

  Anyone encounter this error on the Cisco NAC Web Agent before (see table)? I am setting up Cisco NAC Aplliance in Out-Of-Band gateway mode virtual for the deployment of Unified Wireless using the WLC. Grateful if someone can help to inform of what could be the cause of the error. Thanks in advance.

  This means that the CAM has not received a SNMP trap for this MAC address.  Check that the WLC is configured to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626

  You can see if the cam with got a trap for a specific MAC looking under OOB management > devices > discovered customers.

• Cisco NAC appliance - after a success does not change users to connect to the vlan propper

  Hello

  I am new to cisco NAC BURNERS and I have to troubleshoot an implementation. It is a real OOB IP gateway configuration. Users can connect to the Pentecost the CCA, but after the connection of this success, they remain on the role not authenticated, as well as on this vlan. I checked the SNMP protocol and seems to work very well. Also, I checked the logs on nac_manager.log and there is nothing surprising, in fact I see nothing about this user or IP address that connects.

  Also the user does not appear on the list of users online on cam.

  Can someone help me figure out how can I fix? version 4.8, I'll post any information requested

  Thank you

  We recently had the problem with Windows AD SSO and Windows 7 clients.

  Would authenticate the XP clients very well, however, Windows 7 clients would not authenticate and will remain just on the authenticated vlan.

  Our question was looking for CASE SSO account, we installed on AD. It only support the encryption, WHICH has no Windows 7 64. We turned off "Use OF THE encryption" on the account authentication UNIQUE AD and re-tested.

  What are the parameters of the port-profile to which is applied the switchport?

  What is the map settings vlan ports trunk not approved or confidence?

• Cisco NAC Profiler

  Hello

  I have some doubts if any1 can clearly it will be great. I have the deployment of gateway NAS OOB real ip in my network.

  Assuming that all ports are Nac_controlled. So as soon as the client caches they are in the local network virtual auth.

  now I have a cisco nac Profiler in my network which I will configure IP phones and printers.

  by example, if the port of the ip phone is connected to it will be also under auth vlan.

  so as soon as as ip phone gets plugged, Profiler cisco will see the profile and change the vlan auth to its vlan respective by mapping the profile and the profile of the NAC that we have mapped in the Profiler and given of the vlan in the user profile of the NAC for the ip phone.

  Please correct me if I'm wrong, for the understanding of the operation. I need profile of ip phones. I am not able to connect.

  It would be very useful if you can help me.

  Thanks in advance.

  Nitesh salvation,

  the NAC has no control over the voice VLAN, then this would be defined locally on each switch ports.

  For example, you assign it not the point endpoint IP Phone profiled in any role, because the input is 'ignored' and the phone works on the configured locally voice VLAN without going through the NAC.

  The IP phone case is different from that of printers and ATM... as in this case, these devices are looking at VIRTUAL local network access (which is commissioned by the NAC), and you do not expect to see all other devices (MAC addresses) on the same port of a printer, ATM or other endpoints without an agent. That being said, you can assign profiles different points of endpoints to different roles in this case.

  I hope that answers your questions.

  Kind regards

  Federico

• Cisco NAC server and check active number? Would this work?

  Hi all

  A client has achieved a question when we introduced Cisco NAC today.  They wondered, lets say, a client of Cisco NAC agent installed may be connected to the network switch. It has all valid requests and patch levels on his machine (posture validation check pass)

  However, even if the customer takes the position of all the parameters, they want to know that if the host name of the client (for most Windows laptops) does not exist in their active database (this database is a database of estate number which is in a similar format or .csv) posture validation must fail.

  Have you met such request like this before? Is there a function on the NAC server which checks a field against an external database as an active database?

  See you soon.

  Dumlu,

  Currently, it is not possible. You can create controls who can check values locally, but not against external data warehouses, so for this card against your thinking, NAC would have to know all the names of workstation before hand and then check against that. It is unwieldy and very very difficult to scale.

  If it's something you and your client think would be a good addition (and it sounds like a good idea) Please engage with your account team and ask them to request a feature for you.

  Thank you

  Faisal

• What is the difference between Cisco NAC and ACS?

  I am currently part of a new construction project and my Cisco account manager and sales engineer recommend Cisco NAC for our new MDF. I'm confused because I don't clearly know the difference between a Cisco ACS and the NAC. What is the difference?

  Thank you

  Chris

  Chris,

  The two are completely different, maybe the sales rep could present you with more information and application. Each offers a variety of services tailored to the specific needs. I think that we need to read more in depth on the proceeds of the NAC. NAC seems an excellent solution for authentication authorization but other regulatory compliance.

  When you see ask your representative to sales for more information/demo.

  ACS is more widely use as a central point to access control to network devices routers, an example is for acs accounting management and the authority to order on all devices on the network using acs as RADIUS server. Considering that the NAC is over a central point of safety inspection on earlier systems of access to your network by via LAN or outside, an example of these respected regulatory defined could be inspections could be virus definition checks before getting lan access thus preventing access to the LAN if the system does not have regulatory compliance defined in NAC access is denied. Another example could be the unknown local host connections etc... So, it seems that NAC is a much broader product that provides endpoint security internal, not only the authentication authorization as acs... ACS has been there for a long time, NAC is rather new product.

  NAC

  http://www.Cisco.com/en/us/NetSol/ns466/networking_solutions_package.html

  http://www.Cisco.com/en/us/solutions/collateral/ns340/ns394/ns171/ns466/ns617/net_qanda0900aecd800fdd6f_ns466_Networking_Solutions_Q_and_A.html

  ACS

  http://www.Cisco.com/en/us/products/sw/secursw/ps5338/index.html

  Rgds

  Jorge

• Being trained by Cisco NAC nuts! Help!

  Hi all

  Getting desperate here... been trying to get the solution NAC Cisco (Cisco NAC 3310) to work, but with limited success, and the results are currently desperately randomly. I have a lot of experience with Cisco product and so far this has been the most painful :-( Here, any help would be appreciated gladly!

  OK, here's the Setup: the cam and CASES are configured in mode OOB VG (Layer 2). I install everything by following the guide from Cisco (I hope) - different VLAN for the CASE, the cam and VLAN mapping, managed subnets, etc. to switch profiles configured. Yet, I get strange answers: some PCs are unable to connect to the network, even if successfully managed switch port informs the cam a new MAC is detected (varies the switch port to the vlan auth of vlan initial). I have accumulated my brain trying to figure out what's wrong, newspapers event does not indicate a lot of problems. Just to check on some uncertainties:

  1. for the managed subnet IP, should I check the box "Enable subnet based Vlan change?"

  2. for the subnet managed, if I put the IP address of subnet managed as the IP of the gateway? E.g. 110 VLAN (vlan not reliable) mapped to 10 VLANS (VLAN trust) which is the 10.1.10.0/24 subnet. The gateway is 10.1.10.254. So should I configure managed subnet IP/netmask as 10.1.10.254/255.255.255.0? Or choose another unused IP address from that subnet (for example 10.1.10.1)?

  3. I am also the experience of the situation where to connect with success (pass the verification of the NAC etc.), I unplugged my laptop on the port managed switch and after a while connected. This time no authentication happens, but the network connectivity is broken (even if the Cisco Agent is running). Seems that the network port is placed in the VLAN Auth, yet nothing is invited to open a session. Any ideas?

  W

  Woon,

  What policies do they install on your current user roles?

  You can try allowing all TCP/UDP and fragments to see if not connect at all times.

  Right-click on the agent access as well and select Properties. Make sure that there not a host of discovery, since it is an implementation of L2

  You also have to note the previous post, so if others have similar problems that they will look at this thread

  Thank you!

• Cisco Advanced Wireless LAN field specialist

  Hello.. I've passed the CCNA certification recently and wanted to get the specialist wireless but cannot find any info how to go to this topic - Cisco press didn't review guides for these apparently - or am I looking in the wrong places... Thanks in advance

  I have not looked in the last year or so, but the Cisco Press books for Wireless suck well enough (in a Word). They are not very useful for exams and were too old / obsolete as practical references.

  IMO, the best general guide / reference is book 3 of the planet for Certified Wireless Network Associate (CWNA) which is published by Osborne.

  They have other more advanced books (CWAPE, CWSP), these are all the study guides excellent for their respective tests (non-vendor-specific) and are also useful for reference later when you start to forget small details.

  Discover the EM, most libraries that take tech are likely to have em.

  Good luck

  Scott

• Cisco NAC does support Wireless LAN?

  Hello

  I know that Cisco NAC support LAN wireless. I sent myself with various brands of autonomous APs. These work very well using the in-band, out-of-band mode.

  However, Cisco has been mentioned for Cisco AP, with Cisco switches and Cisco NAC, out-of-band is supported. I tried this today and it's or Cisco's fake, which is highly unlikely, or I have not configured the portion of the NAC or the access point Cisco correctly, which is most likely? I wonder where am I wrong? Please someone advice me on this?

  Kind regards

  RAM

  + 6012-2918870

  Hi Jean Claude,

  You can now do out-of-band with wireless deployments, but you must have a Wireless Lan Controller manage your APs. You can't do it with autonomous APs.

  The guide below will for most of the configuration:

  http://www.Cisco.com/en/us/products/ps6128/products_configuration_example09186a0080a138cc.shtml

  Thank you

  Nate

• Cisco NAC offers Support

  Hello

  I have some question about Cisco NAC and don't know if it is able to support:

  1. can you packets qos to NAC honor/confidence when it is configured for inband/off band?

  2. for the creation of the lobby admin on local accounts management comments (using the own access device); cisco nac appliance does support

  the lobby admin via acs/external db authentication? If this isn't the case, adding a comment server would reach it?

  3 - is not cisco NAC appliance support wireless controller and the mixture of cisco/non-cisco switches? If so, if the switch supports snmp mib mac-notification/link/link down; would this be enough?

  4 is Cisco NAC comes with a predefined set of rules AV to verify that all AV support is running for the posture check (example if NAC supports 100 produced different viruses; can he check all 100 different product that can be installed on a PC for control of posture). An example of this would be hotel / that there are people of different products installed antivirus trying to access the network and the antivirus must run and installed and updated to access network). I know that the pre-confgiured default rule can check for installation/setting however not sure on the status of service / application running.

  Thank you.

  Hello

  For VGW configurations, you must have in separate subnets. For RIP, they can be in the same subnet without problem.

  HTH,

  Faisal

  --

  If you find this article useful, please note so that others can easily find the answer

• Integration of Cisco ACS and Cisco NAC Manager - downloadable ACLs

  Hello

  I have Setup Cisco NAC in my environment. These are all works well. The users themselves will get authenticated via Cisco NAC Manager. The Cisco NAC Manager meets with Cisco ACS for the part of the user database. These are all works well. I would like to activate downloadable ACLs. I tried to use the CISCO-AV-PAIR method and creating a downloadable ACL entry in the shared components, but nothing works. It's either I'm doing wrong or this configuration of the mine does not support downloadable ACLs? Please advice kindly.

  Kind regards

  RAM

  + 6 012-2918870

  Hello

  It is not possible.

  You cannot push the ACL in the NAC manager.

  If you make the Radius of NAC authentication manager, you can do is create roles the NAC Manager, and on the roles you define traffic strategies.

  Using the Radius attributes you can then map users to roles.

  Please, take a look at this:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.

  HTH,

  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Cisco NAC device filtering question

  Cisco NAC provides support for devices such as printers, IP phones, UPS failure, etc. by adding them to a list of filters.

  This allows these devices to bypass basically the NAC system and is only available on the network.

  My question is this. If exempt us these devices of the NAC evaluation, where is the security? What prevents a person to set the MAC address of the printer using a laptop?

  I can't imagine on this subject has not been raised before, but I can't seem to find an answer.

  Thanks in advance for your answer!

  Tom

  Well Yes, it was a big critical with the NAC device out of the box. There is no way to prevent the usurpation of MAC. Cisco has another device called parser SNAC, that solves this problem, but it costs extra.

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd806b7d4e.html