https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387283#M797792 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Short answer is no. Longer explanation is that currently CAS only authenticates users and not computers. You can however create custom checks which can check for the existence of Registry keys and/or files on the filesystem, so you could theoratically create a registry key to be deployed on all your assets and then check through NAC for its existence.</P><P></P><P>As for computer authentication with NAC, this is in the works but a little ways off right now.</P><P></P><P>HTH,</P><P>Faisal</P></BODY></HTML> Fri, 26 Feb 2010 16:52:14 GMT Faisal Sehbai 2010-02-26T16:52:14Z https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387282#M797756 <P>Hi all,</P><P></P><P>A customer directed a question when we presented Cisco NAC today.&nbsp; They were wondering, lets say, a Cisco NAC agent installed client connects to the network switch. It has all the valid applications and patch levels on his/her machine (posture validation checks pass)</P><P></P><P>However, even if the client passes all the posture check parameters, they would like to know that if the hostname of the client (mostly Windows Laptops) does not exist in their asset database (this database is an asset number database which is in a .csv or similar format) the posture validation should fail.</P><P></P><P>Have you encountered such request like this before ? Is there a feature on NAC server which checks a field against an external database such as an asset database ?</P><P></P><P>Cheers.</P> Fri, 21 Feb 2020 11:53:18 GMT https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387282#M797756 dumlutimuralp 2020-02-21T11:53:18Z https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387283#M797792 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Short answer is no. Longer explanation is that currently CAS only authenticates users and not computers. You can however create custom checks which can check for the existence of Registry keys and/or files on the filesystem, so you could theoratically create a registry key to be deployed on all your assets and then check through NAC for its existence.</P><P></P><P>As for computer authentication with NAC, this is in the works but a little ways off right now.</P><P></P><P>HTH,</P><P>Faisal</P></BODY></HTML> Fri, 26 Feb 2010 16:52:14 GMT https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387283#M797792 Faisal Sehbai 2010-02-26T16:52:14Z https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387284#M797816 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>sorry for the expression however I am not talking about any kind of computer authentication stuff. Like you have mentioned, the things is, eventually, when a computer name is set on an end station that hostname goes into registry key. Lets say I pull that string from registry and copy that number and check it against an external database ?</P><P></P><P>Is this possible ?</P><P></P><P>Dumlu</P></BODY></HTML> Fri, 26 Feb 2010 16:58:56 GMT https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387284#M797816 dumlutimuralp 2010-02-26T16:58:56Z https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387285#M797856 <HTML><HEAD></HEAD><BODY><P>Dumlu,</P><P></P><P>Currently that is not possible. You can create checks which can check for values locally, but not against external datastores, so to map this against your thought, NAC would have to know of all the workstation names before hand and then check against that. This is unwieldy and very very difficult to scale.</P><P></P><P>If this is something you and your client think would be a good addition (and it sounds like a good idea) please engage with your account team and ask them to file a Feature request for you.</P><P></P><P>Thanks,</P><P>Faisal</P></BODY></HTML> Fri, 26 Feb 2010 17:05:03 GMT https://community.cisco.com/t5/network-security/cisco-nac-server-and-asset-number-check-would-it-work/m-p/1387285#M797856 Faisal Sehbai 2010-02-26T17:05:03Z