Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC Rules and Logic

I have a question about the WINXP rules in the NAC server and more specifically, if a rule reports a failing, but it's part of a ! rule, does that mean it's passing?  For example:

&(!pc_Windows_ehkeyctl|pc_XP_MCE_KB973768_MS09-037) (red denotes failure)


The NAC reports this as a failed check:

pc_Windows_ehkeyctl, File Check [$SYSTEM_ROOT\ehome\ehkeyctl.dll exists ]

Is it failing because it finds the file and there is a negation on the rule?

What about this:

         &(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

The first part reports as passing, and the second reports as failing...but by all logic, this part of the rule should pass because the first part passed?  Does that sound correct?

Thanks!

--Gavin Budd

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: NAC Rules and Logic

It's actually reporting a check failing - and in many cases this is expected (and confusing!).  For instance, with the pre-configured Windows checks, if it's a 32-bit client you will see it fail the 64-bit check.

Same thing with your second example check

&(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

We expect it to either not pass the first check or pass the second check - but one of those checks will show as failed.  Clear as mud?

2 REPLIES
New Member

Re: NAC Rules and Logic

It's actually reporting a check failing - and in many cases this is expected (and confusing!).  For instance, with the pre-configured Windows checks, if it's a 32-bit client you will see it fail the 64-bit check.

Same thing with your second example check

&(!pc_XP_2115168_MS10-052_FileChk|pc_XP_2115168_MS10-052)

We expect it to either not pass the first check or pass the second check - but one of those checks will show as failed.  Clear as mud?

New Member

Re: NAC Rules and Logic

Yes, that what TAC just told me.  I need to fail the first check (it's passing and showing up as passing) or pass the second (it's failing).  The reporting of the passes and failures are of the checks themselves and don't take the negation (!) into consideration.

Thanks!

423
Views
0
Helpful
2
Replies
CreatePlease to create content