NAC and Active directory users

Unanswered Question
Jan 8th, 2008

Dear All,

I have implemented NAC on my campus.

but there is a big problem,

my users have to refresh their Ip addresses when the NAC changes their VLans.but they have not enough permission for releasing their Ip address and renew it,

any idea?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
srue Wed, 01/09/2008 - 06:50

i don't know if there is a 'cisco' solution, but in windows just edit their group policy in AD and give them permissions to change their network settings.

davemit Wed, 02/20/2008 - 06:14

The CCA Stub will enable users without admin rights to renew their IP automatically. I just ran into this issue in our OOB deployment.

- Dave

pplsi Thu, 02/21/2008 - 13:15

Unless they have changed it the stub just lets the updates run without admin rights. It is easiest to just give them right to release and renew.

However, we weren't allowed to do that and had to resort to using devcon.exe from Microsoft.

cleidh_mor Tue, 02/26/2008 - 09:06

There's an option to bounce the port when a user gets logged in. As long as the users aren't plugged into an IP phone, that might be an option.

The other option is to allow non-authenticated clients to get a DHCP address from the normal range, meaning that the VLAN change won't affect them.

Actions

This Discussion