03-18-2014 08:58 PM - edited 03-10-2019 09:33 PM
Hi,
Is there any way to do a nac agent auto provision?
I know it can be achieve by cwa portal(web redirect) and user have to install nac agent manually. But we would like to see nac agent be installed right afeter user successfully login using 802.1x.
03-19-2014 10:27 PM
As per my knowledge , it is not possible. If NAC is not available, it has to be downloaded from source, which is reflected from Redirect URL.
05-08-2014 08:59 AM
I dont follow your thought process but this is how i have most of my deployments are setup.
CWA < NSP < COA < 802.1x < Posture Status Unknown *In this state either client does or doesnt have nac agent in which ISE will proceed to install it or continue probing to for the NAC agent.
Remove CWA < NSP < COA from the picture and you have your exact scenario. What is your work flow look like that it is not "automatic" and define what you mean by "manually"?
11-20-2014 10:43 PM
Could you try endpoint debugging, a new feature in ISE 1.3, and see if that gives a better DEBUG log(s)? You may access it at ISE live log by right-clicking on the endpoint’s MAC address or go to Operations > Troubleshoot > Diagnostic Tools > General Tools > EndPoint Debug.
Also, at exact what point did it give this failure? Right after CWA login and transit to the CPP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide