Ok, it's easier ;) But all IPX tasks for NAC refer to CTA, at least NAC L2 and L3. What should we expect on the exam? Just pre-configure ACS and switches for the above said scenarios and not being able to verify ?
Eugene From: Fawad Khan [mailto:[email protected]] Sent: 30 April 2012 03:43 To: Eugene Pefti Subject: Re: [OSL | CCIE_Security] CTA on the lab and link to download it No cta in the exam. On Monday, April 30, 2012, Eugene Pefti wrote: Guys, My Cisco profile doesn't allow me to download Cisco Trust Agent. Is there any way to download it from any alternative source? I only now got down to NAC framework studies it looks totally confusing in terms of what exactly will be tested on the real lab. As far as I understand we should be prepared to build L3 NAC and L2/802.1x NAC scenarios ? Secondly, I'm doing L3 NAC with ASA for remote VPN and stumbled upon an interesting situation. Under the group-policy I say "nac enable", the command is accepted and I assumed that it was a short way to say "nac-settings and so on..." but "nac-settings" expects the continuation of the value for nac-policy which I didn't configure yet. When I check the group-policy settings I see the following: group-policy EZVPN-GP attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT-ACL nac-settings value EZVPN-GP-nac-framework-create address-pools value EZVPN-POOL And there's no EZVPN-GP-nac-framework-create framework policy in the running config. What's the logic of the ASA software while configuring NAC framework the way I did? Eugene -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
