12-14-2005 07:52 PM - edited 03-10-2019 01:33 PM
I would like to know if there is a way to allow MS group policy traffic to pass through to a Clean Access protected PC. There is a need to push group policy traffic during boot of the PC and this PC sits on a Clean Access protected network. Also, these PC's will need to receive "pushed" AV updates from our server and will not necessary be "logged in" via Clean Access but will be attached to the network. Thank you.
12-20-2005 02:03 PM
Check group mappings for Network Admission Control (NAC) databases to verify that the correct user groups are associated with each system posture token (SPT). In the user groups configured for use with NAC, be sure that the Cisco IOS/PIX cisco-av-pair VSA is configured correctly. For example, in a group configured to authorize NAC clients receiving a Healthy SPT, be sure the [009\001] cisco-av-pair check box is selected and that the following string appears in the [009\001] cisco-av-pair text box
12-20-2005 06:06 PM
Being new to the system your help is appreciated.
We currently do not use mappings which I have to assume you refer to in the section User Management\Auth Servers\Mapping Rules. I will also assume this is an attribute and not a VLAN? What would be the attribute?
Finally, where do I find the [009\001] check box?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide