If you have users or guest desktops/laptops with windows vista or windows 7 installed that cannot access the network via NAC, it is due to a problem with windows User account Control. When this feature is enabled (it is by default), it doesn’t work properly because NAC requires Internet Explorer to run in elevated mode in order to release and renew IP addresses.
There are two workarounds to this issue
1. Right click IE and selecting run as administrator (this only works if the user has administrative rights to local PC) and then access the nac page. In many cases the user does not have administrative rights to the computer, so they can not run IE as admin, nor can they disabled user account control. http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/461/461rn.html#wp791975
2. There is also a way on the NAC appliance to bounce switch port via NAC instead of windows which will allow the PC to properly renew the IP address.
In OOB Management > Profiles>Port>choose profile to edit
Make sure the check box for Bounce the port based on role settings after VLAN is changed is checked off and update
Then navigate to User Management>User roles>Choose role and edit
Make sure Bounce switch Port after login ( OOB ) is enabled as well as Refresh IP after Login( OOB ) and save role .
