Re: User Roles, try this

Thu, 16 Jul 2009 13:01:40 -0700 

What they have in common is akamai.net, it's not the site...  :-)

C:\Documents and Settings\Howard>nslookup www.witn.com 150.216.1.252
Server:  sunny.noc.ecu.edu
Address:  150.216.1.252

Non-authoritative answer:
Name:    a1519.g.akamai.net
Addresses:  128.109.34.37, 128.109.34.40
Aliases:  www.witn.com, gray-cdn-c.clickability.com
          www.graytvinc.com.edgesuite.net


C:\Documents and Settings\Howard>nslookup www.foxnews.com 150.216.1.252
Server:  sunny.noc.ecu.edu
Address:  150.216.1.252

Non-authoritative answer:
Name:    a20.g.akamai.net
Addresses:  128.109.34.40, 128.109.34.45
Aliases:  www.foxnews.com, www.foxnews.com.edgesuite.net

-----Original Message-----
From: Cisco Clean Access Users and Administrators 
[mailto:[email protected]] On Behalf Of Michael Simpson
Sent: Thursday, July 16, 2009 15:54
To: [email protected]
Subject: Re: User Roles, try this

I believe it has something to do with the design of the site.  The CCA login 
does show up in one of the frames but allows the rest of the page to load.  
I've noticed the same behavior with www.foxnews.com.

Michael Simpson
Network Engineer
Utah Valley University

>>> "Speight, Howard" <[email protected]> 7/16/2009 1:36 PM >>>
As a matter of helping the client we do NOT restrict the client from updating 
their machine with Windows update or the supported AV (Symantec) we provide for 
free. That's a good thing for them and us. So in the unauthenticated role I 
have checked the following, see attached file.

A client emails me that he can connect to http://www.witn.com without first 
authenticating through the CCA login page. I say to myself, no way that site is 
not allowed, but I tell the client I will check it out. Guess what he was 
right, it works without authenticating. Why, Both Symantec and WITN use a DNS 
proxy and the same IP address is returned for both sites. This is just one 
example and is by no means limited to this site only.

I'm using CCA version 4.1.8, I suspect this is true for all versions of CCA? 
What about other NAC offerings, anyone care to test a version other than Cisco 
Clean Access?

Yes, I opened a TAC case, jury is still out...

Thoughts, results?

Thanks, Howard

Reply via email to