Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
3
Replies

Cisco NAC Server and Asset Number Check ? Would it work ?

Go to solution
dumlutimuralp
Level 1
Level 1

‎02-26-2010 08:36 AM - edited ‎02-21-2020 03:53 AM

Hi all,

A customer directed a question when we presented Cisco NAC today.  They were wondering, lets say, a Cisco NAC agent installed client connects to the network switch. It has all the valid applications and patch levels on his/her machine (posture validation checks pass)

However, even if the client passes all the posture check parameters, they would like to know that if the hostname of the client (mostly Windows Laptops) does not exist in their asset database (this database is an asset number database which is in a .csv or similar format) the posture validation should fail.

Have you encountered such request like this before ? Is there a feature on NAC server which checks a field against an external database such as an asset database ?

Cheers.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to dumlutimuralp

‎02-26-2010 09:05 AM

Dumlu,

Currently that is not possible. You can create checks which can check for values locally, but not against external datastores, so to map this against your thought, NAC would have to know of all the workstation names before hand and then check against that. This is unwieldy and very very difficult to scale.

If this is something you and your client think would be a good addition (and it sounds like a good idea) please engage with your account team and ask them to file a Feature request for you.

Thanks,

Faisal

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Faisal Sehbai
Level 7
Level 7

‎02-26-2010 08:52 AM

Hello,

Short answer is no. Longer explanation is that currently CAS only authenticates users and not computers. You can however create custom checks which can check for the existence of Registry keys and/or files on the filesystem, so you could theoratically create a registry key to be deployed on all your assets and then check through NAC for its existence.

As for computer authentication with NAC, this is in the works but a little ways off right now.

HTH,

Faisal

0 Helpful

Go to solution
dumlutimuralp
Level 1
Level 1
In response to Faisal Sehbai

‎02-26-2010 08:58 AM

Hi,

sorry for the expression however I am not talking about any kind of computer authentication stuff. Like you have mentioned, the things is, eventually, when a computer name is set on an end station that hostname goes into registry key. Lets say I pull that string from registry and copy that number and check it against an external database ?

Is this possible ?

Dumlu

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to dumlutimuralp

‎02-26-2010 09:05 AM

Dumlu,

Currently that is not possible. You can create checks which can check for values locally, but not against external datastores, so to map this against your thought, NAC would have to know of all the workstation names before hand and then check against that. This is unwieldy and very very difficult to scale.

If this is something you and your client think would be a good addition (and it sounds like a good idea) please engage with your account team and ask them to file a Feature request for you.

Thanks,

Faisal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card