After a user logs into a machine how quickly should the NAC Agent pop up and beging the ADSSO process?
I have a 4.8 installation in my lab and while the ADSSO works, it takes roughly 1 minute (timed) before the agent pops up and begins the ADSSO process. Once that happens its another 30-45 seconds (again timed - but it varies slightly each login) before the user gets logged in and is placed on the correct VLAN.
The client machine in question is Win7 and AD is 2008R2.
I'm hoping this isn't normal and someone can suggest some tweaks to get the client to respond faster.
In the past I have had an ACS dot1x implemenation and that was so seamless, I was hoping the NAC agent would be as seamless.
Starting from Cisco NAC Appliance Release 4.5(1), the default timeout setting that monitors responses from the CAS changed to 60 seconds. which could impact AD SSO behavior if the response takes longer to come back to the Cisco NAC Appliance system. (For example, if the complete AD SSO process takes 2 minutes, once the 60 second timeout has elapsed, the CAM times out assuming that no response is forthcoming from the CAS that is communicating with the AD domain and automatically moves to the next CAS. If you then examine the CAS following the full 2-minute AD SSO process, you see that the service is actually working.) To help ensure reliable AD SSO behavior, Cisco also recommends verifying that your network DNS servers are functioning and accessible along with your Active Directory servers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :