Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,Some help would be appriciated. I'm trying to bypass authentication/posture assessment for a printer in an OOB NAC deployment (CAM/CAS Version 4.9.0).I added the device MAC address in the global device filter, with the ALLOW access type set."Chang...
Is there a NAC deployment for VPN users that does not use the CAS in 'in-band virtual gateway' mode as a sort of a bridge before the VPN gateway?For instance, is it possible to use policy-based routing to route the VPN traffic to the CAS and use the ...
When adding an SNMPv3 user to an IOS router, you can specify "either a plain-text password or a localized message digest 5 (MD5) digest". Here's an example of a command that uses a digest:Router(config)# snmp-server user abcd public v3 encrypted auth...
Hi,I have a problem with an OOB deployment I am currently working on: when I move an authenticated OOB client from one switch to another, it remains stuck in the auth VLAN. It seems that NAC doesn't detect the new port correctly.This is what I did to...
Is it possible to configure NAS (on NAM perhaps) to assign IP addresses to clients on the trusted side - i. e. to act as a DHCP server for the trusted side subnets or change the address through the NAC Agent after the posture assessment is over?
Hi Tarik,Yes, the port is managed and a test profile named 'Printer_test' is currently assigned to the port.Here is what I see in the nac manager.log file (level set to debug) after the port comes up: 2012-01-24 14:41:08.219 +0100 DefaultUDPTranspo...
Thank you, Faisal! Indeed, this helped and resolved the issue.Interestingly, there is no mention of the "mac-address-table notification mac-move" command in the Clean Access Manager Configuration Guide, Release 4.7(2), not even a note...Once again, t...
Faisal,The configuration includes the following lines (on both switches I used for access): snmp-server community *** RW snmp-server community *** RO snmp-server trap-source Vlan2 (management subnet) snmp-server location 10.0.0.101 (NAM IP addres...
Faisal,The switches I'm working with are:Switch A: WS-C2960-48TC-LSW Image: C2960-LANBASEK9-M, Version 12.2(52)SESwitch B: WS-C3560-48TSSW Image: C3560-IPSERVICESK9-M, Version 12.2(53)SEThere is also switch C (another 3560, not sure about the image)...
