cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
10
Helpful
4
Replies

NAC and Active directory users

emadehsan
Level 1
Level 1

Dear All,

I have implemented NAC on my campus.

but there is a big problem,

my users have to refresh their Ip addresses when the NAC changes their VLans.but they have not enough permission for releasing their Ip address and renew it,

any idea?

4 Replies 4

srue
Level 7
Level 7

i don't know if there is a 'cisco' solution, but in windows just edit their group policy in AD and give them permissions to change their network settings.

The CCA Stub will enable users without admin rights to renew their IP automatically. I just ran into this issue in our OOB deployment.

- Dave

Unless they have changed it the stub just lets the updates run without admin rights. It is easiest to just give them right to release and renew.

However, we weren't allowed to do that and had to resort to using devcon.exe from Microsoft.

cleidh_mor
Level 1
Level 1

There's an option to bounce the port when a user gets logged in. As long as the users aren't plugged into an IP phone, that might be an option.

The other option is to allow non-authenticated clients to get a DHCP address from the normal range, meaning that the VLAN change won't affect them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: