https://community.cisco.com/t5/network-access-control/nac-without-authentication/m-p/1701447#M232259 <P>Dear All:</P><P></P><P>Quick question.</P><P></P><P>Can you implement OOB NAC but avoid using authentication. That is:</P><P>That is when a user tries to login through a specific port, that user (whoever it may be) is checked against a static port-assigned policy and IF the user (whoever it may be) is validated as being OK, that port will always be assigned to the same VLAN. I'm just trying to see if I can do posture validation without having user credentials on an LDAP server.</P><P></P><P></P><P>Thanks in advance.</P><P>c.</P> Mon, 11 Mar 2019 01:15:46 GMT Carlos A. Silva 2019-03-11T01:15:46Z https://community.cisco.com/t5/network-access-control/nac-without-authentication/m-p/1701447#M232259 <P>Dear All:</P><P></P><P>Quick question.</P><P></P><P>Can you implement OOB NAC but avoid using authentication. That is:</P><P>That is when a user tries to login through a specific port, that user (whoever it may be) is checked against a static port-assigned policy and IF the user (whoever it may be) is validated as being OK, that port will always be assigned to the same VLAN. I'm just trying to see if I can do posture validation without having user credentials on an LDAP server.</P><P></P><P></P><P>Thanks in advance.</P><P>c.</P> Mon, 11 Mar 2019 01:15:46 GMT https://community.cisco.com/t5/network-access-control/nac-without-authentication/m-p/1701447#M232259 Carlos A. Silva 2019-03-11T01:15:46Z https://community.cisco.com/t5/network-access-control/nac-without-authentication/m-p/1701448#M232285 <HTML><HEAD></HEAD><BODY><P>Carlos there is a simple way to bypass authentication and just enforce posturing.</P><P></P><P>However this will not work if your entire deployment requires user authentication. If not, then this is how you would accomplish this.</P><P></P><P>You will create device filter for all mac address and select the role type as check, reference material is found here:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1052361">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1052361</A></P><P></P><P>Then you will create a port profile and follow step 9 here:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html#wp1083087">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html#wp1083087</A></P><P></P><P>I wanted to know more about your deployment, please keep in mind that the filter behavior does change depending on the deployment:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1142120">http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1142120</A></P><P></P><P>Thanks,</P><P>Tarik</P></BODY></HTML> Fri, 29 Jul 2011 07:08:39 GMT https://community.cisco.com/t5/network-access-control/nac-without-authentication/m-p/1701448#M232285 Tarik Admani 2011-07-29T07:08:39Z