NAC, script or template to modify registry

Unanswered Question
Mar 24th, 2009
User Badges:

Anyone got a template or script which would modify the necessary registry settings so that clean access agent will notice when the vlan changes and then would refresh ipconfig?


I've deployed the NAC 4.1.3 in a OOB Layer 3 with central CAS deployment. I've noticed that when you clear the certified device list users that are still logged in are placed in the untrusted VLAN but since the port never goes down the IP address on the client doesn't change. I can't enable port bouncing because I have IP phones. So we could enable RetryDetection in the registry along with PingArp but this requires I know how to mass modify registry setting via group policy. So does anyone have a adm template or logon script example I could use to accomplish this? I don't have the knowledge to make this happen. Any ideas? Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Laden Tue, 03/24/2009 - 17:05
User Badges:
  • Cisco Employee,

I believe there is a bug with the NAC Agent 4.1.3.0 code were it is too aggressive in renewing the IP address. This was corrected in NAC Agent 4.1.3.1 and newer


But the information you are looking for is located at the following link:

Access to Authentication VLAN Change Detection on Clients with Multiple Active NICs

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_regapx.html#wp1032898



Daniel Laden Tue, 03/24/2009 - 17:11
User Badges:
  • Cisco Employee,

After rereading your posting, I realize this information will not assist you.

Actions

This Discussion