Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC and Active directory users

Dear All,

I have implemented NAC on my campus.

but there is a big problem,

my users have to refresh their Ip addresses when the NAC changes their VLans.but they have not enough permission for releasing their Ip address and renew it,

any idea?

4 REPLIES
Gold

Re: NAC and Active directory users

i don't know if there is a 'cisco' solution, but in windows just edit their group policy in AD and give them permissions to change their network settings.

New Member

Re: NAC and Active directory users

The CCA Stub will enable users without admin rights to renew their IP automatically. I just ran into this issue in our OOB deployment.

- Dave

New Member

Re: NAC and Active directory users

Unless they have changed it the stub just lets the updates run without admin rights. It is easiest to just give them right to release and renew.

However, we weren't allowed to do that and had to resort to using devcon.exe from Microsoft.

New Member

Re: NAC and Active directory users

There's an option to bounce the port when a user gets logged in. As long as the users aren't plugged into an IP phone, that might be an option.

The other option is to allow non-authenticated clients to get a DHCP address from the normal range, meaning that the VLAN change won't affect them.

139
Views
10
Helpful
4
Replies