Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC agent don't popup on some computer

Hi

I use

ISE version : 1.1.1.2 and NAC agent version : 4.9.0.42

NAC agent  does not run on some computers and run on other(windows 7).

What can be these problems?

Please help

Regards

2 REPLIES

NAC agent don't popup on some computer

Please check those decisions on NAC agent, it may definitely help you:

https://supportforums.cisco.com/thread/2156494

https://supportforums.cisco.com/thread/2085819

Cisco Employee

NAC agent don't popup on some computer

Please look in to this , it might help you

Agent Login Dialog Not Appearing


Symptoms or Issue

The agent login dialog box does not appear to the user following client provisioning.

Conditions

This issue can generally take place during the posture assessment phase of any user authentication session.

Possible Causes

There are multiple possible causes for this type of issue. See the following Resolution descriptions for details.

Resolution

Ensure that the agent is running on the client machine.

Ensure that the Cisco IOS release on the switch is equal to or more recent than Cisco IOS Release 12.2.(53)SE.

Ensure  that the discovery host address on the Cisco NAC agent or Mac OS X  agent is pointing to the Cisco ISE FQDN. (Right-click the NAC agent icon, choose Properties, and check the discovery host.)

Ensure  that the access switch allows Swiss communication between Cisco ISE and  the end client machine. Limited access ACL applied for the session  should allow Swiss ports:

remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal 
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture 
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture 
communication between NAC agent and ISE (Swiss ports)
deny ip any any

If  the agent login dialog still does not appear, it could be a certificate  issue. Ensure that the certificate that is used for Swiss communication  on the end client is in the Cisco ISE certificate trusted list.

Ensure that the default gateway is reachable from the client machine.

324
Views
5
Helpful
2
Replies
CreatePlease to create content