08-10-2007 07:24 AM - edited 02-21-2020 01:38 AM
I have cisco nac deployed inband, all PCs had the CCA Agent deployed via a gpo before the migration. Now that all the systems are behind NAC inband, none of the systems will process GPOs, Machine or user policies. I have the unauthenticated role allowing all traffic to all the domain controllers, but with no luck. If i move the PC to a vlan that is not trunked to the CAS the GPOs process with no problem. Any ideas...?
08-13-2007 05:45 AM
This is actually a very similar scenario I'm in right now, I just haven't turned anything on yet. I am quite confused as well about how machine GPO/computer startup scripts would run if behind a NAC controlled port.
I was thinking of doing what you did by allowing the unauthenticated role access to the domain controllers, but I guess that didn't work either.
I'm working in a OOB - VG CAS/CAM and using snmp-mac notification back to the CAM.
08-15-2007 01:28 PM
I think the ports list in the CAS Manual is not complete. Try this list of ports from the CAM Manual chapter:User Management: Traffic Control, Bandwidth, Schedule
Allow TCP *:* Server/255.255.255.255: 88
Allow UDP *:* Server/255.255.255.255: 88
Allow TCP *:* Server/255.255.255.255: 389
Allow UDP *:* Server/255.255.255.255: 389
Allow TCP *:* Server/255.255.255.255: 445
Allow UDP *:* Server/255.255.255.255: 445
Allow TCP *:* Server/255.255.255.255: 135
Allow UDP *:* Server/255.255.255.255: 135
Allow TCP *:* Server/255.255.255.255: 3268
Allow UDP *:* Server/255.255.255.255: 3268
Allow TCP *:* Server/255.255.255.255: 139
Allow TCP *:* Server/255.255.255.255: 1025
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide