Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with the Cisco NAC agent, does not perform remediation??

Good Morning

I'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on the net" . The policy I am doing is to check a file on local disk C

Deputy error screen

I appreciate your responses as soon as possible

4 REPLIES
New Member

Re: Problems with the Cisco NAC agent, does not perform remediat

The policy I am doing is to check a file on local disk C

regards

New Member

Re: Problems with the Cisco NAC agent, does not perform remediat

did you ever get that fixed, as it seems that is the same problem im having. The error only appears when i ask for remediation, if I allow it through without any rules, nac works fine.

New Member

Re: Problems with the Cisco NAC agent, does not perform remediat

I think that the problem it could be in the way you assigned the new vlan to that user or the vlan itself, so I recommend you that double check the trafficc control at the remediation zone and verify that zone could reach CAM/CAS.

Juan Huicab Internetworking juan.huicab@nextiraone.com.mx T 52 (81) 1001 8000 E 8015 C 52 (81) 1077 2435 San Pedro Garza García, N. L. México www.nextiraone.com.mx
New Member

Re: Problems with the Cisco NAC agent, does not perform remediat

the problem i have is when it moves into remediation....phase 2. If no remediation is being done (ie no checks, rules scans etc) then it moves directly from phase 1 (authentication) to phase 3 (authenticated user and assign role) and all works fine.

I've looked under all the traffic rules and can see nothing that would mean it could not contact the CAS. There are some differences in 4.7, like the ethernet traffic filter. It seems to me when put in the temp role, the vlan should still be the auth vlan. There is a role based vlan option under edit roles, but it states that is only for normal login, not tem agent, so it should not apply.

Im starting to think something has gone wrong with the upgrade code somewhere....TAC looked at my config  and could see nothing on a quick check, im working with them to resolve the issue

1153
Views
0
Helpful
4
Replies