Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Error with GPOs on Cisco NAC

I have cisco nac deployed inband, all PCs had the CCA Agent deployed via a gpo before the migration. Now that all the systems are behind NAC inband, none of the systems will process GPOs, Machine or user policies. I have the unauthenticated role allowing all traffic to all the domain controllers, but with no luck. If i move the PC to a vlan that is not trunked to the CAS the GPOs process with no problem. Any ideas...?

2 REPLIES
New Member

Re: Error with GPOs on Cisco NAC

This is actually a very similar scenario I'm in right now, I just haven't turned anything on yet. I am quite confused as well about how machine GPO/computer startup scripts would run if behind a NAC controlled port.

I was thinking of doing what you did by allowing the unauthenticated role access to the domain controllers, but I guess that didn't work either.

I'm working in a OOB - VG CAS/CAM and using snmp-mac notification back to the CAM.

New Member

Re: Error with GPOs on Cisco NAC

I think the ports list in the CAS Manual is not complete. Try this list of ports from the CAM Manual chapter:User Management: Traffic Control, Bandwidth, Schedule

Allow TCP *:* Server/255.255.255.255: 88

Allow UDP *:* Server/255.255.255.255: 88

Allow TCP *:* Server/255.255.255.255: 389

Allow UDP *:* Server/255.255.255.255: 389

Allow TCP *:* Server/255.255.255.255: 445

Allow UDP *:* Server/255.255.255.255: 445

Allow TCP *:* Server/255.255.255.255: 135

Allow UDP *:* Server/255.255.255.255: 135

Allow TCP *:* Server/255.255.255.255: 3268

Allow UDP *:* Server/255.255.255.255: 3268

Allow TCP *:* Server/255.255.255.255: 139

Allow TCP *:* Server/255.255.255.255: 1025

202
Views
0
Helpful
2
Replies
CreatePlease to create content