https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907623#M765464 <HTML><HEAD></HEAD><BODY><P>There's an option to bounce the port when a user gets logged in. As long as the users aren't plugged into an IP phone, that might be an option.</P><P></P><P>The other option is to allow non-authenticated clients to get a DHCP address from the normal range, meaning that the VLAN change won't affect them.</P></BODY></HTML> Tue, 26 Feb 2008 17:06:09 GMT cleidh_mor 2008-02-26T17:06:09Z https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907619#M765455 <P>Dear All,</P><P>I have implemented NAC on my campus.</P><P>but there is a big problem,</P><P>my users have to refresh their Ip addresses when the NAC changes their VLans.but they have not enough permission for releasing their Ip address and renew it,</P><P>any idea?</P> Fri, 21 Feb 2020 09:51:20 GMT https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907619#M765455 emadehsan 2020-02-21T09:51:20Z https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907620#M765456 <HTML><HEAD></HEAD><BODY><P>i don't know if there is a 'cisco' solution, but in windows just edit their group policy in AD and give them permissions to change their network settings.</P></BODY></HTML> Wed, 09 Jan 2008 14:50:33 GMT https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907620#M765456 srue 2008-01-09T14:50:33Z https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907621#M765460 <HTML><HEAD></HEAD><BODY><P>The CCA Stub will enable users without admin rights to renew their IP automatically. I just ran into this issue in our OOB deployment.</P><P></P><P>- Dave</P></BODY></HTML> Wed, 20 Feb 2008 14:14:44 GMT https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907621#M765460 davemit 2008-02-20T14:14:44Z https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907622#M765462 <HTML><HEAD></HEAD><BODY><P>Unless they have changed it the stub just lets the updates run without admin rights. It is easiest to just give them right to release and renew. </P><P></P><P>However, we weren't allowed to do that and had to resort to using devcon.exe from Microsoft.</P></BODY></HTML> Thu, 21 Feb 2008 21:15:35 GMT https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907622#M765462 pplsi 2008-02-21T21:15:35Z https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907623#M765464 <HTML><HEAD></HEAD><BODY><P>There's an option to bounce the port when a user gets logged in. As long as the users aren't plugged into an IP phone, that might be an option.</P><P></P><P>The other option is to allow non-authenticated clients to get a DHCP address from the normal range, meaning that the VLAN change won't affect them.</P></BODY></HTML> Tue, 26 Feb 2008 17:06:09 GMT https://community.cisco.com/t5/network-security/nac-and-active-directory-users/m-p/907623#M765464 cleidh_mor 2008-02-26T17:06:09Z