The NAC solution

Similar Questions

• How to remove the entire NAC solution?

  We recently received the request to work on the removal of the full implementation of the NAC of our company.  The major problem is that the security team in place now was not around when it was introduced a few years ago.  Any help on how the best way to rip it all up would be appreciated.  Weve got about 1500 users, so its not going to be a small project to say the least.  Fortunately for us, the team that has put in place did not a lot with it. IT doesn't check the user against the AD and allows or quarantines the user/machine, that's all.

  Version 4.7.2

  A question, what do you do with the migration? 802. 1 x?

  In any case, I think the best option is to remove the switchports for the NAC by defining "uncontrolled port". Please notice that you must configure the VLAN, because most of the time the VLAN initial NAC is configured to isolate the client computer.

  Please rate if this can help

  

• Activation of the NAC HA puts several hosts and ASA with processor clocked at 100%

  I installed a NAC Manager and a NAC server in OOB without any problems, but when I configured the AP (high availability) with another server, my ASA and several guests in my network started work ant 100% of the cpu.

  I tried to configure each interface of the NAC on a single DMZ and the problem stops there.

  -That someone had this problem (NAC version 4.7)

  TKX

  Miguel Amaral

  Hello Miguel.

  When I started a NAC InBand HA solution I had a similar problem that I solved the heart rate HA configuration to use ETH0 just instead use ETH0 and ETH1.

  Best regards

  Luciano Carvalho

• Configuration of the switch of the NAC

  Hello!!

  I bought a NAC server and a manager of the NAC, to centrally manage the vlan where users connect to based on authentication.

  I have several sites, but the NAC server will be at Headquarters.

  When a remote user authenticates, NAC must configure the user switch port for the vlan right.

  What is an out-of-band solution?

  Do need me a specific license for out-of-band?

  Best of look,

  Miguel Amaral

  Hello

  It's the same pattern: Yo uneed 2 licenses, one for the CAM and the other for CAs.

  One cam sets the number of cases you can add.

  That case defines how many users is supported.

  So either the CASE PAK has been lost, or never bought.

  In both cases, you will need to contact the entitiy that sold devices and demand for the PAK CASE.

  HTH,

  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Problem of the NAC in the virtual tape gateway VPN SSO

  Hello

  I've implemented a NAC solution for remote users. The unit of CASE mode configured in the gateway enVirtual Strip.

  I followed all the steps listed in http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml

  Remote users can connect succeffuly using the cisco vpn software and they can ping the SIN, but not the DNS (the ASA offers IP @ but not the DNS I do not know why).

  When I access the NAS, I can download the NAC Agent but VPN SSO is not executed and the Agent asks me to connect using LOCAL DB.

  Any help please,.

  Kind regards

  Larson,

  For VPN SSO work, you must send the accounting package to the CAs. The CASE can in turn send for the ACS if you need accounting also be done on GBA, but for authentication ONLY work, the accountant must reach the CASE.

  HTH,

  Faisal

• When is high the NAC

  My team give me a task to impliment of the NAC in a business network solution:

  the solution contains the system wireless using the gamepad wireless LAN, VPN over WAN, reduendancy for each device.

  1. I want to impliment NAC Manager high availability and high server of the NAC Installation Guide, I found a lot of senerios avilabilty

  2. I want to impliment the NAC INband what recommendations server layer 2 or Layer 3 implimentaions

  3. I saw in the installation guide which in high avialabilt of NAC use cabel series and no info about

  Thank you for your help

  Hello

  The best solution for you is to deploy the CCA in a centralized deployment of L3 OOB mode. Local users will be connected to the CAs in L2 OOB.

  In the future, you can easily deploy NAC in the branch offices.

  Looking for your network diagram, you connect CAM and ca to WS-C4509-E switches.

  CAM and CASES use as a null-modem serial cable, you can use it, but it is not necessary if you connected two cams via crossover ethernet cable.

  Kamil,

• The NAC - OOB L2 authentication login page - does not appear!

  Hi all

  We have 2 managers of the NAC and NAC 2 servers. We have a failover solution. Our deployment is OOB layer 2 virtual Central Passage. We have successfully added the SIN in NAM and we did the requirements in NAM as a mapping setup VLAN (starting at vlan no reliable 913 to the vlan trust 910), adding managed subnet, change profile, profile, adding switches (cisco 3560) to NAM, the roles configuration on the user, the local users and also port user login page.
  Then, we tested it by connecting the PC to port controlled on the switch.
  The controlled port configuration was VLAN 910 and after connecting the PC, it is converted to 913 VLAN then we have successfully obtained an IP address from dhcp that is configured on the switch but the authentication login page appeared! and also, when disconnect us from the PC of this port, the configuration is not passed to vlan 913 to vlan 910 then manually change each time to do our tests.

  Do so that the login page appears and also automatically NAM to change the configuration of the port after having disconnected from the PC?

  Thanks in advance.

  AD SSO is supported with the Windows 2003, but with 2008, only single server is supported and which should also be 32-bit. 64-bit servers are not yet supported.

  HTH,

  Faisal

• Best practices of the NAC

  Hello friends, I was instructed to implement a NAC solution, and I wonder if there are some documents that show some best practices recommended by Cisco. Thanks in advance.

  Start here:

  http://www.Cisco.com/en/us/products/ps6128/prod_presentation0900aecd80549168.html

  These should give you a good idea of the general concepts that you can use.

  HTH,

  Faisal

• Basic of the NAC deployment question

  Hello

  Do I have reason to assume that at least 2 devices - a server and Manager must consist of a NAC deployment? or is the manager, an application running on a Windows Server? the Manager can run on the same machine as the server?

  My second question concerns Cisco Trust Agent and clean access Agent. CTA has actually managed by CAA? from what I see, CTA was part of the old framework of the NAC until they start using devices.

  Many thanks in advance,

  DOM

  Manager and the server can run on both PC or Cisco devices, which are in fact HP ProLiant DL140 G3 or HP ProLiant DL360 G5 PCs ;) You will need two devices in all cases.

  Second question - no one knows what will happen with all technology in the future. Is it completely replaced by MS NAP? The framework of the NAC is cancelled? Two Cisco solutions are not perfect. What customers actually need, is to have all the features of the NAC appliance to operate directly on the routers and Cisco switches. No clean access server no need in this case, only managing! And the OOB mode which is difficult to set up, support and troubleshoot will disappeared. The NAC framework is executed directly on Cisco devices, but it's not feature-REACH as NAC Appliance.

• Update of Linux in the comments of the NAC 3315

  Hi all

  Y at - it an option to update the OS of linux pre-installed in the NAC later?

  Thank you

  Kind regards

  Vijay.

  Hello

  You do not have this option, that the Cisco NAC product line comes with a version of linux that is suitable for the solution.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• What is the best solution of virtual machine to run El Capitan in Mountain Lion?

  Looking for the best solution run El Capitan in a mac Mountain Lion. I just need to use El Capitan to run xcode.

  There are 3 main reasons that I improve my main system at El Capitan:

  1 apps that I always trust that are only optimized to work up until the 10,8

  2. I want the convenience of not having to restart my computer to use 1 program.

  3. don't like projector or the interface of the user interface in general of 10.11

  Knowing that, what solution recommend you so I can use El Capitan in the environment of mountain lion.

  I know only vmware and parallels. Other options I'm missing? What would you recommend?

  Thank you

  I would recommend "don't bother." You don't like El Capitan then why do you want what it? If you know how to partition a disk, then install El Capitan on a new disk partition.

• When you open a file fdf Firefox goes into an infinite loop of opening new tabs. The only solution is to reboot the machine.

  When you open an fdf file, firefox goes into an infinite loop of creating a new tab, reading a local file (I think that a copy of the fdf file), opening a new tab, read the same file, etc.. The only solution is to reset the machine.

  For now, I guess that the solution is to open the FDF externally (i.e. in Reader or Acrobat and not the plugin).

  You can search for known bugs about Marlon or submit a new report in Bugzilla.

• Flash video not working does not, despite all the previous solutions

  On some embedded flash video sites do not work properly. Strangely enough, youtube works very well.

  I've browsed the forum and have tried the following solutions, none doesn't seem to work:

  -Disable Realplayer (which is not installed on my computer)
  -Downgrade to Flash 11.2
  -Switch to Firefox 14

  How does it work, is to run Firefox in safe mode. This means that one of my custom extensions/add-ons gives me a hard time. Safe mode stops all my Add-ons, and obviously this isn't what I want. So I went to my list of Add-ons and the disabled one by one, trying to figure out what the troublemaker. Oddly enough, even when I disable all the manually, the problem is not resolved. So somehow safe mode stops more that I can do it manually. Does anyone have an idea how can I know what are the causes of the problem?

  Hardware acceleration is also disabled in safe mode.

  Try turning off hardware acceleration.

  Options > advanced-> general - navigation

• Firefox prompts to save passwords of websites. The key to the Password Manager icon appears on the left side of the address bar, but the corresponding window asking if I want to save the password or not, does not appear. I tried all the possible solutions

  I installed the latest version of Firefox on my laptop (Windows 7 Professional 64-bit). The thing is that firefox prompt to save passwords of websites. I'll explain you a little more away with an example: suppose I load www.gmail.com. When I login, the password manager key is displayed on the left side of the address bar, but the corresponding window which would ask if I want to save the password or not, does not appear. I tried all the possible solutions. It is true that when I restart firefox with disabled modules (safe mode), password manager works fine. But I don't really use Add-ons that could prevent firefox to save passwords. I disabled all add-ons and ran firefox in normal mode, but the password manager does not work yet. Please keep in mind that I tried everything and that any post not published so far describes a similar problem to mine case. Consider that I have the same I have configured the entire system from the beginning. The problem appeared again from the first time I launched firefox. At that time, I had not installed any antivirus software and there is no add-on with firefox. Hope someone can give me a valid solution...

  Start Firefox in Firefox to solve the issues in Safe Mode to check if one of the extensions or if hardware acceleration is the cause of the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > appearance/themes).

  • Makes no changes on the start safe mode window.
  • https://support.Mozilla.com/kb/safe+mode
  • https://support.Mozilla.com/kb/troubleshooting+extensions+and+themes

  It is possible that there is a problem with key3db and signons.sqlite files that store the encrypted names and passwords in Firefox.
  
  Rename signons3.txt and signons.sqlite files in the Firefox profile folder.
  
  You can add .old files (key3.db.old and signons.sqlite.old) names or move them to another folder to make it possible to cancel the action.
  
  You must define a new master password after renaming or removing the signons3.txt and all the currently saved passwords are lost.
  
  If that worked, then you can delete the renamed files that are no longer needed.

  See:

  • "Troubleshooting" in http://kb.mozillazine.org/Password_Manager

• The 2011 versions of Microsoft Office (Word, Excel, etc.) can be run on an iMac OS 10.11 running?  If not, is the only solution to purchase the latest MS Office suite?

  The 2011 versions of Microsoft Office (Word, Excel, etc.) can be run on an iMac OS 10.11 running?  If not, is the only solution to purchase the latest MS Office suite?

  Office 2011 and 2016 for Mac running OS X El Capitan, you can install Office 2011 if you bought. Don't forget to update the latest version.