Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
5
Helpful
9
Replies

NAC L2 OOB VG Issue with wired user

Go to solution
nomair_83
Level 3
Level 3

‎12-15-2008 11:11 AM - edited ‎02-21-2020 03:10 AM

Dear all,

Need your favor, I was trying to do L2 OOB virtual gateway NAC for wired user with following :

Both interfaces of CAS are trunk with only respective VLAN allowed.

CAS is added to CAM.

Switch is added to CAS.

VLAN mapping is configured like 50(untrusted) has been mapped to 60(trusted)

Port profile is configured.

Switch port from CAS is configured with that port profile

ISSUES:

When I connect my client to Auth vlan 50 so should I need to give static IP to my NIC or it should obtain the IP from DHCP (for both auth and access vlan)

First I gave static from auth vlan 50 but port normally connected and does not show any NAC web page.

Then I configured DHCP for access vlan 60 and put the client port in auth vlan 50 but still not asking me for NAC posture page.

When I check discovered clients then it shows my Laptop MAC .

Am I still missing some thing?

Regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
drienties
Level 1
Level 1
In response to nomair_83

‎12-24-2008 12:04 AM

The NAC Captive portal is able to provide 3 options: Use Cisco NAC webagent, Download Clean Access Agent and Get restricted Access.

"Download Clean Access Agent" allows the user to download the agent, without using the webagent first. The user is only required to log in.

The button for "download Cean Access Agent", is available for all roles that are required to use the clean access agent. This is configurable at: Device Management > Clean Access > General Setup > Agent Login.

See the Installation and Configuration Guide(chapter 10) for more info

View solution in original post

0 Helpful
9 Replies 9

Go to solution
drolemc
Level 6
Level 6

‎12-22-2008 02:53 PM

Make sure the switch profile matches the switch type under Switch Management > Devices > Switches > New

For further information click this link.

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_oob.html

0 Helpful

Go to solution
nomair_83
Level 3
Level 3
In response to drolemc

‎12-23-2008 10:01 PM

Hi ,

that issue was solved. (it was dns problem).

Can u tell me that If I want my user to download clean access agent so how can I achieve that...I have uploaded agent to my CAM but Im confused that should my user use web agent first then download the agent over network or he can download Clean agent directly ?

0 Helpful

Go to solution
drienties
Level 1
Level 1
In response to nomair_83

‎12-24-2008 12:04 AM

The NAC Captive portal is able to provide 3 options: Use Cisco NAC webagent, Download Clean Access Agent and Get restricted Access.

"Download Clean Access Agent" allows the user to download the agent, without using the webagent first. The user is only required to log in.

The button for "download Cean Access Agent", is available for all roles that are required to use the clean access agent. This is configurable at: Device Management > Clean Access > General Setup > Agent Login.

See the Installation and Configuration Guide(chapter 10) for more info

0 Helpful

Go to solution
nomair_83
Level 3
Level 3
In response to drienties

‎12-24-2008 12:25 AM

Thanx dear , now it works:)

however it says that user must have admin previlage to install the agent but I will take care of it.

Regards,

0 Helpful

Go to solution
drienties
Level 1
Level 1
In response to nomair_83

‎12-24-2008 12:32 AM

happy to help,

to resolve the admin privilige issue you should distribute the Stub agent to your client computers.

The Stub agent allows them to install the agent and perform other nac related operations that would normally require admin priviliges under their own account with normal user priviliges.

You can obtain the stub package from the CAM interface under: Device Management > Clean Access > Clean Access Agent > Installation

for more information check out chapter 11 of the installation and configuration guide

0 Helpful

Go to solution
nomair_83
Level 3
Level 3
In response to drienties

‎12-24-2008 12:57 AM

Yup I did it, I clicked on CCAA MSI Stub on CAM then it asks me to save it on my laptop.

but when user click on download CAA 4.5.0.0 it shows CCAAAgent.setup.exe ... and again asks for admin prv...It should downlad stub file right?

0 Helpful

Go to solution
drienties
Level 1
Level 1
In response to nomair_83

‎12-24-2008 01:09 AM

The stub agent should be distributed via altiris/prism/or any other means of software distribution to the clients by the system administrators, you need to have administrative priviliges to install it.

after it has been distributed to all the required clients, the users should be able to download and install the regular agent from the captive portal without needing elevated priviliges.

Go to solution
nomair_83
Level 3
Level 3
In response to drienties

‎12-24-2008 01:12 AM

Cool..I will talk to my network admin.

Thanx dear

0 Helpful

Go to solution
laverne.sanders7278
Level 1
Level 1
In response to nomair_83

‎07-24-2009 06:33 AM

nomair,

Got a question what dns change did you make?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card