In the NAC MAC address filter list

How are Faisal Hi, you? I have a question about this list of filters in the unit of the NAC. I want to do those recognized unit of the NAC mac addresses are to be get the network. However if a workstation's mac address is not in the filter list, would it not able to do the network. Is that the NAC has the ability to do? Please let me know. Thank you.

Richard

I'm not Faisal, but...

You want to make additional (such as LDAP or such) or any authentication simply based on the MAC address?  If you want to only via the MAC, you can add them to the list of filters and then either set to 'allow' to allow all traffic, 'role' to put them in a specific role, or "check" to apply the evaluation of posture and then put them in the role.  If no other server authentication is configured, users who were not in the list of filters would not be able to authenticate, and they would be stuck in the authenticated VLAN.

Thank you

Lauren

Tags: Cisco Security

Similar Questions

  • exit show me the same MAC address twice

    Hi all

    and easy for sure. When I run the interfaces see the G0/1 command on switch, why the output shows me the same MAC address twice?

    the address is 00d0.58c0.4519 (bia 00d0.58c0.4519)

    I know, BIA is burned in address and is located on the ROM, but what is the idea behind this?

    EDIT: also would like to ask, why a router maintains an arp entry for its own interface, it seems that this is not the case on for example a Windows laptop...

    Best regards

    Adam

    Adam,

    Some interfaces allow you to configure user-defined MAC address:

     R1#show int f0/0 | i bia Hardware is AmdFE, address is cc00.0fac.0000 (bia cc00.0fac.0000) R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int f0/0 R1(config-if)#mac-address 0200.0000.0001 R1(config-if)#do show int f0/0 | i bia Hardware is AmdFE, address is 0200.0000.0001 (bia cc00.0fac.0000)

    HTH

    Rolf

  • SG500 showing the same MAC address on more than one port?

    My ISP has been help me solve a problem that we had with an interaction between our SG500 battery on HP customer premises equipment.

    I have the stack of SG500 divided into two VIRTUAL LANs. 8-port VLAN11 and the rest on VLAN1. Both are of VLAN native, not marked so they will carry only the traffic for their own VLAN with no mixing. I also route between these VLANs on the stack.

    VLAN11 switch ip: 10.76.20.20

    IP switch VLAN1: 10.1.1.1

    I took a port for each VLAN and plugged into the HP PSI switch, where he adapt VLANS separated which then connect to a remote data center through an MPLS.

    Here's the question: the SG500 seems to have mac address base on two HP PSI switch ports. This disrupts the HP switch, and I end up having packets to fall into a black hole. This is the output of the switch from HP showing mac based battery SG500 goods between ports in seconds:

    HP # display the address mac 8843e1-af7085

    Status and counters - Address-Table - 8843e1-af7085

    MAC address: 8843e1-af7085

    Located on the Port: 15

    HP # display the address mac 8843e1-af7085

    Status and counters - Address-Table - 8843e1-af7085

    MAC address: 8843e1-af7085
    Located on the Port: 11

    Any idea what's going on here? It's as if the SG500 uses the MAC even for both its IP addresses.

    Thank you!

    Hi Dani, the only MAC address announced by SX300/500 series should be the Mac system if you show on the SX500 mac address table, you should see the MAC even for both VLAN. I don't know why, is to confuse the HP switch unless it does not correctly between switches vlan tag.

    -Tom
    Please mark replied messages useful

  • 4 devices using the same mac address in the ARP Table. Explanation

    Please tell me why four devices connected to the router shares the same mac address was shown on the arp table? I know this has to do with the firewall and owner of listening devices, but why all using the same mac address instead of him? I'm trying to understand this scenerio. Please advice.

    Internet 16x.1x.2x.1x - 0050.5486.5f60 ARPA Ethernet0/0

    Internet 16x.1x.2x.1x 1 0040.1017.2d64 ARPA Ethernet0/0

    Internet 16x.1x.2x.1x 11 0040.1017.2d64 ARPA Ethernet0/0

    Internet 16x.1x.2x.2x 216 0040.1017.2d64 ARPA Ethernet0/0

    Internet 16x.1x.2x.2x 88 0040.1017.2d64 ARPA Ethernet0/0

    Internet 16x.1x.2x.2x 166 0040.1017.2d64 ARPA Ethernet0/0

    No problem at all... I guess she gave us the opportunity to learn that a little on the proxy-ARP and the potential for problems, it can cause.

    Paresh

  • Script to set the static Mac address

    I have an Infrastructure virtual with about 200 vm with several vNIC and automatic Mac address. I need to assign static Mac for all NICs for and want to perform this operation with a powershell script and a csv input file. I have the entry csv file that looks like this: Vm, portgroup Mac Vm1 00:11:22:33 Vm1, pg1, pg2, 00:11:22:44 Vm2, pg1, 00:11:44:44 (I know the Mac above are not valid) can anyone help with the powershell code to automate the static configuration of mac?  Thanks in advance

    Hello, ITS.

    You should be able to use the following to achieve:

    ## import the info from the CSV$colNICInfo = Import-Csv c:\vmNICInfo.csv$colNICInfo | %{    $oSingleNICInfo = $_    ## get the VM, get its NetworkAdapters and for the one whose NetworkName matches that from the CSV, set its MAC address    Get-VM $oSingleNICInfo.VMName | Get-NetworkAdapter | ?{$_.NetworkName -eq $oSingleNICInfo.NetwkName} | Set-NetworkAdapter -MacAddress $oSingleNICInfo.MACAddr -Confirm:$false -WhatIf} ## end foreach-object

    A few things to note:

    • I left the '-WhatIf "parameter on the Set-NetworkAdapter portion, so that you can run this first (perhaps with a small sample of game in the CSV file) to check that things look like they will work.  Remove this parameter to set the MAC addresses
    • The code provides that the CSV of this format:
      MACAddr VMName, NetwkName,
      someVM, VLAN128, 00:50:56:00:00:0F
    • The cmdlet Set-NetworkAdapter requires the new MAC address in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF.  It's not the range likely to use, VMware only a subset.  Seems to be a limitation of the cmdlet (probably intentional).

    Message edited by mattboren: added a note about removing "-WhatIf" to actually set the MAC addresses of the network adapters

  • How to filter the similar MAC addresses?

    Hello

    I'm trying to filter MAC addresses, but the MAC column shows empty.

    Here's what I have so far:

    Get-data center $DC | Get - Vm | Get-View |

    Select @{N = "VM"; E={$_. Name}},

    @{N = "#NIC"; E={($_. Config.Hardware.Device | where {$_.} MacAddress} | Measure - Object). County}},

    @{N = "#MAC"; E = {[string]: join (",", ($_.))} Boulevard | %{$_. MacAddress})) | Where-Object {$_.} MacAddress as ""00:50: F3 * "}}},"

    @{N = "IP addresses"; E = {[string]: join (")}

    ,',($_. Boulevard | %{$_. Ip_address}))}}

    Thank you

    Give it a try like this

    Get-Datacenter $DC | Get-Vm | Get-View |Select @{N="VM";E={$_.Name}},@{N="#NIC";E={($_.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualEthernetCard]} | Measure-Object).Count}},@{N="#MAC";E={[string]::Join(',',($_.Guest.Net | where {$_.MacAddress -like "00:50:F3*"} | %{$_.MacAddress}))}},@{N="IP addresses";E={[string]::Join(',',($_.Guest.Net | %{$_.IpAddress}))}}

  • Integration of the NAC Profiler - cannot add list of filters on cam

    Hi all

    I have a problem with the Profiler - integration of the NAC for endpoint profiling.

    Here's the situation:

    I have already created the integration based on the steps in the Guide: Setup Cisco NAC Appliance integration. I think that the configuration is correct, because I can do database synchronization between the Profiler and CAM. Here's the log of server profile:

    NAC_SYNC: Task_Queue_Runner commissioning
    NAC_SYNC: Profiler / END of synchronization of the NAC [add 0, upd 0, desc 0, rm 0]
    NAC_SYNC: Profiler / START the synchronization of the NAC
    INFO: [2010-12-15 11:01:09 (fcapGetHWAddr:49)] is for eth0 MAC

    I have already created a profile of endpoint named "Admin" which is based on the IP address. I also created the NAC events based on endpoint profile 'Admin '.

    The event of the NAC will present 'Admin' profile to a role of the NAC. This event aims to circumvent 'Admin' of the legalisation of the ANC visa so that the "Admin" can connect to the network automatically to a role of the NAC.

    However, when 'Admin' to connect to the network, it still is challanged by NAC. I don't see "Admin" on the filter of the CAM or the list.

    This means that the endpoint profiling is still broken.

    Is there anyone who have experience with this?

    Thanks for the support and comments

    Imad

    Hello

    You cannot add devices manually on the profiler.

    The Profiler has to detect automatically (it is the concept of profiling).

    How this Profiler detects endpoints use the modules of collector.

    Each module has endpoints detection means.

    You will find the description of each collector module here:

    http://www.cisco.com/en/US/docs/security/nac/profiler/configuration_guide/311/p_intro231.html#wp1062345.

    HTH,

    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • How can I determine the MACaddress of the Gen 4 Apple TV so that I can connect to my network. Must register on the router MAC address to connect to the internet.

    Security on my network requires that the MAC address of the device must be registered on router or I can't connect to the internet. Does not use a password based security configuration. How to find MAC address before the introduction of Apple TV?

    Contact your ISP

  • Is it possible to get the Wifi MAC address in the program?

    I went through the api of the RIM, but I have not found anything either can achieve this, so is it possible tho? Anyone has idea abt this?

    There is no BlackBerry API read the MAC address of a wireless connection.

  • Find the offending MAC address to bpduguard

    I have a Cisco WS-C6509-E with IOS, connected to a hypervisor with several virtual machines on it.

    The port on the 6500 that connects to the hypervisor is a trunk port and allowed to bpduguard.

    One of the virtual machines is originally the port pass to err - disable State by sending BPDUS. I'm trying to figure out which, the Cisco itself. Specifically, I'm trying to find the MAC address of the virtual machines.

    Is this possible? I watched with full spanning tree debugging on debugging, but all I get is that the port will in err - disable. He's going to tell me what is the address MAC offending (or anything on the BPDUS).

    Short of stripping the VLAN on the trunk, until I have the network guilty (which won't actually give me guilty unit but rather, only sound VLAN), I don't know if there is a direct command or debug to give me this information directly. Can anyone help?

    Hello

    Try extending over the port and capture some of the traffic.

    Thank you

    John

  • Support of the NAC Profiler address & ip

    Hello

    I have a layer 3 OOB NAC Profiler deployment and I am trying Profiler some IP phones from a remote location by using the statement of helper-ip address on the interface on the remote router. The problem is that the remote router acts as a dhcp server for the vlan voice and fact not forword DHCP discover for Colectionneurs of the NAC, and I can't phone ip profile. Do you know a way (an order of configuration on the router) to forword the dhcp even though the router acts as a DHCP server for this vlan?

    Thank you

    Victor

    Hi Victor,

    To do this... You must add a SVI for the voice VLAN on the switch behind the router, and then add the IP helper on the new interface VLAN voice.

    -Hassan

  • LWAPP lose names and appearing as the default MAC address

    I had random LWAPP that were configured previously appearing as the original names as if they were just installed (APxxx:xxxx:xxxx). I know because the location field is the location of where they are, and the name of the AP group is also set to the location they are. What would cause this?

    WLC = 7.0.98.0

    AP = 1142n 12.4 (23 c) JA

    This problem is there... it happens about 5 percent of my overall AP

    Just my $.02

    If your access point keeps its AP group settings and location, it does not lose its configuration...

    Have you tried to restart an AP that indicates the Mac address format and see if she takes up with the correct name?

    I bet that happens with the correct name...

    If Yes, my money is on your APs are passing the WLC and join before the WLC has allowed the previous entry.

    It makes sense on the WLC to temporarily restore a name APs if two APs join with the same name (since you can't have two APs of the same name).

    I may be wrong, it can permeanently reset name, but I bet that this has to do with your AP declining and join too quickly...

  • It is possible to find the old MAC address?

    I have a serious problem with an application because of licensing depends on the virtual machine's MAC address. This MAC address changed when the transferd vm to another host.

    Do you know if there is a way to find old MAC?

    Thank you

    NR

    While previous answers are basically good, I want to add that you need to search your vmware*.log files or all occurrences ethernetX.generatedAddress to find the older Macs used by the virtual machine.

  • Fight against exclusion the NAC mac

    Experts, assuming that few users are now authenticate & viz cisco NAC network access, they be filtered from the NAC to exclude the posture of NAC will be they be disconnected from the network & reconnected since they were connected & now are going to be ignorant of the NAC.

    How it works in this case. users will be disconnected for that to be effective, or will they be disconnected by force before it takes effect.

    Thanks to you all.

    Hello

    There is a port bouncing feature Cisco NAC that accomplishes this task for you. But it depends on your deployment mode, it is not required for each of them. Please see this link:

    http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/cam/m_oob.html

    Please indicate if you will find the entrance helpul. Thank you

    Farrukh

  • Download of the printer Mac address

    I have a 6600/6700 officejet all in a printer, scanner and fax that is currently executing a software for windows and mac os x. computer disc it loads only mac os x 10.5, 10.6, v10.7, version 12.14.0 and loaded down our windows successfully. The problem we have is that my son computer is a laptop mac os x 10.8.4 and low custom load the disc to set up. Could someone please recommend a way or another disc which will allow us to download on my son's computer, so we can use it to make printingon distance our new printer hp officejet 6600on our new printer the hp officejet 6600.

    Thanks Allan

    Hi Allan,

    Please visit the link below and you need to download driver for the officejet 6600 for Mac Os 10.8.

    Please download and run on Mac OS.

    http://h10025.www1.HP.com/ewfrf/wc/softwareCategory?OS=4142&LC=en&cc=us&DLC=en&sw_lang=&product=5304873#N340

    I represent HP
    You can say thank YOU by clicking on the STAR of CONGRATULATIONS. If my suggestion solves your problem Mark as a 'SOLUTION' in this way, others can benefit thanks in advance!...

    Concerning

    Aneesh

    I represent HP
    You can say thank YOU by clicking on the STAR of CONGRATULATIONS. If my suggestion solves your problem Mark as a 'SOLUTION' in this way, others can benefit thanks in advance!...

Maybe you are looking for