LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

July 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS July 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: User Roles, try this
From:	"Speight, Howard" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 16 Jul 2009 15:59:57 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)

What they have in common is akamai.net, it's not the site...  :-)

C:\Documents and Settings\Howard>nslookup www.witn.com 150.216.1.252
Server:  sunny.noc.ecu.edu
Address:  150.216.1.252

Non-authoritative answer:
Name:    a1519.g.akamai.net
Addresses:  128.109.34.37, 128.109.34.40
Aliases:  www.witn.com, gray-cdn-c.clickability.com
          www.graytvinc.com.edgesuite.net


C:\Documents and Settings\Howard>nslookup www.foxnews.com 150.216.1.252
Server:  sunny.noc.ecu.edu
Address:  150.216.1.252

Non-authoritative answer:
Name:    a20.g.akamai.net
Addresses:  128.109.34.40, 128.109.34.45
Aliases:  www.foxnews.com, www.foxnews.com.edgesuite.net

-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Michael Simpson
Sent: Thursday, July 16, 2009 15:54
To: [log in to unmask]
Subject: Re: User Roles, try this

I believe it has something to do with the design of the site.  The CCA login does show up in one of the frames but allows the rest of the page to load.  I've noticed the same behavior with www.foxnews.com.

Michael Simpson
Network Engineer
Utah Valley University

>>> "Speight, Howard" <[log in to unmask]> 7/16/2009 1:36 PM >>>
As a matter of helping the client we do NOT restrict the client from updating their machine with Windows update or the supported AV (Symantec) we provide for free. That's a good thing for them and us. So in the unauthenticated role I have checked the following, see attached file.

A client emails me that he can connect to http://www.witn.com without first authenticating through the CCA login page. I say to myself, no way that site is not allowed, but I tell the client I will check it out. Guess what he was right, it works without authenticating. Why, Both Symantec and WITN use a DNS proxy and the same IP address is returned for both sites. This is just one example and is by no means limited to this site only.

I'm using CCA version 4.1.8, I suspect this is true for all versions of CCA? What about other NAC offerings, anyone care to test a version other than Cisco Clean Access?

Yes, I opened a TAC case, jury is still out...

Thoughts, results?

Thanks, Howard

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU