Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MS Group policies and Clean Access

I would like to know if there is a way to allow MS group policy traffic to pass through to a Clean Access protected PC. There is a need to push group policy traffic during boot of the PC and this PC sits on a Clean Access protected network. Also, these PC's will need to receive "pushed" AV updates from our server and will not necessary be "logged in" via Clean Access but will be attached to the network. Thank you.

2 REPLIES
New Member

Re: MS Group policies and Clean Access

Check group mappings for Network Admission Control (NAC) databases to verify that the correct user groups are associated with each system posture token (SPT). In the user groups configured for use with NAC, be sure that the Cisco IOS/PIX cisco-av-pair VSA is configured correctly. For example, in a group configured to authorize NAC clients receiving a Healthy SPT, be sure the [009\001] cisco-av-pair check box is selected and that the following string appears in the [009\001] cisco-av-pair text box

New Member

Re: MS Group policies and Clean Access

Being new to the system your help is appreciated.

We currently do not use mappings which I have to assume you refer to in the section User Management\Auth Servers\Mapping Rules. I will also assume this is an attribute and not a VLAN? What would be the attribute?

Finally, where do I find the [009\001] check box?

178
Views
0
Helpful
2
Replies
CreatePlease to create content