Support of the NAC Profiler address & ip

Hello

I have a layer 3 OOB NAC Profiler deployment and I am trying Profiler some IP phones from a remote location by using the statement of helper-ip address on the interface on the remote router. The problem is that the remote router acts as a dhcp server for the vlan voice and fact not forword DHCP discover for Colectionneurs of the NAC, and I can't phone ip profile. Do you know a way (an order of configuration on the router) to forword the dhcp even though the router acts as a DHCP server for this vlan?

Thank you

Victor

Hi Victor,

To do this... You must add a SVI for the voice VLAN on the switch behind the router, and then add the IP helper on the new interface VLAN voice.

-Hassan

Tags: Cisco Security

Similar Questions

  • In the NAC MAC address filter list

    How are Faisal Hi, you? I have a question about this list of filters in the unit of the NAC. I want to do those recognized unit of the NAC mac addresses are to be get the network. However if a workstation's mac address is not in the filter list, would it not able to do the network. Is that the NAC has the ability to do? Please let me know. Thank you.

    Richard

    I'm not Faisal, but...

    You want to make additional (such as LDAP or such) or any authentication simply based on the MAC address?  If you want to only via the MAC, you can add them to the list of filters and then either set to 'allow' to allow all traffic, 'role' to put them in a specific role, or "check" to apply the evaluation of posture and then put them in the role.  If no other server authentication is configured, users who were not in the list of filters would not be able to authenticate, and they would be stuck in the authenticated VLAN.

    Thank you

    Lauren

  • Integration of the NAC Profiler - cannot add list of filters on cam

    Hi all

    I have a problem with the Profiler - integration of the NAC for endpoint profiling.

    Here's the situation:

    I have already created the integration based on the steps in the Guide: Setup Cisco NAC Appliance integration. I think that the configuration is correct, because I can do database synchronization between the Profiler and CAM. Here's the log of server profile:

    NAC_SYNC: Task_Queue_Runner commissioning
    NAC_SYNC: Profiler / END of synchronization of the NAC [add 0, upd 0, desc 0, rm 0]
    NAC_SYNC: Profiler / START the synchronization of the NAC
    INFO: [2010-12-15 11:01:09 (fcapGetHWAddr:49)] is for eth0 MAC

    I have already created a profile of endpoint named "Admin" which is based on the IP address. I also created the NAC events based on endpoint profile 'Admin '.

    The event of the NAC will present 'Admin' profile to a role of the NAC. This event aims to circumvent 'Admin' of the legalisation of the ANC visa so that the "Admin" can connect to the network automatically to a role of the NAC.

    However, when 'Admin' to connect to the network, it still is challanged by NAC. I don't see "Admin" on the filter of the CAM or the list.

    This means that the endpoint profiling is still broken.

    Is there anyone who have experience with this?

    Thanks for the support and comments

    Imad

    Hello

    You cannot add devices manually on the profiler.

    The Profiler has to detect automatically (it is the concept of profiling).

    How this Profiler detects endpoints use the modules of collector.

    Each module has endpoints detection means.

    You will find the description of each collector module here:

    http://www.cisco.com/en/US/docs/security/nac/profiler/configuration_guide/311/p_intro231.html#wp1062345.

    HTH,

    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • ACS 5 + license - maximum supported of the unique IP addresses?

    Hi all

    I have a question about ACS 5 + license. Here:

    http://www.Cisco.com/en/us/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-616320.html

    There is this statement:

    With the basic licence, Cisco Secure ACS 5.2 devices or machines virtual software can support deployments of up to 500 devices of network (authentication, authorization, and client accounting [AAA])

    ......

    The optional add-on of large deployment license allows deployment to support over 500 network devices. Deployment license important that one is required per deployment as it is shared by all instances.

    Does anyone know how many devices is supported with large deployment? I understand that more than 500, but how much more (with reconciliation)?

    Thank you and Bravo,

    Hug

    It's unlimited - but they way ACS he treats can be very simple.

    For example.

    When I add 1 device with a single IP address he uses 1 500 guests allowed (on the standard license)

    If I add a 24 network range it is still a record but uses 255 guests

    If I add a 16 network range this new is still a record but would use 65535 hosts (and of course you can do it on the base license)

    By experience, it is difficult to manage unique devices in ACS and instead has a lot simply to group these features in IP address ranges.

    Therefore, you could have technical network 255 x 8 lines covering all areas of using 4 billion possible IPv4 addresses + host records, but always in just 1 record on ACS

    Paul

  • How to clear the directory of endpoint in NAC Profiler

    Hi all

    I want to delete all discovered endpoint and profiles by the NAC Profiler.

    Can someone guide me on this point, I can remove all the end of discovery and profiles by the Profiler at once point.

    Thank you

    Abuzar.

    Hello

    You can either try to restart or to go to 'configuration', 'apply changes' and then 'new model '.

    I don't think that you can just delete everything, you just re - profile from the beginning

    Nicolas

  • EtherCAT: "found a module not supported on the slave device"?

    Hello

    I have a CompactRIO system that uses of slave hunts EtherCAT (cRIO-9081 + cRIO-9144) when I tried to deploy my settings, I got this message:

    Found a module not supported on the device slave address 0: 32445 slot

    What does that mean? (I have several slaves Garland, but of course, I don't have that many slot machines!) The chassis that has been reported with a red exclamation point contains these modules:

    • NI9201

    • NI9203

    • NI9265

    • NI9421

    • NI9481

    Is one of them unsupported on EtherCAT? If so, is there a list of modules taken into charge/no supported somewhere?

    Thank you!

    Hey there,

    I think you'd find this knowledge base, http://digital.ni.com/public.nsf/allkb/CA3A1D2166A4591386257514007A0F9C?OpenDocument , useful. It would be better to check what version of DAQmx you use and check the readme associated for compatibility or verify this DeveloperZone, http://www.ni.com/white-paper/10462/en. I hope this helps.

  • Profiler in the NAC 2.1 to 3.1 upgrade

    Hi guys,.

    I'm setting up a Profiler from the NAC that accompanies 2.1 installed. I upgraded to 3.1, prayed and installed the license without any problems, but I always get this message: "ERROR: [2010-12-08 09:25:01 (main: 668)] valid no key not found [no such file or directory]" "

    The license file exists, and on the interface Web Profiler from the NAC, the State of the license is OK.

    A single line in the license file gives me this information: 'cisco 2.1 INCREMENT CCA-MANAGER countless Permanent '.

    Does anyone know if the license is linked with the version of Profiler?

    The upgrade from 2.1 to 3.1 is allowed or it is necessary to purchase a new license 3.1?

    Best regards

    Hello

    So I guess you spotted the problem here...

    You have a collector's license?

    You need 2 licenses: 1 to the server profile, and one for the collector.

    Basically, the mac address you provide is the same (eth0 ot Server Profiler), but you need a PAK Server Profiler to generate the license Server Profiler (the one you already have) and a PAK for license collector (which is missing).

    You have the collector PAK?

    If Yes, then just go to the license page and submit this PAK and the mac address.

    HTH,
    Tiago

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • Satellite A80-P440: is BT supports the A2DP profile?

    Hi, as seen in the title of the post, I have a laptop of A80-P440 and it interests me using the A2DP profile, but I'm not sure at all, this notebook can do? I know it's built-in bluetooth, but I can't seem to connect with the music devices.

    No idea how I can configure the profile, or not at all? Thank you!

    I think that this article is a problem. Latest toshiba battery supports the a2dp profile, download the last stack and then you can add new devices/pair it. Http://aps.toshiba-tro.de/bluetooth/pages/download.php is a link on google

  • ISE - profile of the NAC agent

    Dears

    I want to deploy via GPO NAC agent and I need to create the agent profile, I know how to create on ISE, but how to get the file in xml format which will be distributed?

    You can try to install only a single PC (whether by a manual installation or captive portal). If you have set up rules of posture while ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml.

    Then you can browse the following directory and find the NACAgentcfg.xml file in your PC.

    C:\Program Files (x 86) \Cisco\Cisco NAC Agent

    After that, you can deploy mass agent of the NAC as well as the xml file. Well that is not required to deploy the xml file as a I said, every time, there is a rule of posture the NAC agent will download the last available the ISE Server NACAgentcfg.xml.

    Please rate if this can help.

  • To add the address in the user profile

    Hello guys I'm cooler in atg and I want o Add an address in the user profile, but I am facing this exception

    Please help me

    12:49:29, ERROR 068 [[jsp]] Servlet.service () for servlet jsp threw exception

    java.lang.NullPointerException

    at com.test.userprofiling.TestProfileFormHandler.handleNewAddress(TestProfileFormHandler.java:517)

    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke (unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke (unknown Source)

    at java.lang.reflect.Method.invoke (unknown Source)

    at atg.droplet.EventSender.sendEvent(EventSender.java:639)

    at atg.droplet.FormTag.doSendEvents(FormTag.java:829)

    at atg.droplet.FormTag.sendEvents(FormTag.java:675)

    at atg.droplet.DropletEventServlet.sendEvents(DropletEventServlet.java:653)

    at atg.droplet.DropletEventServlet.service(DropletEventServlet.java:681)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.commerce.order.CommerceCommandServlet.service(CommerceCommandServlet.java:150)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.commerce.promotion.PromotionServlet.service(PromotionServlet.java:213)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.userprofiling.AccessControlServlet.service(AccessControlServlet.java:696)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.sessionsaver.SessionSaverServlet.service(SessionSaverServlet.java:2452)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.userprofiling.PageEventTriggerPipelineServlet.service(PageEventTriggerPipelineServlet.java:191)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.multisite.SiteSessionEventTriggerPipelineServlet.service(SiteSessionEventTriggerPipelineServlet.java:161)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.userprofiling.SessionEventTrigger.service(SessionEventTrigger.java:512)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.userprofiling.ProfilePropertyServlet.service(ProfilePropertyServlet.java:230)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.userprofiling.ProfileRequestServlet.service(ProfileRequestServlet.java:461)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.projects.store.servlet.pipeline.ProtocolSwitchServlet.service(ProtocolSwitchServlet.java:309)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.pipeline.DynamoPipelineServlet.service(DynamoPipelineServlet.java:491)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.pipeline.URLArgumentPipelineServlet.service(URLArgumentPipelineServlet.java:298)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.pipeline.PathAuthenticationPipelineServlet.service(PathAuthenticationPipelineServlet.java:392)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.security.ThreadUserBinderServlet.service(ThreadUserBinderServlet.java:113)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.dtm.TransactionPipelineServlet.service(TransactionPipelineServlet.java:234)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.pipeline.SecurityServlet.service(SecurityServlet.java:196)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.multisite.SiteContextPipelineServlet.service(SiteContextPipelineServlet.java:515)

    at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:157)

    at atg.servlet.pipeline.HeadPipelineServlet.passRequest(HeadPipelineServlet.java:1252)

    at atg.servlet.pipeline.HeadPipelineServlet.service(HeadPipelineServlet.java:930)

    at atg.servlet.pipeline.PipelineableServletImpl.service(PipelineableServletImpl.java:272)

    at atg.filter.dspjsp.PageFilter.innerDoFilter(PageFilter.java:349)

    at atg.filter.dspjsp.PageFilter.doFilter(PageFilter.java:208)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)

    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

    at org.apache.coyote.http11.Http11Protocol$ Http11ConnectionHandler.process (Http11Protocol.java:598)

    to org.apache.tomcat.util.net.JIoEndpoint$ Worker.run (JIoEndpoint.java:451)

    at java.lang.Thread.run (unknown Source)

    Hello

    seems that your address_id required property is set to null. Here is a code that updates a property of secondaryAdresses users with a new addess with the tag "new address". The code is probably not the best way to do and definitely not production quality that among others it has no transaction and management errors. Simply, the code creates a contactInfo and which adds to the secondaryAddresses map.

    try {}

    String userId = 'self - 570125';

    atg.repository.MutableRepository persRep = (atg.repository.MutableRepository)pRequest.resolveName("/atg/userprofiling/ProfileAdapterRepository");

    atg.repository.MutableRepositoryItem person = persRep.getItemForUpdate (userId);

    Create ContactInfo

    address atg.repository.MutableRepositoryItem = persRep.createItem ("contactInfo");

    address.setPropertyValue ("address1", "Some Street");

    address.setPropertyValue ("address2", "City");

    address.setPropertyValue ("firstName", "Anna");

    address.setPropertyValue ("lastName", "Anna");

    persRep.addItem (address);

    allow users to alternative addresses current

    java.util.Map secAddresses = person.getPropertyValue ("secondaryAddresses") (map);

    Don't use card create new map to manipulate the values

    java.util.HashMap newAddMap = new java.util.HashMap();

    newAddMap.putAll (secAddresses);

    Add new contactInfo la carte

    newAddMap.put ("new address", address);

    person.setPropertyValue ("secondaryAddresses", newAddMap);

    persRep.updateItem (person);

    }

    {} catch (RepositoryException ex)

    logError ("A mistake of repository", ex);

    }

    David

    Please check the answer as useful or correct if she attends.

  • Y at - it an e-mail address for technical support to the creative cloud? I want to send a screen shot requested by chat support. [edited for ease of search; title was "I APOLOGIZE in ADVANCE if I AM IN THE WRONG PLACE"]

    I FINALLY FOUND a WAY TO TALK to the TECHNICAL ASSISTANCE to ADOBE VIA CHAT, the OTHER NIGHT, IT OF 01:30 and WAS making it impossible for me to continue MENTAL fatigue so I asked the tech email I could send the file that he wanted me to leave a screenshot and I would send this morning, he gave me a link, and the next day I tried to get the system error still once , so I could make the screen shot and send it, 24 hours later it finally err'd and when I clicked on the link, he gave me he asks me questions, after question 30, I'm exasperated me I JUST WANT to SEND FING SCREEN SHOT so they can fix their program darn.  does anyone know the email for tech support to the CREATIVE CLOUD?

    < moderator signatures Email and your personal informationpersonal information >

    Hi angimarek,

    I do not know what technical problem you are trying to solve the problems, but I don't want to move your discussion in Adobe Creative cloud for now, as you have indicated that you are looking for technical assistance with creative cloud. You'll most likely to receive the help you need in this forum.

    E-mail of contact technical support regarding: sometimes a technician will provide you with its follow-up email, but it is not an address to which you can send your screenshot. You can, however, open a new chat via this link: Customer Contact. Since you now have a screenshot available, I hope that the new technician will be able to solve your problem quickly. Please note that the chat and telephone support are available Monday to Friday.

    You can also post your screenshot and the question in the forum and our experts will do their best to help you. Make sure to include details on your operating system, what product you are using and what error you receive.

    Best,

    Del

  • 802.11 ac for the 3602i WAP AIR-AP-SUPPORT-1 (default, Low-Profile)

    I have this AIR-AP-SUPPORT-1 (default, Low-Profile) for WAP 3602i installed on my site. Can I upgrade to 802.11ac module without changing these media? or should I change when I switch to 802.11ac module whenver its available?

    Anyone experianced?

    Thank you

    Selvaraj S

    This group should work.

    Sent by Cisco Support technique iPhone App

  • Change the IP address in the user profile of the Network Configuration?

    I added some users on the network configuration in order to change the ip address when they are in the other site, but in Windows 7 it is inviting to enter the user name and password, if a single user, enter the name password it will allow them to change the ip address how to change so that the user is able to change your ip without asking for a password and username?  How can I solve it... Thanks in advance.

    Nerdcat

    Address you internal IP is defined by the router or the ISP based on your configuration.  If you try to change the internal IP address using "static IP" you shouldn't have to enter a user name and password so that it is in configuration and fixed like that.

    You cannot change the external IP provided by your ISP it however.

  • How can I hold the public IP address on a specific profile on the asa 5510

    Hi guys

    How can I hold the public IP address on my session NAT VPN cisco customer for no one else can use it? I have a cisco ASA 5510

    the Interior is 172.10.20.86

    public 166.245.192.90

    Need to call my ISP?

    Thank you

    Sorry to say but your qustion is not very clear. Can you please post what you are trying to achieve?

    Thank you

    Ajay

  • The NAC - OOB L2 authentication login page - does not appear!

    Hi all

    We have 2 managers of the NAC and NAC 2 servers. We have a failover solution. Our deployment is OOB layer 2 virtual Central Passage. We have successfully added the SIN in NAM and we did the requirements in NAM as a mapping setup VLAN (starting at vlan no reliable 913 to the vlan trust 910), adding managed subnet, change profile, profile, adding switches (cisco 3560) to NAM, the roles configuration on the user, the local users and also port user login page.
    Then, we tested it by connecting the PC to port controlled on the switch.
    The controlled port configuration was VLAN 910 and after connecting the PC, it is converted to 913 VLAN then we have successfully obtained an IP address from dhcp that is configured on the switch but the authentication login page appeared! and also, when disconnect us from the PC of this port, the configuration is not passed to vlan 913 to vlan 910 then manually change each time to do our tests.

    Do so that the login page appears and also automatically NAM to change the configuration of the port after having disconnected from the PC?

    Thanks in advance.

    AD SSO is supported with the Windows 2003, but with 2008, only single server is supported and which should also be 32-bit. 64-bit servers are not yet supported.

    HTH,

    Faisal

Maybe you are looking for

  • Google docs has suddenly said there is a cookie issue. Worked well until recent days.

    He said to ensure that cookies are enabled. And I went to authorized privacy of websites to follow me. It still does not work. Then he said that maybe I need to clear my cache and cookies. There is no Info for Firefox versions past 3.5, so I have no

  • I can't turn my iPhone 6

    Hello I turned off my iPhone I 6 normally and when I tried to turn it back on again with the power button / nothing happens. I tried to charge the phone and I tried to force the phone turn it back on by pressing the home button and the power button a

  • Dynamically import ".m" Matlab Script file

    I want to dynamically load a file of Matlab .m to the Matlab Script function in a VI. In other words, based on a path to a file ".m" (control of the FP), load the ".m" of the file in the Matlab Script, and then run it. Does anyone know how to do this

  • Launch programs unidentified running.

    When I turn on my computer, unidentified programs run for a 1/2 hour. If I try to use my computer before and then it crashes to the top. I tried to close the startup programs but he did ' t help. How to disable these programs unidentified or know wha

  • L3VPN and IPsec

    I have to ask if someone have the full documentation on how to do L3VPN and use IPsec to encrypt traffic between the terminal nodes L3VPN. Thank you. Petar