Thanks for the helpful replies. I may have been mistaken that we didn't see it at all with 4.1. Anyway, it seems to me the only way to stop it would be to use an ACL blocking access to it on networks that didn't have NAC.
Mark On Wed, Sep 22, 2010 at 2:13 PM, Nathaniel Austin <[email protected]>wrote: > Ports for SWISS: udp/8901-8902 and udp/8905-8906 > > Starting in 4.6 I believe the agent started caching the last CAS it spoke > to so it could potentially save that and if can reach it from the trusted > side it may still pop up. > > > > On 9/22/10 5:04 PM, Eric Weakland wrote: > >> Just a guess - but I think you're "leaking" swiss packets somehow onto >> non-nac networks. look at the archives of the list for the ports it uses >> (9003?<-this may very well be wrong) >> >> HTH, >> >> Eric Weakland, CISSP, CNE >> Director, Information Security >> Office of Information Technology >> American University >> eric at american.edu >> 202.885.2241 >> >> ______________________________________ >> AU IT will never ask for your password via e-mail. >> Don't share your password with anyone! >> >> >> >> From: Mark Duling <[email protected]> >> To: [email protected] >> Date: 09/22/2010 04:57 PM >> Subject: 4.8 OOB and agent popups on non-NAC networks >> Sent by: Cisco Clean Access Users and Administrators < >> [email protected]> >> ------------------------------------------------------------------------ >> >> >> >> Our NAC 4.8 OOB setup windows agent pops up whenever you attach to a >> network, whether it is a NAC enabled network or not. It is especially >> confusing since the agent login won't work if you aren't on a NAC enabled >> network. I think that happens because the agent can see the NAC manager. >> >> I don't recall our inband 4.1 deployment doing that. Do others see this >> behavior and how do you deal with it? >> >> Mark >> >
