Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
2
Replies

Cisco ISE NAC agent and Microsoft roaming profiles

henrybett
Level 1
Level 1

‎07-08-2013 12:57 AM - edited ‎07-04-2021 12:21 AM

Hi there,

I have installed Identity services engine version 1.1.3 in didstributed mode. The NAC agent is installed on the end user PC joined to the domain. when a user with a roaming profile logs into the PC, the NAC agent fails to run posture assesment, but if a user with non-roaming profile logs in, the NAC agent does posture and full network access is granted.

Is there something i need to do to enable the NAC agent to perform posture for users with a roaming profile.

Regards,

Henry

Labels:
0 Helpful
2 Replies 2

mmangat
Level 1
Level 1

‎07-08-2013 01:21 AM

Hello,

I found the following from the cicso doc. Hope it helps!

The following failure  scenarios might cause the Cisco NAC Agent to appear following successful  user authentication when the client machine roams between CASs in Layer  3 (both In-Band and Out-of-Band) and Layer 2 /Layer 3 Out-of-Band  environments. Erroneous Agent login dialogs could also appear if users  roam from the Cisco NAC Appliance network in Layer 3 mode to a non-NAC  network:

ARP poisoning

Temporary loss of network connection between the client machine and the CAS

Access to untrusted interface IP address on the CAS from non-NAC network segments on NAC-enabled client machines

Cisco offers the following recommendations to prevent this situation:

Ensure  all trusted networks (post-authentication) can reach the CAS untrusted  interface IP address through the CAS trusted interface only

Block  discovery packets from all non-NAC networks to the CAS untrusted  interface IP address (discovery packets that arrive on the trusted  interface of the CAS are blocked by default)

For more information please refer to the following link:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html

0 Helpful

henrybett
Level 1
Level 1
In response to mmangat

‎07-08-2013 02:54 AM

Hi Mantej,

Thanks for your response. My problem is however related to Cisco Identity Services Engine. The link you provided is related to Cisco NAC CAS configuration.

BR,

Henry.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card