Ports of the NAC

Similar Questions

• Actual gateway IP process to strip the NAC

  Hi all

  I did a lot of research, and I can not find good answers to some of my questions. All the big questions are answered for out-of-band configuration, but I find that it is assumed that this understanding in the Strip is taken for granted lol... I guess I'm slow = P

  1. How does the gateway IP In-band real?
  2. What is the point of the 30 subnets?
  3. Are there any access/auth pairs VLAN configurations in the band?
  4. How does quarantine work?
  5. I read that the NAC server cannot send traffic on untrusted port to a VIRTUAL LAN and that you are not allowed to trunk port. This means that there is no support for several VLAN reliable, mapped to a single server at the NAC?
  6. Can you do role with configurations mapping in the band?

  Assistance for all or part of these questions would be GREATLY appreciated!

  Thank you a lot =]

  ~ Xavier.

  Hi Xavier,.

  I'll try to answer your questions

  1. How does the Strip Real-IP Gateway?

  The CASE works in routed mode, if you have different IP addresses (on different subnets) on interfaces approved and unapproved. Because the CASE does not support routing protocols, routing must be configured through static routes

  2. What is the point of the 30 subnets?

  The idea is to have small subnets for your customers so that with this config IP customers in authentication VLAN should through the CASE even to talk to other clients on the same subnet L2.

  Click here for an explanation:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/47/CAs/s_dhcp.html#wp1057889

  3 is there access/auth pairs VLAN configurations in the band?

  If you ask if there is mapping VLAN, then the answer is NO, as the purpose of the VLAN mapping must * bridge * traffic between approved and unapproved mapped VLAN, but in real-IP the L3 routing traffic CASES.

  4. How does quarantine work?

  When a client is quarantined, it works the same way as OOB, as in this phase, the client is always online to the CAs.

  So the concept is assigned to the CASE by the temporary user or the role of midlife and he applies a traffic policy you've set up temporary or the role of midlife.

  5. I have read that the NAC server cannot send traffic on untrusted port to a VIRTUAL LAN and that you are not allowed to trunk port. This means that there is no support for several VLAN reliable, mapped to a single server at the NAC?

  The restriction of VLAN "single" for Real - IP CASE applies only to the * trust * side. The CASE may be the default gateway for several subnets VLAN / IP on the * rogue * side.

  Configuring addresses VLAN / additional IP on the unreliable side by using the configuration "managed subnet.

  This is mentioned here:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/45/CAs/s_deploy.html#wp1050938

  The clean access server can manage one or more subnets, with its untrusted interface, acting as a gateway for managed subnets. For more information on the setup of managed subnets, see Configuring managed subnets or static routes page 5-26.

  6. can you do role with configurations mapping in the band?

  Yes, you can do it! However, you cannot assign a VLAN as you do in OOB, but you can assign the different level of access based on IP traffic strategies and bandwidth restrictions that you assign the specific role.

  For example, check here for more details:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/45/cam/m_users.html#wp1040231

  In a Word, regardless of the use of the band vs OutOfBand:

  -customers are InBand before CAs in CASE detection, authentication, the phases of assessment and remediation of posture.

  The main difference occurs when the user is allowed to access the network and that you run the IB role assignment and OOB but... :

  -in customer traffic keeps on inline flowing to the IB CAs, so you can apply different access policies (ACL) and control of bandwidth depending on the role policies (but you cannot assign a VLAN);

  -in OOB, customer traffic bypasses the CASE once it is authorized: in this case, you can apply different VLAN but (given that the CASE is no longer along the way) you cannot apply ACL and/or ensuring the policy in this case.

  I hope that answers your questions.

  Kind regards

  Federico

  --
  If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

• Fight against exclusion the NAC mac

  Experts, assuming that few users are now authenticate & viz cisco NAC network access, they be filtered from the NAC to exclude the posture of NAC will be they be disconnected from the network & reconnected since they were connected & now are going to be ignorant of the NAC.

  How it works in this case. users will be disconnected for that to be effective, or will they be disconnected by force before it takes effect.

  Thanks to you all.

  Hello

  There is a port bouncing feature Cisco NAC that accomplishes this task for you. But it depends on your deployment mode, it is not required for each of them. Please see this link:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/cam/m_oob.html

  Please indicate if you will find the entrance helpul. Thank you

  Farrukh

• Configuration of the switch of the NAC

  Hello!!

  I bought a NAC server and a manager of the NAC, to centrally manage the vlan where users connect to based on authentication.

  I have several sites, but the NAC server will be at Headquarters.

  When a remote user authenticates, NAC must configure the user switch port for the vlan right.

  What is an out-of-band solution?

  Do need me a specific license for out-of-band?

  Best of look,

  Miguel Amaral

  Hello

  It's the same pattern: Yo uneed 2 licenses, one for the CAM and the other for CAs.

  One cam sets the number of cases you can add.

  That case defines how many users is supported.

  So either the CASE PAK has been lost, or never bought.

  In both cases, you will need to contact the entitiy that sold devices and demand for the PAK CASE.

  HTH,

  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Connection disabled for the Nac Agent

  Hello

  After installing the NAC Agent on Windows XP.

  The login window does not appear.

  Please see the attached support cisco report.

  Please suggest to overcome this problem.

  Thank you

  Abuzar

  Well, the default gw is an L3 device you have on your network, and if there is a firewall you will need to open the communication to these ports.

  What is the configuration of VLANS on the switch where the client is connected?

  Do you have an organizational chart?

  See you soon,.

  Tiago

• Free devices in the NAC 4.1

  Hello friends,

  I m the virtual gateway layer2 mode configuration, I m bit confused regarding what would be the free features of layer2 virtual gateway mode.

  whenever any device in the vlan for authentication, it will pass through NAC server but if I moved the normal port access vlan in the switch of ' switchport mode access vlan "that the device is off flow from the NAC.

  My knowledge regardless of the mapping vlan is being done in the NAC between authentication and vlan access only those VLANs is affected rest are all out of the stream of ANC, they will go as normal traffic.

  Also all my switches vlan management so when I don't create the mapping for management vlan that they do not pass through the NAC. Am I wrong?

  Please suggest me what other devices should be exempted from the networks, for example: printers and what else?

  Estela,

  You are right, in most of your assumptions. The essential with the NAC is to follow the flow of traffic and make sure in the not authenticated state, the flow of traffic is always in the CASE. It follows that if a port is not in a local VIRTUAL alongside unreliable network, it would never be repercussions of the NAC. For your VLAN authenticated, we need to ensure that taxiway, they are allowed only through CBS. This simple design rule in mind, look at your VLAN again and you will get most of the answers you seek.

  HTH,

  Faisal

• The NAC - OOB L2 authentication login page - does not appear!

  Hi all

  We have 2 managers of the NAC and NAC 2 servers. We have a failover solution. Our deployment is OOB layer 2 virtual Central Passage. We have successfully added the SIN in NAM and we did the requirements in NAM as a mapping setup VLAN (starting at vlan no reliable 913 to the vlan trust 910), adding managed subnet, change profile, profile, adding switches (cisco 3560) to NAM, the roles configuration on the user, the local users and also port user login page.
  Then, we tested it by connecting the PC to port controlled on the switch.
  The controlled port configuration was VLAN 910 and after connecting the PC, it is converted to 913 VLAN then we have successfully obtained an IP address from dhcp that is configured on the switch but the authentication login page appeared! and also, when disconnect us from the PC of this port, the configuration is not passed to vlan 913 to vlan 910 then manually change each time to do our tests.

  Do so that the login page appears and also automatically NAM to change the configuration of the port after having disconnected from the PC?

  Thanks in advance.

  AD SSO is supported with the Windows 2003, but with 2008, only single server is supported and which should also be 32-bit. 64-bit servers are not yet supported.

  HTH,

  Faisal

• Problem of the NAC - Agent is a disconnect

  Hello

  We have a problem with the NAC in mode virtual outofband.

  AD SSO, sanitation, everything is working, but the strange things happening: after awhile, when downloading large files, Agent connects to the formula of network users, and the registration process is restarted.

  I disabled the pulsation clocks and timers, session, but we still have a problem.

  Also, while sniffing traffic on the switch port, I noticed that after have correctly connected you to the own Cisco Agent network always send traffic to UDP Port 8905. Is this a normal behavior?

  I noticed problems with this version of the agent causing connections to give up intermittently. I would upgrade to agent v4.1.3.1.

• Can I use the lan Ethernet port on the airport express to the release of music?

  Can I use the Ethernet connections on airport express at the exit of music over wifi to a set of speakers? I would use an Ethernet connector at one end a DIN 5 pin to a pair of speakers beolab 2500/2300. I don't want to use the PIN audio output on the Airport express, as it is analog. Possible music out through one of the Ethernet connections at the back of the Airport express? Thank you

  Can I use the Ethernet connections on airport express at the exit of music over wifi to a set of speakers?

  Sorry, but no.

  I don't want to use the PIN audio output on the Airport express, as it is analog

  Perhaps you weren't aware that audio port on the AirPort Express audio book Terminal analog or digital, according to the type of connector used. See this link on the AirPort Express specifications to confirm... http://www.Apple.com/Airport-Express/specs/

  In other words, for the Express deliver audio analog, connect a standard stereo mini plug with connectors appropriate to the other end.  To ensure that the Express deliver audio digital, plug a mini Toslink cable to the audio port on Terminal AirPort Express.  An example is in this link... Airport Express Toslink - Amazon.com

• Open ports on the AirPort Extreme 7.7.7

  I wonder how to open ports on the AirPort Extreme version 7.7.7.

  I spoke to Microsoft some ports I need to open for my Xbox and have the list of ports. I'm looking for how to do this. I have no experience with this sort of thing and I know that I can do in the AirPort Utility application, but I don't want to mess with all that I wouldn't have to. I tried to search online for this guides and I can't find anything that is recent. When I watch videos, everything is a little different and the interface is not quite the same more so any help is appreciated.

  I got this Tip for the user of an airport for this situation. Check it out and see if this helps you.

• Using the Serial Port on the HP 50 g graphic calculator

  Hello world

  I have another question. I want to use the Serial Port on the HP 50 g to connect with another device. The device is called the MFJ-1214PC. What it does is to accept the text and commands through a 9-pin serial Port and converts the text in a Code Morse/RTTY sound audible. It also decodes Audible the Morse Code and RTTY radio signals and displays them as text on your computer. The program that controls the MFJ-1214PC was originally written for an IBM PC for the MS-DOS operating system. The HP 50 g graphic calculator meets the system requirements for the simplest version of the program. I was wondering if there is an MS-DOS emulator written for the HP 50 g, which would allow the HP 50 g to become the computer in this case, or if the program could be rewritten and brought to the HP 50 g. If it could be rewritten, programming language what do you think would be better suited to this type of application (if it is even possible?) or UserRPL, SystemRPL or Assembly. Don't forget that I'm a complete newbie with the HP50g and have never programmed with it yet. I'll include the manual of the MFJ-1214 PC as an attachment so that you won't have to look for him. Thank you in advance for your help!

  ~ Zekelegge ~.

  I understand (from my brief overview) out of the box-MFJ-1214PC, this offer box decoder output series computer.  The computer (50g in your case) will have the software to read message series and then convert that to an output for display.

  BartDb gave you the right answer.

  A serial cable with the correct speed level and reversing lever to manage as well as the 50G has a RS-232 signal to the outside world is the ideal solution.

  However, make sure that the output of the decoder box series package can be understood by the 50 g. aud, bits, etc.   (you have the set-top box manual, so you'll have to look that up)

  the streamsmart is not an aggregator of serial port.

  in other words, these connectors DIN of Qty 4 on the front do not accept series rs-232 input and send then to 50 G.

  I'm not an expert, streamsmart more info on these boxes is rare to find.  The probes are even more rare.

  However, I know that the 4 connectors are for the analog-to-digital conversion in the probes.  The streamsmart works as a "data logger" in which he sees the input probe, the A/D converted, then sends it to the 50G (or a computer via the USB port).

  In addition to the solution of Bart, there was another named Tiwag forum poster who created a serial cable and displayed a schematic representation of the cable.  This information can be found here:

  https://groups.Google.com/Forum/?fromgroups#! searchIn/comp.sys.HP48/serial$20port/comp.sys.HP48/ltcane1jSOw/uHyw2Ti03kgJ

  to see an example of programming to use the serial port of 50G, you can reference the following hpcalc GPS data collection program.

  http://www.HPCalc.org/details.php?id=7105

  It is written in userrpl so can be crossed with the reference of users advanced for the translation of the syntax.

  It seems that the main routine of concern for the comm to the gps is in the file "GPS >.

• Tecra M11 - 17V - identify the serial port on the docking station

  I have a laptop Toshiba Tecra M11 - 17V, which I often use with the docking station that accompanies it.
  There is a DB9 serial port at the back of the docking station, but I don't know what COM Port.

  I use Windows 7.

  In the device, COM9 Manager - COM22 are identified as Port BT (bluetooth). Com7 - COM8 are RIM Virtual Serial Port v2, COM17 is Prolific USB-to-Serial Comm Port and COM18 is USB-Serial CH340.

  I thought that COM17 or COM18 were the most likely candidates, but have not been able to get to answer using one of them.

  I connect a Psion 5 (Comms app) to him and have developed ports and the Psion 8bits, 19200 baud, no parity, 1 stop bit.

  Hello

  > There is a serial port DB9 on the back of the docking station, but I don't know what COM Port, it is

  I think you have misunderstood something wrong
  COM ports in Device Manager are virtual com ports
  There is no link between a serial port and a virtual com port.

  I have a question: what docking station you have exactly?

  I had an express port replicator and this device required an additional serial port driver installation.

• Running 3 monitors, 2 card Radeon 5450 and 1 port of the motherboard

  I have a p7-1154 HP which has two DVI ports on the motherboard, but I needed to run a third monitor so I installed a HP 5450 PCI Radeon card that has a DVI, HDMI and VGA port, but I can use only 2 of them at the time - or DVI, VGA or HDMI, and VGA. Motherboard ports don't work at all now, so I'm in the same place that I was before I even bought the video card. I was under the impression that I would be able to use existing DVI ports on the motherboard as well as DVI/HDMI and VGA video card port together... How can I get there?

  Thank you very mucho.

  Daniel

  My friend, welcome to the forum.

  Here is the Product Specifications page for the computer.  If you look at the section titled "Integrated graphics", you will notice that it says the following: * integrated video is not available if a graphics card is installed.  Therefore, there is no way to use a third-party monitor.

  If your problem is solved, please click "accept as a Solution.

• USB ports on the side of the w2207h monitor

  I plugged in the USB ports on the side of my w2207h monitor, but I get an error message saying that the USB device has malfunctioned and it is not recognized by Windows whenever I start my computer.  Is it possible to get the USB ports on the side of the screen to work?

  Excellent response. Remove the "unknown device". Then restart.  Only his own to the top of the error.

  It is important to always use 'remove hardware safely', found in the system tray, to select the USB device your disconnect. Just by pulling the cable will cause this error.

  Removed Hanspuppa caused response she said it was a problem with the driver for the monitor. We all make mistakes, it's human. But it's kind of ridiculous to remove the cause of the answer, you make a simple mistake. Not of him to ask, but an empty answer is worse than facing her.

• Satellite M300 - works only one USB port on the right side

  Hello

  in the series of M, Toshiba M300 satellite (red), there is a port USB combo and something else, and also another USB port ordinary on the * left * side of the laptop. There is also a USB port on the * right * side.
  Currently, for some reason, on my right, the USB port works (in other words, the laptop detects) and my left side, where there are 2 USB ports, it does not work (in other words, it does not detect it) I have no idea how solve this problem.

  And what happens if you connect the external USB mouse?
  It work?

  > I have the toshiba recovery of the burned disc, should I use it?
  Why not, you can test it with the new operating system preinstalled too.