Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
1
Replies

[NAC without authentication]

Carlos A. Silva
Level 3
Level 3

‎07-28-2011 02:18 PM - edited ‎03-10-2019 06:15 PM

Dear All:

Quick question.

Can you implement OOB NAC but avoid using authentication. That is:

That is when a user tries to login through a specific port, that user (whoever it may be) is checked against a static port-assigned policy and IF the user (whoever it may be) is validated as being OK, that port will always be assigned to the same VLAN. I'm just trying to see if I can do posture validation without having user credentials on an LDAP server.

Thanks in advance.

c.

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎07-29-2011 12:08 AM

Carlos there is a simple way to bypass authentication and just enforce posturing.

However this will not work if your entire deployment requires user authentication. If not, then this is how you would accomplish this.

You will create device filter for all mac address and select the role type as check, reference material is found here:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1052361

Then you will create a port profile and follow step 9 here:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html#wp1083087

I wanted to know more about your deployment, please keep in mind that the filter behavior does change depending on the deployment:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_addSrv.html#wp1142120

Thanks,

Tarik

0 Helpful
Customers Also Viewed These Support Documents