NAC: Logoff & Exit agent application condition

nitass · ‎10-19-2008

Hello,

I have a few questions regarding the NAC appliance as follows:

In case of In-Band, what is going to happen if user does not click LOGOFF button (web login) or EXIT agent application? How can the user MAC address be removed from the certified list?

And how about this case in Out-of-Band mode?

Could you please clarify them for me?

Thank you very much,

Nitass

smalkeric · ‎10-24-2008

In Case of out-of-band mode if the client's MAC address is on the Certified List, but not on the out-of-band Online Users list (in other words, the client is certified but logged off the network), you can keep the client on the Access VLAN at the next login (allowing trusted network access), or you can put the client on the Auth VLAN at the next login to force the user to re-authenticate through the CAS. Because the client is already certified, the client does not go through Clean Access certification, only authentication.

Removing an OOB client from the Certified List removes the out-of-band user from the Out-of-Band Online Users List. You can optionally configure the port also to be bounced.

Refer the below URL to know differences about In-Band and OOB:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/m_oob.html#wp1057080

nitass · ‎10-25-2008

Thanks for your reply.

Please also let me know if you have any further information regarding In-Band mode. I would like to know what is going to happen if user does not do normal logging off in case of web login (i.e. close the browser) or manual exit agent application. Would the next user be authenticated and certified by NAC appliance system?

Thanks,

Nitass