ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Unanswered Question
Feb 13th, 2009
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get information about deploying NAC Profiler within a NAC Appliance solution with Cisco expert James Burke. James has been with Cisco Systems for more than four years. Currently he works as a technical marketing engineer for the endpoint security business unit. James was primarily responsible for NAC Profiler.

Remember to use the rating system to let James know if you have received an adequate response.


James might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through February 27, 2009. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
beth-martin Mon, 02/16/2009 - 10:01
User Badges:
  • Bronze, 100 points or more

What are the minimum requirements for deploying NAC Profiler?

jameburk Tue, 02/17/2009 - 08:17
User Badges:
  • Cisco Employee,

You will need 1 NAC Profiler Appliance and one Collector license to enable Collector services on your exsiting. NAC Server

sampathsundararajan Tue, 02/17/2009 - 08:39
User Badges:

Hi James,


I would like to know whether you have any document or list of syntax for endpoint profiling on printers? I mean like the search data for the DHCP Client vendor.. etc..

jameburk Tue, 02/17/2009 - 10:21
User Badges:
  • Cisco Employee,

Hi, We have several canned profiles built into Profiler already. Most profiles are based on well known ports that print servers will use and DHCP vendor information that the manufacturer has included for DHCP requests.

jameburk Tue, 02/17/2009 - 10:24
User Badges:
  • Cisco Employee,

We don't keep a documented list today. You can however create your own Profile by "sniffing" the DHCP traffic from the printer and matching the vendor information on the request and offer.

sampathsundararajan Tue, 02/17/2009 - 15:11
User Badges:

Hi,


Thanks. How does Profiler perform behavior monitoring like if there is a mac spoofing, how does that work.


Sam

b.hsu Thu, 02/19/2009 - 08:51
User Badges:
  • Silver, 250 points or more

What are the minimum tools needed to discover endpoints in my network?

Aaron D Fri, 02/20/2009 - 05:40
User Badges:

We are looking to deploy NAC globally. 3 core sites with NAC in a primarily centralized OOB Layer 3 model. This is for about 10 CAS's per site. Does each CAS set have to have Collector licenses, or can a one or two set's serve as the collectors?


gacunt1964 Mon, 02/23/2009 - 01:37
User Badges:

Question over the NAC Appliance, not specifically the Profiler.

How do you recover the Admin password for the WebGui.. SSH username and password are known. Reason is we will upgrade from 4.0.5 to 4.1.2.1. However the WebGui (admin) password is required and also unknown.


gacunt1964 Thu, 02/26/2009 - 13:08
User Badges:

It is ok we have solved this issue. Thanks for you assistance. Resolution was via ssh, update the tomcat-users.xml with an hash entry (that was known). "Service perfigo restart".. Webgui works fine.

Aaron D Mon, 02/23/2009 - 05:43
User Badges:

Is it possible to scale profiler above 40K devices? If so, how is that designed?

thanks!

Aaron

Aaron D Mon, 02/23/2009 - 06:46
User Badges:

In detecting a spoofed MAC address, does the profiler have to be off of a SPAN port? Basically, what are the pros/cons of having the collector local vs having it remote (Via multiple L3 hops?)

gerardtorin Tue, 02/24/2009 - 12:44
User Badges:

Hello James, i have a NAC Profiler Failover on HA. Do you know the reason by i can't do login by SSH? I follow the instruction the installation twice and everything was good. But we can't connect with the root or beacon user to CLI.


regards

Gerard

gghayur Thu, 02/26/2009 - 10:59
User Badges:

Are you not able to do SSH login via Physical IPs or Service IP (HA IP) ?


Thanks,


Syed

gerardtorin Thu, 02/26/2009 - 18:02
User Badges:

Hello Syed, it was a issue with the SecureCRT. I did SSH with Putty and it worked. Then i tried again with SecureCRT but only with the Password option on the Autentication Options.


Thanks for you interest


Regards

Gerard

sampathsundararajan Thu, 02/26/2009 - 11:01
User Badges:

Hey,


There will be a iptables firewall service running on the profiler. Try stopping(service iptables stop) that and do the ssh, you should be able to.


Sam

Aaron D Thu, 02/26/2009 - 15:26
User Badges:

James, James, are you alive? Houston, we've lost you-

Actions

This Discussion