Cisco NAC Online User List Problem and Multiple MAC Scenario ?
I am performing Cisco NAC demo at a customer. Have two vital questions.
1_ Customer is willing to do posture assessment whenever it is possible., like everytime a user connects and disconnects from and to the network. For wired connections I have emhasized "remove online user when disconnected" setting in port profile. This works great. However for users who are wireless or behind IP phones , there is no such setting. So if a user switches from wireless to wired, that user is still on Online User List so it does not get assessed against NAC Server. It continues to work without any posture validation. Is there any other setting to remove the Online User who is wireless o behing an IP phone once it gets disconnected from the network ?
2_ What exactly happens when there are multiple devices on a switchport (I know I could see it for myself but time is tight ) ? I mean if there are multiple devices who are members of different roles, is the switchport assigned a different VLAN whenever that clients posture validation gets completed ?
For 1, you can have the user removed from OUL in OOB scenarios, but behind IP phones it's difficult since we won't know when the PC is offline from there. Only way to know that is when CAM receives a MAC-Notification of a new MAC address being learnt. In IB, you can use heartbeat timers to log them out
For 2, when a new MAC address is seen on the port, the MAC-Notification is sent out, and depending on your port profile the switchport will change or not. Check your port profile settings for more details on how you have it setup.
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...