07-08-2013 12:57 AM - edited 07-04-2021 12:21 AM
Hi there,
I have installed Identity services engine version 1.1.3 in didstributed mode. The NAC agent is installed on the end user PC joined to the domain. when a user with a roaming profile logs into the PC, the NAC agent fails to run posture assesment, but if a user with non-roaming profile logs in, the NAC agent does posture and full network access is granted.
Is there something i need to do to enable the NAC agent to perform posture for users with a roaming profile.
Regards,
Henry
07-08-2013 01:21 AM
Hello,
I found the following from the cicso doc. Hope it helps!
The following failure scenarios might cause the Cisco NAC Agent to appear following successful user authentication when the client machine roams between CASs in Layer 3 (both In-Band and Out-of-Band) and Layer 2 /Layer 3 Out-of-Band environments. Erroneous Agent login dialogs could also appear if users roam from the Cisco NAC Appliance network in Layer 3 mode to a non-NAC network:
–ARP poisoning
–Temporary loss of network connection between the client machine and the CAS
–Access to untrusted interface IP address on the CAS from non-NAC network segments on NAC-enabled client machines
Cisco offers the following recommendations to prevent this situation:
–Ensure all trusted networks (post-authentication) can reach the CAS untrusted interface IP address through the CAS trusted interface only
–Block discovery packets from all non-NAC networks to the CAS untrusted interface IP address (discovery packets that arrive on the trusted interface of the CAS are blocked by default)
For more information please refer to the following link:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html
07-08-2013 02:54 AM
Hi Mantej,
Thanks for your response. My problem is however related to Cisco Identity Services Engine. The link you provided is related to Cisco NAC CAS configuration.
BR,
Henry.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide