CLEANACCESS Archives

November 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Advice Needed
From:
Pete Boynton <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Mon, 30 Nov 2009 09:10:31 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (164 lines) 
Hello,

We will be acquiring a CAS soon that we want to use for guest access. We will be deploying an OOB virtual gateway. Right now I see three potential users for this CAS and I was wondering if I could do what we want to do.

First of all the three types of users are:

Group 1. Internal Laptop users (These are people who work on site fulltime but who may work from different conference rooms or open desks that are spread out in the building)
Group 2. Sales Laptops users (These are people who come in once in a while, maybe once a week and sit in the same place most of the time, however they could use the conference rooms as well.
Group 3. Third party vendors, sales people, auditors, friends of the company. (These are unknowns and would only be given internet access)

So what I would like to do is make it as easy as possible for Internal Laptop users to get on the network. These users would not have any restrictions on areas of the network they could get to. So if I can avoid an agent that would be great, also if an assessment can be avoided that would be great too.

For internal Sales people I would like to have more control. This would include traffic control and assessments. Obviously this will require an agent install which is fine. I don't have many users like this.

Now for the External folks I want the most control of course, but if they don't have any agent how do I accomplish this? 

I guess my doubts come from the fact that one person from any of these groups could be plugging into the same port. The conference rooms are the first places that come to mind.

Thanks for any help or advice,

pedro



-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Jeremy Wood
Sent: Friday, November 27, 2009 7:17 PM
To: [log in to unmask]
Subject: Re: Announcing NAC Release 4.7.1 availability!! -- WARNING

Thanks for the heads up Michael. As for programs, did you give ImgBurn
a try? I just checked and it supports all the way down to 1x for both
of my burners. http://www.imgburn.com/

--Jeremy

On Fri, Nov 27, 2009 at 14:48, Michael Simpson <[log in to unmask]> wrote:
> Quick followup.
>
> After failing to find a burning program that would let me burn at 8x speed I
> burned it at my burner's lowest setting 16x and tried it out on one of my
> remaining good CASes.   The upgrade went fine for that CAS and for the CAM.
> I now get to clean up the mess from the first disk.
>
> Michael
>
>>>> "Michael Simpson" <[log in to unmask]> 11/27/2009 10:41 AM >>>
>
> I'm currently trying to upgrade our NAC gear and came across this problem on
> my first two CASes
>
> Problem Details: I was following the NAC upgrade instructions and during the
> upgrade of my
> first two CAS boxes I got the following error:
>
> unrecovered read error --(asc=0x11, ascq=0x00)
> Read failed "Read 10" packed command was
> Buffer I/O error on device hda, logical block 301275
> Buffer I/O error on device hda, logical block 301276
> Buffer I/O error on device hda, logical block 301277
> Buffer I/O error on device hda, logical block 301278
> Buffer I/O error on device hda, logical block 301279
> Buffer I/O error on device hda, logical block 301280
> Buffer I/O error on device hda, logical block 301281
> Buffer I/O error on device hda, logical block 301282
> Buffer I/O error on device hda, logical block 301283
> Buffer I/O error on device hda, logical block 301284
> Fatal: Could not install python-2.4.3-24.ek.1386.rpm
>
> I reboot one CAS and got to a grub> prompt.  Rebooted again with install
> disk and was
> no longer given an option to upgrade only fresh install.
>
> I was told by support that this was probably caused by not burning my CD at
> 8x speed?  I'm now supposed to fresh install these boxes and hope the config
> is not lost when I get them back into the CAM.  I also need to find a
> burning program that will burn at less than 16x since mine does not.
>
>
>>>> "Heller, Josh" <[log in to unmask]> 11/25/2009 10:55 AM >>>
>
> Greetings,
>
>
>
> The Release Notes indicate that the installer will prompt you for whether
> you would like to perform an upgrade or a fresh install. This is provided
> that you gracefully shutdown each appliance before booting off of the 4.7.1
> CD.  That command is noted as being "shutdown -r now".
>
>
>
>
>
> Josh Heller
>
> Sr. Network Analyst
>
> Information Technology
>
> Kutztown University
>
> 610.683.4930
>
>
>
>
>
>
>
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Pete Boynton
> Sent: Wednesday, November 25, 2009 12:20 PM
> To: [log in to unmask]
> Subject: Re: Announcing NAC Release 4.7.1 availability!!
>
>
>
> Josh,
>
>
>
> Does that mean we need to do a fresh install on the CAS and CAM if they are
> running 4.6.1? And if so, I assume there any way to import the config and
> certs from my existing deployment right?
>
>
>
> Has anyone out there done this with success??
>
>
>
> Thanks,
>
>
>
> Pedro
>
>
>
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Heller, Josh
> Sent: Wednesday, November 25, 2009 11:16 AM
> To: [log in to unmask]
> Subject: Re: Announcing NAC Release 4.7.1 availability!!
>
>
>
> I sure do hope that they return to "upgrade" packages going forward. They
> were much more convenient than the CD based process we'll need to go through
> to upgrade to 4.7.1.
>
>
>
> Josh Heller
>
> Sr. Network Analyst
>
> Information Technology
>
> Kutztown University
>
> 610.683.4930

ATOM RSS1 RSS2