I am in a lab environment working on a project that, among others, includes Cisco's NAC product.
We are responsible for providing basic network services, such as DHCP, WSUS, Anti-virus and Certificate Services. We have completely loaded and tested our configuration and have added Cisco NAC to the environment.
Currently, the computers that are not managed by an ACS work without a hitch. Computers managed by the ACS are not receiving Group Policy and thus, are not downloading updates from WSUS.
Could there possibly be a timing issue that is preventing GPO from being applied because the CTA and ACS are still sorting out whether the computer should even has access?
-When we disconnect those machines and plug them into switches with no knowledge of NAC they work fine.
-When we change the applicable ACLs to prmit ip any any, we still get no joy when the computers are being managed by ACS.
There is Cisco on-site support available, but not until Feb 7th. I would like to make some progress between now and then. Any help would be greatly appreciated.
On page 19 and 20, it describes the issue of GPO not being applied to the clients after authentication. In 4.1, this is resolved. When a user is put into an access VLAN after the authentication/posture assessment, the 4.1.0.x agent will issue a gpupdate on the client to refresh the group policy.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :