Confusion on Cisco clean access and Cisco NAC
Dear Pros,
I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
swamy
Cisco Clean Access and NAC are the same.
NAC is just the new naming.
You can have NAC installed in two way, Framework or Appliance mode.
I think Framework is not available anymore (I may be wrong).
If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
Dominic
Similar Messages
-
How To Migrate Cisco Clean Access to Cisco ISE
We have a Cisco Clean Access 3.6.3 (3140 Appliance) in which we would love to migrate to Cisco ISE 1.1 (3315 Appliance). Does anyone have an idea on how to do this?
I was wondering if I need to upgrade the a later version of Cisco Clean Access and them back it up the CCA. Backup the CCA and then restore/import the backup to the ISE.
Any help will be greatly appreciated?
Thanks.Hi Mate,
Refer to below instructions for hosting licenses on ISRs:
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/software-activation-on-integrated-services-routers-isr/white_paper_c11_556985.html#wp9001047
Rehosting a License
Prerequisites:
• Valid Cisco.com account (username/password)
• Retrieve Product Id and Serial Number with either the IOS "show license udi" command or label tray from both the source and destination devices.
• Retrieve Source Device Credentials by issue the following IOS commands in exec mode:
– license save credential flash0:CredentialFileName
– more flash0:CredentialFileName
• The source device has rehostable licenses.
Rehosting a License with Cisco's Licensing Portal
This process can be used when the source and the destination device cannot communicate directly with Cisco licensing portal
Summary Steps:
1. Obtain UDI and device credentials from the source and destination devices using IOS CLI commands
2. Contact the Product License Registration page on Cisco.com and enter the source Device Credentials and UDI into the license transfer portal tool.
3. The portal will display licenses that can be transferred from the source device.
4. Select the licenses that need to be transferred. A permission ticked is issued. You can use this permission ticket to start the rehost process using Cisco IOS c for any further help.ommands.
5. Apply the permissions ticket to the source device using the license revoke command. The source device will then provide a rehost ticket indicating proof of revocation. A sixty day grace period license is also installed on the device to allow enough time to transfer the licenses to destination device.
6. Enter the rehost ticket into the license transfer portal tool on Cisco.com along with destination device UDI.
7. Receive the license key via E-mail
8. Install the license key on the destination device.
You can also email [email protected]
-Terry
Please rate all helpful posts -
Different between cisco NAC agent and cisco Clean Access Agent
Hi all,
if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
thank youIn 4.6, the agent was overhauled and is now called the NAC agent. Previous versions were referred to as the Clean Access Agent. So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging. -
802.1x (DOT1x) and Cisco Clean Access 3140
Hi,
We have about 300 remote sites and would like to implement an authentication mechanism to authenticate end-devices (Windows PCs) before allowing access to the network. We thought we could implement DOT1x on our Cisco 2960, 3750 and 4500 series switches and send the "PC-switch" access requests to our centrally located Cisco Clean Access 3140 NAC servers -back at the HQ sites. We understand the NAC servers will be used to authenticate (among other things) the end-users workstations to ensure each workstation is a company owned PC and all the security parameters are installed and up today. -RIGHT?
Can the Cisco Clean Access 3140 server perform the Authentication security checks from the 802.1x (DOT1x) enabled switches?
Does the Cisco Clean Access 3140 server have to be inline (on the users subnet) and/or be centrally located?
Is the Cisco Clean Access 3140 still usable?
Thanks
Frankunfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
What are using for a radius server? -
Cisco Clean Access (CCA) Agent and iPod Touch
Has anyone had any success in connecting an ipod to this type of wireless network?
In looking the post, I see there has been a problem with macs and CCA. Since I know nothing about CCA is this something that even works with and ipod?
The college, where my son attends, sent him this reply: Unfortunately, we are not able to get any iPods connected on campus at this time due to limitations of the iPod software. However, we are working on resolving this problem with the company that provided our Cisco Clean Access system and will keep students informed as a solution is reached.
Thanks for your input.The college where my boy goes has a person on in the IT department who supports Apple equipment. You need to find the IT person at your school who supports Macs. That will help a bunch.
I spoke with him about the problem, and in their case, the company that implemented CCA was going to fix the problem. I did send him the file from the link, iPhone Enterprise Deployment Guide, on the page you looked over. Go to that page again, click on "iPhone Enterprise Deployment Guide" then on "iPhone OS - Enterprise Deployment Guide" That should download a PDF which has information on how they can setup for iPhones so it should work for iPhone. A few weeks later it was working again.
I know nothing about how to do it, but from looking though the doc, if memory serves me, it wouldn't be that hard for the tech person who works with it everyday.
Hope this helps. -
Removing Cisco Clean Access Agent 4.5 (CCA)
I'm more or less having trouble with uninstalling Cisco Clean Access Agent 4.5.0.0, so I can install CCA 4.1...
I removed CCAAgent 4.5 + the files within "Library/ApplicationSupport/" and in "Library/Receipts"...yet when I try to install 4.1, it tells me there's a newer version of the software on this disk & won't let me install.
I am on Snow Leopard, too - by the way.
Any solutions to this?Tim:
Seen this page yet....anything there help?
http://www.cisco.com/en/US/docs/security/nac/appliance/configurationguide/45/cam/magntd.html#wp1276391
Do you have a fresh backup if needed? Have you tried repairing permissions and checking for hidden files with a similar name? -
Cisco Clean Access Manager is a software or hardware?
HI,all
Cisco Clean Access Manager is a software integratedin the Cisco Clean Access Server or a single hardware device?
Nac is new to me.I cann't open the NAC flash demo,so anyone can provider me with the NAC appliance and NAC Framework deployed toplogy?Thank you.
Respects!
MinQuantHi,
This is an appliance ... so i'ts hardware
Look here for more information on the subject:
http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd803be813.shtml
If you find this post usefull
please don't forget to rate this
#Iwan Hoogendoorn -
Cisco Clean Access OOB with virtual gateway
I have set the clean access OOB virtual gateway mode, i put managed subnet one of unused ip with unauthenticated vlan,some of the pc running with dhcp so i put ip refresh after successful authentication (this working fine), but some of them running with static so i cannot refresh the ip address,
after authentication through clean access clean access manager changing Unautheticated vlan(44) authenticated vlan (4), but i can't access internet and any other application through network (even with static ip and dhcp (if i put refresh dhcp ip i can) ), in pc arp cache i can see the orginal gateway mac address if i clear the arp cache with arp -d command the moment it start working how can solve this issue please help me guys
thank youThis document describes how to configure the syslog settings in order to log the events to an external server in the Cisco Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access (CA).
http://www.cisco.com/en/US/products/ps6128/products_tech_note09186a008085d6e9.shtml -
Run-time error '7': Out of memory - Cisco Clean Access problem
Hi all,
I hope this question is in the appropriate place. I'm trying to use my company's vpn service. Here's how the process should work:
1) Log on with username/password using Cisco AnyConnect VPN Client
2) Log-in to the portal. During this step the Cisco Clean Access Agent is supposed to automatically log-in. However I get the following error:
Run-time error '7':
Out of memory
My company's network services didn't seem to be much of a help so I was hoping one of you would have a good suggestion(s).
Please keep in mind that I'm not great with computers. I know how to use them and all that but I'm not familiar with the inner-workings at all (registry editing etc.)
Thanks in advance!
-BillI should add that the version of CCA is 4.1.10
-
i'm on school and i would like to access to the internet, but they need something about Cisco clean access telling about "if you cant run the Cisco then you cant use internet." and the other one was Java App. need to be download?
what should i do to access the internet in my school.?
thanks for replying this topic..NOt certain about the Cisco Clean Access but they are probably trying to install something onto the iPod that is not supported. My school required registering device with network before wireless would work, ethernet in lab was fine. If I remember correctly it was some kind of java applet you had to sign into with student ID and password.
-
Help attempting connect to network which requires Cisco Clean Access Java
Wondering if someone could help me out. Attempting to access work network which requires Cisco Clean access Java applet. It gives me a link to Java. Question is does the itouch support java plug ins? Any thoughts gratefully appreciated.
I ran into the same issue on my university campus. This is what I learned. Apparently, iPod Touch has wi-fi 802.11 and does not support 802.1x authentication method, which some universities and workplaces use. I do not know if there is (or will be) a solution. Hope that helps.
-
Anyone using Cisco Clean Access with Juniper SSL VPN?
We're testing Cisco Clean Access with Juniper SSL VPN, and are running into a problem with single sign on. The Juniper box is sending the user's source IP as the framed-ip-address, and not the Network Connect assigned IP, which is why we need to get SSO to work. Has anyone done this, and what did you do to get it working? Thanks.
Hi,
I've no experience with this app but it does list
Juniper as a sujpported client:
http://www.equinux.com/us/products/vpntracker/interoperability.html -
Cisco Clean Access agent for Ipad
My university uses Cisco Clean Access agent for wifi.
I have been able to login using the alotted password through Safari, however the next step is a prompt to download Clean Access Agent.
When I try to download the application, Safari prompts that the file can not be downloaded.
Any suggestions for this problem so that I can use my Ipad at campus.The only things you can download are on the App Store. Check there, but I'm mostly sure that there is no Cisco Clean Agent available for iphone.
-
Cisco Prime network and cisco prime infrastructure
Hi,
What is the difference between Cisco Prime Network and Cisco Prime infrastructure.
Please advice.I assume you are asking about Cisco Prime LAN Management System (LMS) vs. Cisco Prime Infrastructure (PI).
LMS is currently the leading Cisco offering for wired infrastructure management. It is the evolution of the earlier CiscoWorks LMS, CiscoWorks RWAN CiscoWorks 2000, CWSI, VLAN Director, original CiscoWorks classic etc. products going back almost 20 years.
PI is the equivalent Cisco offering for wireless LANs and is the successor to NCS and WCS products.
The overlap and confusion comes from the fact the Cisco is positioning PI as the overall wireless and wired management platform and gradually introducing wired network management features to make it equal (and eventually exceed) LMS's capabilities.
There is a comparison table here that shows the current differences. A major new release of PI (2.0) is due out shortly which will close many (but not all) of the gaps on that table. -
Difference between cisco prime infrastructure and cisco WCS
Can you explain me difference between cisco prime infrastructure and cisco WCS.. I'm little bit confuse...
Thanks..Hi Hasan,
In terms of features...You can say PI is more advanced version of WCS and NCS. All the stuff possible in WCS/NCS can be done on PI as well.
But from the architecture perspective , there are differences. If I remember correctly , WCS is based on 32 bit OS while NCS and PI based on 64 bit OS. For the same reason you cannot do inline upgrade from WCS to PI via any path and will have to change the platform/Hardware itself before moving to PI. However , inline upgrade from NCS to PI is possible if we follow the correct path.
Regards
Dhiresh
**Please rate helpful posts**
Maybe you are looking for
-
How can I disable Another Device from adjusting I-pod-4 volume
My 2010 harley has a stock radio, I added the factory I-Pod controler! When used the controler turns down the PODs volume 50% ! Is there a way to turn off remote volume adjustment of POD?
-
Why can I no longer connect to WiFi.... I have an iPhone 4S fully updated but recently my WiFi dropped off and I can't turn it back on. The option is there but the button won't slide across and the word "WiFi" seems to be a lighter shade
-
ABAP Objects - Instance of a method
Goodmorning to you all, Can anyone explain the process in : IF cl_gui_alv_grid=>offline( ) IS INITIAL. The method OFFLINE has a returning parameter E_OFFLINE. Questions : - how does the system recognise this parameter. - can i check this variable in
-
Hello. I just bought an GX740 with core i7 and radeon 5870 but I am having some troubles. Os is windows seven 64 bit premium home. I use an expresscard for making music (echo indigo IOX expresscard) but it doesnt work fine with the MSI GX740. The pro
-
Email with html body and a pdf attachment
Hi, i try to send a email with html body and one attach in pdf in release 4.6c using the SO_DOCUMENT_SEND_API1. I've put the html in the txt table and the pdf in bin table but i obtain the following situation: 1) with only the html in the body i see