NAC L2 OOB VG Issue with wired user

Answered Question
Dec 15th, 2008
User Badges:
  • Bronze, 100 points or more

Dear all,


Need your favor, I was trying to do L2 OOB virtual gateway NAC for wired user with following :


Both interfaces of CAS are trunk with only respective VLAN allowed.

CAS is added to CAM.

Switch is added to CAS.

VLAN mapping is configured like 50(untrusted) has been mapped to 60(trusted)

Port profile is configured.

Switch port from CAS is configured with that port profile


ISSUES:


When I connect my client to Auth vlan 50 so should I need to give static IP to my NIC or it should obtain the IP from DHCP (for both auth and access vlan)


First I gave static from auth vlan 50 but port normally connected and does not show any NAC web page.


Then I configured DHCP for access vlan 60 and put the client port in auth vlan 50 but still not asking me for NAC posture page.


When I check discovered clients then it shows my Laptop MAC .


Am I still missing some thing?


Regards,


Correct Answer by drienties about 8 years 6 months ago

The NAC Captive portal is able to provide 3 options: Use Cisco NAC webagent, Download Clean Access Agent and Get restricted Access.


"Download Clean Access Agent" allows the user to download the agent, without using the webagent first. The user is only required to log in.


The button for "download Cean Access Agent", is available for all roles that are required to use the clean access agent. This is configurable at: Device Management > Clean Access > General Setup > Agent Login.


See the Installation and Configuration Guide(chapter 10) for more info

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
nomair_83 Tue, 12/23/2008 - 22:01
User Badges:
  • Bronze, 100 points or more

Hi ,


that issue was solved. (it was dns problem).


Can u tell me that If I want my user to download clean access agent so how can I achieve that...I have uploaded agent to my CAM but Im confused that should my user use web agent first then download the agent over network or he can download Clean agent directly ?

Correct Answer
drienties Wed, 12/24/2008 - 00:04
User Badges:

The NAC Captive portal is able to provide 3 options: Use Cisco NAC webagent, Download Clean Access Agent and Get restricted Access.


"Download Clean Access Agent" allows the user to download the agent, without using the webagent first. The user is only required to log in.


The button for "download Cean Access Agent", is available for all roles that are required to use the clean access agent. This is configurable at: Device Management > Clean Access > General Setup > Agent Login.


See the Installation and Configuration Guide(chapter 10) for more info

nomair_83 Wed, 12/24/2008 - 00:25
User Badges:
  • Bronze, 100 points or more

Thanx dear , now it works:)


however it says that user must have admin previlage to install the agent but I will take care of it.


Regards,

drienties Wed, 12/24/2008 - 00:32
User Badges:

happy to help,


to resolve the admin privilige issue you should distribute the Stub agent to your client computers.


The Stub agent allows them to install the agent and perform other nac related operations that would normally require admin priviliges under their own account with normal user priviliges.


You can obtain the stub package from the CAM interface under: Device Management > Clean Access > Clean Access Agent > Installation


for more information check out chapter 11 of the installation and configuration guide

nomair_83 Wed, 12/24/2008 - 00:57
User Badges:
  • Bronze, 100 points or more

Yup I did it, I clicked on CCAA MSI Stub on CAM then it asks me to save it on my laptop.


but when user click on download CAA 4.5.0.0 it shows CCAAAgent.setup.exe ... and again asks for admin prv...It should downlad stub file right?

drienties Wed, 12/24/2008 - 01:09
User Badges:

The stub agent should be distributed via altiris/prism/or any other means of software distribution to the clients by the system administrators, you need to have administrative priviliges to install it.


after it has been distributed to all the required clients, the users should be able to download and install the regular agent from the captive portal without needing elevated priviliges.

nomair_83 Wed, 12/24/2008 - 01:12
User Badges:
  • Bronze, 100 points or more

Cool..I will talk to my network admin.

Thanx dear

Actions

This Discussion