NAC Appliance deployment problem

Similar Questions

• NAC Appliance and LDAP Lookup

  Hello

  I have two CAM HA and two CASES in HA.

  I set up LDAP search to create role assignment rule.

  In this configuration is only a windows server to find the properties of the user.

  There is a problem when this servers Windows is out of service. There are configurations of attenuation when the server isn't here.

  Thanks to you all.

  The search server configs State LDAP use LDAP authentication provider. LDAP authentication provider says that you can have multiple entries in the unique field

  LDAP

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/413/cam/m_auth.html#wp1158614

  You can add LDAP authentication servers redundancy by recording several LDAP URL in the URL field of the server, separated by a space, for example:

  LDAP://ldap1. ABC.com ldap://ldap2.abc.com ldap://ldap3.abc.com

• NAC Appliance reporting to MARS

  Configurable MARCH for reports received of NAC Appliance CAM/ect? It is not an option for NAC under devices in MARCH.

  Thank you

  -KK

  I apologize for not going too far with my answer. Fortunately, there are NetPros who know much better than I the NAC.

  In summary:

  "During deployment NAC framework in your network, if the NAC router is already configured to send syslogs and NetFlow events to MARS, all you have to do is configure the router to send specific syslogs NAC."

  To answer your question, it is not the CAM/AR but the router that must be set up in MARCH. That's why you see no option under devices of MARCH for the CAM/CAs.

  I hope this helps.

• Cisco NAC Appliance

  Hello

  I wanted to know if anyone can give me help on a Cisco NAC appliance.

  Honestly, I've heard of them, but I've never installed or worked on a before and I

  have a client who wants to have one installed. So I wanted to know some here can

  point me in the right direction regarding the installation and configuration. Thank you

  the help in advance and have a very nice evening.

  Hello

  Everything you need to get started:

  http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html.

  HTH,
  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Web NAC NAC Appliance Agent Vs agent

  Hello

  What is the difference between 'NAC Appliance Agent' and "NAC Web Agent"?
  I my case I do not get the pop up 'NAC Appliance Agent' screen, although I am able to correctly connect through "NAC Web Agent.
  I would like to know if the connection via "Agent of NAC Appliance" is mandatory.

  PFA, the 'CiscoSupportReport.zip' for 'Agent NAC Appliance'.

  Thank you
  Sagar

  It is not mandatory to use the agent unless you specify in the policy for the role of user assigned to your username.

  The web agent can do most of what makes the installable agent, at least with respect to authentication and posture.

  Check the role assigned to your user as part of the management of devices-> own access and see what is required for this role.

  Hope this helps

• NAC Appliance IPv6 compatibility

  I read in the book "Cisco NAC Appliance: host security with Clean Access application ' (published 2008) that the real mode IP Gateway is only IPv4 compatible but that IPv6 compatibility will be provided in a future update.

  Having searched around, I find no reference to the unit of the ANC being IPv6. Anyone know what ways (if any) are IPv6 compatible?

  Hello

  Although IPv6 has been on the roadmap, currently it is not supported and there is no ETA for IPv6 supports the devices of NAC.

  HTH,

  Tiago

  --

  If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

• Basic configuration of NAC appliance

  I have a small project to authenticate users about 100 to access the network. We plan to use the Cisco NAC appliance. Just to clarify (I saw some post but I'm not sure of the correct answer) do I need 2 separate devices, one as a server and the other as a controller; or I just need a do two tasks?

  Thank you

  -Arturo

  Hi Arturo,.

  You need two devices to operate. A Manager and a server.

  There is a great Cisco Press book on the ANC by James Heary device that will give you a lot of details and information on the configuration of the devices.

  I hope this helps.

  Paul

• NAC appliance purchase question

  Dear Experts,

  This summer we bought a Server Appliance from Cisco NAC3315-K9-500-500-NAC3315-K9.

  And we are about to begin its deployment. But to our surprise, we learned that it is a separate physical server to manage the NAC and NAC Manager license is required.

  Unfortunately, we bought the unit of the NAC with support (rather hasty) that management (CAM) and the access server (CASES) are integrated into a single box. But, after checking a configuration guide, he said that one or other of the CAM or CASES can be installed on the device.

  So is it possible to integrate them both on the same machine? Or must buy this CAM server that cost a fortune?

  Or alternatively, the cam can be installed as a virtual machine?

  Looking forward for your answer,

  Thank you very much!

  Hello

  You cannot run the cam and the CASE on a single piece of material (when you install the software, you must choose the Manager or the server prior to installation scripts), you must run on separate devices. However, you can get a job in Ise (licenses), which is the last product that can take advantage of all the features of the NAC in one device. However based on your network (amount of endpoints) it can easily take more material.

  ISE can run on devices that you have purchased, you will need to go to your cisco account representative or your partner of cisco in order to have their with the discount and you get to put on the same page on ISE (providing the demonstration or proof of concept).

  I supported the NAC and ISE and your best approach should not go forward with the NAC product now that ISE is out, it is a design much better in the way it integrates into your network, it uses also not only the manager and server, but it includes the profiling and reviews management services which are all of different products within the line of the NAC.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• NAC Appliance with ASA (for remote user VPN)

  I have a pair of firewall 5520 cisco which is used as a VPN gateway (for remote user VPN) and perimeter firewall Internet (to provide outbound internet connectivity).

  We allow the NAC to remote VPN users. I have it will be deployed with active 3 layer inband.

  The problem with this design is that how to ensure that outgoing internet traffic does not pass through the CASE?

  I heard about couple of optioins:

  -ACB (for send only IP subnet to VPN users remote to go through CASE)

  -Version 8.x characteristic of ASA (Restrcit access to VLAN under Group Policy).

  I intend to do with ASA firewall where I can set a new subinterface on the SAA (with a new tag VLAN) and under the group policy for remote user VPN, I select the option to "restrict access to the new VLAN.

  My question is: is - it still works (even if the firewall have a route to the internal network by using the 'inside' interface and NOT the new interface of the NAC). If this does not work, please let me know what are the other options for this type of deployment.

  Thanks in advance.

  Hello

  It should work. Please see the attached PDF for more clarity on this topic: https://supportforums.cisco.com/docs/DOC-9102

  HTH,

  Faisal

• Chassis FPGA deployment problem

  Hello!

  I use cRIO 9024 with a voice coil actuator control modules.

  The problem I have is that when I run the FPGA code, he said "the chassis is in programming mode Interface to Scan. In order to run the FPGA screws, you must go to the property page of the chassis, select the FPGA programming mode and deploy settings. »

  So I checked the property, but it has been defined as "FPGA programming Mode. Also when I'm trying to deploy the chassis, I have error message "LabVIEW: (Hex 0x80DF0010) current deployment operation has a missing dependency."

  Since I'm not the one who wrote the code, I have no idea what causes this problem. This code is used for the different game with the same model of cRIO but different modules. I've already replaced modules that I use with those that are necessary for this code.

  Anyone know what is happening here, please?

  Thanks in advance to 1 million.

  Geehoon

  
  

• OR 7966R - the bitfile deployment problem.

  I've implemented the following

  SMU 1085 three chasiss NOR SMU 7966R FPGA inside.

  I'm connected to a remote host via MXI using an SMU-8381

  I tried to run the NI 5761 - single CLIP.lvproj sample provided with race and LabVIEW examples just to get things to the top.

  and I get the following message if poster on all targets...

  Compilation went well but can't deploy the bitfile...

  Kind regards

  Maciej

  To the hour... so my bad, I forgot to mention one thing in my game to the top.

  I got a sync 6674 t module that is currently seems to be a little tired. Since I don't have the intention to use it then.

  I removed the chassis and things started work very well.

  It seems that it has caused problems.

  Kind regards

  Maciej

• Cisco NAC appliance - after a success does not change users to connect to the vlan propper

  Hello

  I am new to cisco NAC BURNERS and I have to troubleshoot an implementation. It is a real OOB IP gateway configuration. Users can connect to the Pentecost the CCA, but after the connection of this success, they remain on the role not authenticated, as well as on this vlan. I checked the SNMP protocol and seems to work very well. Also, I checked the logs on nac_manager.log and there is nothing surprising, in fact I see nothing about this user or IP address that connects.

  Also the user does not appear on the list of users online on cam.

  Can someone help me figure out how can I fix? version 4.8, I'll post any information requested

  Thank you

  We recently had the problem with Windows AD SSO and Windows 7 clients.

  Would authenticate the XP clients very well, however, Windows 7 clients would not authenticate and will remain just on the authenticated vlan.

  Our question was looking for CASE SSO account, we installed on AD. It only support the encryption, WHICH has no Windows 7 64. We turned off "Use OF THE encryption" on the account authentication UNIQUE AD and re-tested.

  What are the parameters of the port-profile to which is applied the switchport?

  What is the map settings vlan ports trunk not approved or confidence?

• Virtual gateway Wirelles In-Band NAC Appliance

  Hi, people.

  Knows someone like NAC Wirelles in-band Gateway Virtual Appliance configuration.

  TKS.

  Hello

  Well, it's a pretty simple question and I can say that many people know how to configure NAC to WIreless NVI VG.

  Can you be more clear on exactly what you need?

  ARO

  Tiago

• NAC Appliance CAM/CASE

  Question:-we currently have NAC devices 1xCAM-2xCAS, no problems works great. The software is v4.0.5.

  We bought another camera of the NAC to use as the CAM as the current CAM will be lost during a "company cut.

  The NAC again has version V4.1.2.1. This is inconsistent with the CASE.

  If we improve the CASE also to V4.1.2.1, then we suffer loss of current functionality with existing CAM. (this is not the plan). We want the current environment run in parallel.

  Can 'downgrade us' the new 4.0.5 CAM?

  Thanks in advance

  That is a difficult question and I'm not a simple answer.

  You can check the release notes for 4.0.5 and see if your new CAM h/w is supported, if so you can recreate the image. But unless you can find a clear statement that 4.0.5 is supported on the new CAM so I wouldn't run the risk.

  You can also find problems in trying to control a CASE of two cams.

  I think you can look at some downtime to upgrade of your CAs.

  Could you make a backup of the CAM 4.0.5 and reatore 4.1.2.1 CAM? Probably not.

  Sorry, I'm no help!

• NAC Appliance OOB L3

  Hello world

  "My friend" (:-)) which I want to deploy NAC OOB L3.

  Why this one? Because it has a central location and a few branches (a little more in fact) and these branches are 2 hops L3 at the center ball. Specifically, there is a L3 switch as a gateway for users of general management of the LAN, and after that, a router that connects to the Center (GRE/IPSec).

  It is, and I failed to find or to realize by myself: it is mandatory to use a DHCP server to allocate ip-s to customers? (for all their States: permit unauthenticated, authenticated, etc.).

  If not, how it should be done?

  Second: if it is mandatory, must it only works with a DHCP server deployed centrally, or I can use the L3 switch in all industries as a dhcp server?

  Thank you for your patiance.

  DHCP is required for gateway real-ip L3 OOB given that the system will have to obtain a new address when it is permitted to VLAN and then again after the posture process when it is switched back to its VLAN 'normal '.

  As for the DHCP server, you can use a central server with a local switch provide addresses or a combination of both.

  In our facility, the local switch is the DHCP server for the auth VLAN and a local server is used to access VIRTUAL local area network.

  Mike