How To Migrate Cisco Clean Access to Cisco ISE

Similar Messages

• Confusion on Cisco clean access and Cisco NAC

  Dear Pros,
  I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
  swamy

  Cisco Clean Access and NAC are the same.
  NAC is just the new naming.
  You can have NAC installed in two way, Framework or Appliance mode.
  I think Framework is not available anymore (I may be wrong).
  If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
  Dominic

• Run-time error '7': Out of memory - Cisco Clean Access problem

  Hi all,
  I hope this question is in the appropriate place. I'm trying to use my company's vpn service. Here's how the process should work:
  1) Log on with username/password using Cisco AnyConnect VPN Client
  2) Log-in to the portal. During this step the Cisco Clean Access Agent is supposed to automatically log-in. However I get the following error:
  Run-time error '7':
  Out of memory
  My company's network services didn't seem to be much of a help so I was hoping one of you would have a good suggestion(s).
  Please keep in mind that I'm not great with computers. I know how to use them and all that but I'm not familiar with the inner-workings at all (registry editing etc.)
  Thanks in advance!
  -Bill

  I should add that the version of CCA is 4.1.10

• Cisco Clean Access OOB with virtual gateway

  I have set the clean access OOB virtual gateway mode, i put managed subnet one of unused ip with unauthenticated vlan,some of the pc running with dhcp so i put ip refresh after successful authentication (this working fine), but some of them running with static so i cannot refresh the ip address,
  after authentication through clean access clean access manager changing Unautheticated vlan(44) authenticated vlan (4), but i can't access internet and any other application through network (even with static ip and dhcp (if i put refresh dhcp ip i can) ), in pc arp cache i can see the orginal gateway mac address if i clear the arp cache with arp -d command the moment it start working how can solve this issue please help me guys
  thank you

  This document describes how to configure the syslog settings in order to log the events to an external server in the Cisco Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access (CA).
  http://www.cisco.com/en/US/products/ps6128/products_tech_note09186a008085d6e9.shtml

• Cisco Clean Access (CCA) Agent and iPod Touch

  Has anyone had any success in connecting an ipod to this type of wireless network?
  In looking the post, I see there has been a problem with macs and CCA. Since I know nothing about CCA is this something that even works with and ipod?
  The college, where my son attends, sent him this reply: Unfortunately, we are not able to get any iPods connected on campus at this time due to limitations of the iPod software. However, we are working on resolving this problem with the company that provided our Cisco Clean Access system and will keep students informed as a solution is reached.
  Thanks for your input.

  The college where my boy goes has a person on in the IT department who supports Apple equipment. You need to find the IT person at your school who supports Macs. That will help a bunch.
  I spoke with him about the problem, and in their case, the company that implemented CCA was going to fix the problem. I did send him the file from the link, iPhone Enterprise Deployment Guide, on the page you looked over. Go to that page again, click on "iPhone Enterprise Deployment Guide" then on "iPhone OS - Enterprise Deployment Guide" That should download a PDF which has information on how they can setup for iPhones so it should work for iPhone. A few weeks later it was working again.
  I know nothing about how to do it, but from looking though the doc, if memory serves me, it wouldn't be that hard for the tech person who works with it everyday.
  Hope this helps.

• 802.1x (DOT1x) and Cisco Clean Access 3140

  Hi,
  We have about 300 remote sites and would like to implement an authentication mechanism to authenticate end-devices (Windows PCs) before allowing access to the network. We thought we could implement DOT1x on our Cisco 2960, 3750 and 4500 series switches and send the "PC-switch" access requests to our centrally located Cisco Clean Access 3140 NAC servers -back at the HQ sites. We understand the NAC servers will be used to authenticate (among other things) the end-users workstations to ensure each workstation is a company owned PC and all  the security parameters are installed and up today. -RIGHT?
  Can the Cisco Clean Access 3140 server perform the Authentication security checks from the 802.1x (DOT1x) enabled switches?
  Does the Cisco Clean Access 3140 server have to be inline (on the users subnet) and/or be centrally located?
  Is the Cisco Clean Access 3140 still usable?
  Thanks
  Frank

  unfortunately because they are Avaya phones, the easy answer CDP-Bypass fails in this instance. When you plug in the phone, the switch will assume it's the 'single host' for this port, and restrict the port due to the authentication for the phone failing. Maybe you can just hard-code the voice-vlans on each phone, but that could get tedious depending on the amount of phones.
  I believe there is a DHCP option you can pass back that indicates the phone should be running on vlan 200, but for this to work you'd also need to set up a pre-auth ACL that would allow DHCP to work in the unauthorized state. I think it's 147 off the top of my head.
  Another solution (which isn't what you originally wanted, but it would work) is to just use multi-domain instead of single-host, and authenticate both the phone and the PC. The raduis server should be able to distinguish between what is configured as a phone and what is a host, and will send back the appropriate vlan if configured correctly.
  What are using for a radius server?

• Removing Cisco Clean Access Agent 4.5 (CCA)

  I'm more or less having trouble with uninstalling Cisco Clean Access Agent 4.5.0.0, so I can install CCA 4.1...
  I removed CCAAgent 4.5 + the files within "Library/ApplicationSupport/" and in "Library/Receipts"...yet when I try to install 4.1, it tells me there's a newer version of the software on this disk & won't let me install.
  I am on Snow Leopard, too - by the way.
  Any solutions to this?

  Tim:
  Seen this page yet....anything there help?
  http://www.cisco.com/en/US/docs/security/nac/appliance/configurationguide/45/cam/magntd.html#wp1276391
  Do you have a fresh backup if needed? Have you tried repairing permissions and checking for hidden files with a similar name?

• Cisco Clean Access agent for Ipad

  My university uses Cisco Clean Access agent for wifi.
  I have been able to login using the alotted password through Safari, however the next step is a prompt to download Clean Access Agent.
  When I try to download the application, Safari prompts that the file can not be downloaded.
  Any suggestions for this problem so that I can use my Ipad at campus.

  The only things you can download are on the App Store. Check there, but I'm mostly sure that there is no Cisco Clean Agent available for iphone.

• Cisco Clean Access Manager is a software or hardware?

  HI,all
  Cisco Clean Access Manager is a software integratedin the Cisco Clean Access Server or a single hardware device?
  Nac is new to me.I cann't open the NAC flash demo,so anyone can provider me with the NAC appliance and NAC Framework deployed toplogy?Thank you.
  Respects!
  MinQuant

  Hi,
  This is an appliance ... so i'ts hardware
  Look here for more information on the subject:
  http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd803be813.shtml
  If you find this post usefull
  please don't forget to rate this
  #Iwan Hoogendoorn

• Cisco clean access?

  i'm on school and i would like to access to the internet, but they need something about Cisco clean access telling about "if you cant run the Cisco then you cant use internet." and the other one was Java App. need to be download?
  what should i do to access the internet in my school.?
  thanks for replying this topic..

  NOt certain about the Cisco Clean Access but they are probably trying to install something onto the iPod that is not supported. My school required registering device with network before wireless would work, ethernet in lab was fine. If I remember correctly it was some kind of java applet you had to sign into with student ID and password.

• Help attempting connect to network which requires Cisco Clean Access Java

  Wondering if someone could help me out. Attempting to access work network which requires Cisco Clean access Java applet. It gives me a link to Java. Question is does the itouch support java plug ins? Any thoughts gratefully appreciated.

  I ran into the same issue on my university campus. This is what I learned. Apparently, iPod Touch has wi-fi 802.11 and does not support 802.1x authentication method, which some universities and workplaces use. I do not know if there is (or will be) a solution. Hope that helps.

• Different between cisco NAC agent and cisco Clean Access Agent

  Hi all,
  if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
  thank you

  In 4.6, the agent was overhauled and is now called the NAC agent.  Previous versions were referred to as the Clean Access Agent.  So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
  Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging.

• Anyone using Cisco Clean Access with Juniper SSL VPN?

  We're testing Cisco Clean Access with Juniper SSL VPN, and are running into a problem with single sign on. The Juniper box is sending the user's source IP as the framed-ip-address, and not the Network Connect assigned IP, which is why we need to get SSO to work. Has anyone done this, and what did you do to get it working? Thanks.

  Hi,
  I've no experience with this app but it does list
  Juniper as a sujpported client:
  http://www.equinux.com/us/products/vpntracker/interoperability.html

• Cisco Clean Access Agent patch?

  I just upgraded to Snow Leopard today without realizing that my campus uses Cisco's Clean Access Agent to allow access to the network. Every time I try to log in log in it tells me "Agent user operator system not supported." It is version 4.6.0.3. I realize now that this is not a campus problem, but more likely a program problem. Is there any word on a way around this or a patch in the near future?
  Thanks.

  The same issue occurred on my campus. Cisco claims they will fix the problem between 3 and 90 days.

• CISCO CLEAN ACCESS AGENT ALWAYS POPS-UP EVEN ALREADY AUTHENTICATED

  Hello,
  Just wonder why clean access agent always pops-up even already authenticated. Please how can i eliminate those multiple pops-up?
  thank you and best regards,
  Edwin

  Hi:
  I have the same issue. Would you please tell me what you did exactly?
  I am using OOB VGW mode.
  NAC version is 4.7.2
  Switch configurations:
  snmp-server community RO RO
  snmp-server community RW RW
  snmp-server location LOCATION
  snmp-server contact CONTACT
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move threshold
  snmp-server host CAM_IP version 2c RW  mac-notification snmp
  mac address-table notification change interval 0
  mac address-table notification change
  mac address-table aging-time 3600