Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683

Similar Messages

• How Cisco NAC and Cisco NAC Agent works

  HI,
  Can anyone help in explaining in detail for Cisco NAC will work in L2 OOB mode?
  Also, what is the path from the time the end user connects to the network till he gets access to the network?
  Please reply soon.Its urgent.

  I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
  Here is the link that will help you with the basics.
  http://www.cisco.com/en/US/netsol/ns466/index.html
  We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
  Thanks,
  Tarik

• Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

  Hi
  My Cisco NAC Agent  (version 4.9.1.682) doesn't work since I upgraded my Mac OS X  4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
  The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
  Any update on when a new version is going to be released - Its getting really frustrating?

  I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
      Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
      Select Keychain Access -> Preferences from the menu at the top of the screen
      Choose the Certificates tab
      Change the OCSP option from Best Effort to Off
      Close the Preferences dialog and quit Keychain Access
      You should be able to NAC now

• Cisco NAC Agent and Windows 8 still not working

  Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
  I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
  Thanks,
  -Collin

  Hi Collin,
  The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
  http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
  The patch should be applied to both 4.9.1 CAM and CAS.
  Please go through the README file for patch provided in the download link provided above. It has detailed information.
  Regards,
  Karthik Chandran

• Different between cisco NAC agent and cisco Clean Access Agent

  Hi all,
  if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
  thank you

  In 4.6, the agent was overhauled and is now called the NAC agent.  Previous versions were referred to as the Clean Access Agent.  So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
  Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging.

• Cisco WLC5760 Fail and Cisco NAC Guest v2.0

  Hello,
  I have a problem to use an Cisco WLC5760 v3.3.1SE and an Cisco NAC Guest v2.0.
  Can anyone help me to synchronise Cisco WLC5760 v3.3.1SE and Cisco NAC Guest v2.0. ?
  Thanks you for help.

  Hi Adoncamille,
  I have the same problem with my 5760 and NAC Guest Server. Did you fixed the problem?,
  Best Regards,
  Marco Muñoz

• Question about cisco nac agent

  When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
  Please answer me early. Thank you for your answer.

  Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
  We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
  1) You have to decide which vulnerabilities you want to scan for.
  2) The more plug-ins you enable, the longer (obviously) the scan takes.
  3) There are configuration steps for many of the plug-ins
  4) Your users will still need to go to a login page in order to be scanned.
  5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
  From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
  It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
  Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
  Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option.

• Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

  Hi All,
  We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
  Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

  Closest enhancement I could check on this is
  CSCts34764    NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
  Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines.  Many users disable this and install their own AntiSpyware product.  Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
  This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date.  Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Hide Cisco NAC agent window

  Dear all,
  We have cisco NAC version 4.9.1 and the agent version is 4.9.1.5. We want to know if there is a way to hide the cisco NAC agent window so the user do not see it, i mean run it on the background to make it a bit more transparent to the final user.
  Anyone have any ideas?
  Thanks in advance.

  Go to "Administration > User Pages" and make sure you have configured a proper login page for Windows 7.

• Cisco NAC agent services not running on Windows XP

  Hi,
  I've problem with Cisco NAC agent services on Windows XP professional SP3.
  After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
  This situation is not happened on all windows machines, several machines running well.
  Cisco NAC agent version 4.9.0.42
  Has anyone seen this type of problem?
  Below i attached windows machine information from ones running well and not running, Thanks
  Regards,
  Rian

  Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
  In sysman log shows this,
  "03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
  oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
  at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
  at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
  at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
  at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
  at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
  at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
  at
  at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
  at java.lang.Thread.run (Thread.java: 595)
  20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
  In event viewer shows this,
  "Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
  I am using the Administrator account

• Integrating Cisco ACS and Cisco NAC Manager - Downloadable ACL

  Hi There
  I have Cisco NAC setup in my environment. These are all working fine. The users will get themselves authenticated via Cisco NAC Manager. The Cisco NAC Manager talks to the Cisco ACS for the user database portion. These are all working fine. I would like to enable Downloadable ACL. I have tried using the CISCO-AV-PAIR method and creating a downloadable ACL entry in Shared Components, but nothing works. It's either I'm doing it wrongly or this setup of mine doesn't support downloadable ACL? Please kindly advice.
  Regards,
  Ram
  +6-012-2918870

  Hi,
  That is not possible.
  You cannot push ACLs into the NAC manager.
  If you are doing Radius authentication from NAC manager, what you can do is to create Roles on the NAC manager, and on those roles you define traffic policies.
  Using Radius attributes you can then map users to Roles.
  Please take a look into this:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_auth.html#wp1158789.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Script Error - Cisco NAC Agent

  I have no idea why this program stopped working. The attached files shows just exactly what's happening.
  This program originally worked perfectly fine, and i've only recently have had these errors pop up.
  I've also reinstalled, and tried to repair it during the installation process, but these problems still arised.
  Does anyone know how to fix it?

  Hi Kyle,
  I have seen these errors sometimes when a DLL file is missing or not registered properly. Can you run a tool like Process Monitor or Process Explorer from Microsoft Sysinternals and load the agent and when the error messages pop up see if there are any errors in the DLLs the agent is trying to access?
  Also the Microsoft event viewer logs may show some additional information as well.
  Thanks,
  Nate

• Confusion on Cisco clean access and Cisco NAC

  Dear Pros,
  I still confuse with the name mismatch as above. Please any one give me the correct NAC part number for both server and manager
  swamy

  Cisco Clean Access and NAC are the same.
  NAC is just the new naming.
  You can have NAC installed in two way, Framework or Appliance mode.
  I think Framework is not available anymore (I may be wrong).
  If you go with the appliance, you'll need a minimum of two. 1 for the CAM (Clean Access Manager) which manages the policies and 1 for the CAS (Clean Access Server) that is the "filter" between your authentication lan and your prod network.
  Dominic

• Cisco Nac Agent Requirement type Audit

  Hi experts,
  i can configure a requirement type as audit (opposed to mandatory or optional), so the client will still access the network, the user will not be notified, and the information will be sent to the cas.
  It is possibile to generate an email or similar automated process to notify administrators on these audits?
  (version in use 4.7.2)
  Thanks
  Andrea

  Hi Andrea,
  In 4.7.2 there wasn't much you could do within the CAM itself - really you could just export them from the GUI into a spreadsheet and analyze based on that.
  The CAM does have an API however that would allow you to export reports via scripting interfaces and give you all that information which you could then manipulate. You can access the CAM API documentation by browsing to:
  https:///admin/api/cisco_api_doc.jsp
  (The "getreports" function is likely what you would want to look into).
  In version 4.8 and later there was a new "Reporting" section of the GUI that you can see more details about passed and failed requirements:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_report.html#wp1495842
  Thanks,
  Nate

• Problems with the Cisco NAC agent, does not perform remediation??

  Good Morning
  I'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on the net" . The policy I am doing is to check a file on local disk C
  Deputy error screen
  I appreciate your responses as soon as possible

  the problem i have is when it moves into remediation....phase 2. If no remediation is being done (ie no checks, rules scans etc) then it moves directly from phase 1 (authentication) to phase 3 (authenticated user and assign role) and all works fine.
  I've looked under all the traffic rules and can see nothing that would mean it could not contact the CAS. There are some differences in 4.7, like the ethernet traffic filter. It seems to me when put in the temp role, the vlan should still be the auth vlan. There is a role based vlan option under edit roles, but it states that is only for normal login, not tem agent, so it should not apply.
  Im starting to think something has gone wrong with the upgrade code somewhere....TAC looked at my config  and could see nothing on a quick check, im working with them to resolve the issue