Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get information about deploying NAC Profiler within a NAC Appliance solution with Cisco expert James Burke. James has been with Cisco Systems for more than four years. Currently he works as a technical marketing engineer for the endpoint security business unit. James was primarily responsible for NAC Profiler.

Remember to use the rating system to let James know if you have received an adequate response.

James might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through February 27, 2009. Visit this forum often to view responses to your questions and the questions of other community members.

17 REPLIES
Bronze

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

What are the minimum requirements for deploying NAC Profiler?

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

You will need 1 NAC Profiler Appliance and one Collector license to enable Collector services on your exsiting. NAC Server

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Hi James,

I would like to know whether you have any document or list of syntax for endpoint profiling on printers? I mean like the search data for the DHCP Client vendor.. etc..

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Hi, We have several canned profiles built into Profiler already. Most profiles are based on well known ports that print servers will use and DHCP vendor information that the manufacturer has included for DHCP requests.

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

We don't keep a documented list today. You can however create your own Profile by "sniffing" the DHCP traffic from the printer and matching the vendor information on the request and offer.

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Hi,

Thanks. How does Profiler perform behavior monitoring like if there is a mac spoofing, how does that work.

Sam

Silver

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

What are the minimum tools needed to discover endpoints in my network?

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

We are looking to deploy NAC globally. 3 core sites with NAC in a primarily centralized OOB Layer 3 model. This is for about 10 CAS's per site. Does each CAS set have to have Collector licenses, or can a one or two set's serve as the collectors?

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Question over the NAC Appliance, not specifically the Profiler.

How do you recover the Admin password for the WebGui.. SSH username and password are known. Reason is we will upgrade from 4.0.5 to 4.1.2.1. However the WebGui (admin) password is required and also unknown.

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

It is ok we have solved this issue. Thanks for you assistance. Resolution was via ssh, update the tomcat-users.xml with an hash entry (that was known). "Service perfigo restart".. Webgui works fine.

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Is it possible to scale profiler above 40K devices? If so, how is that designed?

thanks!

Aaron

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

In detecting a spoofed MAC address, does the profiler have to be off of a SPAN port? Basically, what are the pros/cons of having the collector local vs having it remote (Via multiple L3 hops?)

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Hello James, i have a NAC Profiler Failover on HA. Do you know the reason by i can't do login by SSH? I follow the instruction the installation twice and everything was good. But we can't connect with the root or beacon user to CLI.

regards

Gerard

Community Member

Re: ASK THE EXPERT - NETWORK ADMISSION CONTROL (NAC) PROFILER

Are you not able to do SSH login via Physical IPs or Service IP (HA IP) ?

Thanks,

Syed

244
Views
0
Helpful
17
Replies
CreatePlease to create content