Hi everybody, We are currently implementing Dot1x at my company, using Active Directory accounts and the Cisco Mobility Client with NAM module, as well as Mac Authentication Bypass lists for our non-supplicant capable devices. We frequently have Contractors come on-site, and we would like to give them a 30-day period of wired network access via MAB. Is there a way to set an expiration date on a MAB list or will they need to be manually removed from the list? Thanks in advance, Dave
... View more
We are working on implementing 802.1x and plan to use AnyConnect NAM on the PCs. However, I’ve run into a problem where we have a few multi-user machines for employees who work in multiple locations throughout the day. It’s not uncommon for someone to lock the PC they are working on and walk away. Prior to NAM, a second user could come along and log in as themselves, leaving the initial user logged in. However, I’ve found that once NAM has been installed this user switching feature is disabled. This is understandable, as the initial user technically hasn’t logged out, so the port is still authenticated with their credentials, and we wouldn’t want to accidently break a connection stream just to reauthenticate the second user. I have spent quite a bit of time going through these forums and white papers trying to find an alternative solution for this situation, but haven’t had much luck. Does anyone have any suggestions on how I could proceed on this?
... View more