Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
0
Helpful
2
Replies

NAC, script or template to modify registry

kutukutu9
Level 1
Level 1

‎03-24-2009 12:00 PM - edited ‎02-21-2020 03:22 AM

Anyone got a template or script which would modify the necessary registry settings so that clean access agent will notice when the vlan changes and then would refresh ipconfig?

I've deployed the NAC 4.1.3 in a OOB Layer 3 with central CAS deployment. I've noticed that when you clear the certified device list users that are still logged in are placed in the untrusted VLAN but since the port never goes down the IP address on the client doesn't change. I can't enable port bouncing because I have IP phones. So we could enable RetryDetection in the registry along with PingArp but this requires I know how to mass modify registry setting via group policy. So does anyone have a adm template or logon script example I could use to accomplish this? I don't have the knowledge to make this happen. Any ideas? Thanks

0 Helpful
2 Replies 2

Daniel Laden
Level 4
Level 4

‎03-24-2009 05:05 PM

I believe there is a bug with the NAC Agent 4.1.3.0 code were it is too aggressive in renewing the IP address. This was corrected in NAC Agent 4.1.3.1 and newer

But the information you are looking for is located at the following link:

Access to Authentication VLAN Change Detection on Clients with Multiple Active NICs

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_regapx.html#wp1032898

0 Helpful

Daniel Laden
Level 4
Level 4
In response to Daniel Laden

‎03-24-2009 05:11 PM

After rereading your posting, I realize this information will not assist you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card