Cisco Cisco NAC Appliance 4.1 Guia De Resolução De Problemas
P r o b l e m D e s c r i p t i o n
A recently published Cisco NAC rule contained a bug that may result in a loss of service
for NAC S ervers ( Clean Access S ervers or CAS ) . Customers w ith NAC M anagers ( Clean
Access M anagers or CAM ) w hich updated their Cisco U pdates rule-sets betw een
3 : 15 AM P S T 11/11/2 0 0 8 and 11: 15 AM P S T 11/11/2 0 0 8 are affected and subseq uent
updates w ill not be dow nloaded. T he affected version of the rule is O S D etection
F ingerprint V ersion 7 .
B y default a NAC M anager installed w ithin a customer environment w ill automatically
poll Cisco U pdates for O perating S ystem detection fingerprinting.
Note: ‘ O S D etection F ingerprint’ is referred to as ‘ O S D F ’ for the remainder of this
document. NAC M anager and CAM as w ell as NAC S erver and CAS are synonymous
and are used interchangeably throughout this document.
B a c k g r o u nd
O S D F version 7 has a softw are bug that may result in a loss of service for NAC S ervers.
T his version has been removed from the update server.
T his documentation is intended to be a complete step-by-step procedure for repairing any
impacted O S D F v7 NAC Appliances. P lease contact Cisco T echnical Assistance Center
if you ex perience anything not covered by this procedure.
T his field notice affects only customers w ith O S D etection F ingerprint ( O S D F ) V ersion 7
on their NAC M anagers. Customers w ith O S D F V ersion 6 and prior or V ersion 8 and
later on their NAC M anagers are not affected.
P r o b l e m S y m p t o m
a) A NAC M anager w hich dow nloads O S D F version 7 w ill subseq uently stop receiving
new rules and check s published via Cisco U pdates.
b) A new NAC S erver added to the NAC M anager w ith O S D F version 7 w ill not be
displayed in the NAC M anager U I .
c) Any NAC S erver that disconnects from the NAC M anager w ith O S D F version 7
cannot be re-connected.
d) A 5 0 3 E rror appears and block s H T T P access to the NAC M anager U I if the NAC
M anager w ith O S D F version 7 is in H igh Availability mode and fails over.
e) T his issue affects all releases of Cisco NAC Appliance S oftw are ( Cisco Clean Access
S oftw are) .