Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
301302303304305306307308309310
9-2
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Overview
Note Most requirement remediation actions (like Windows Updates and AV/AS support updates) require the
user to have administrator privileges on the client machine. Therefore, Cisco recommends you ensure
that users of client machines undergoing posture assessment and remediation have administrator-level
privileges.
Users in L3 Deployments
Cisco NAC Appliance supports multi-hop L3 deployment and VPN concentrator/L3 access from the
Agent. This enables clients to discover the CAS when the network configuration puts clients one or more
L3 hops away from the CAS (instead of in L2 proximity). You must Enable L3 Support on the CAS and
ensure there is a valid Discovery Host for the Agent to function in multihop L3 environments or behind
a Cisco VPN concentrator.
Distribution
The Cisco NAC Agent Installation files and the Cisco NAC Web Agent are part of the Clean Access
Manager software and are automatically published to all Clean Access Servers. To distribute the Agent
to clients for initial installation, you require the use of the Agent for a user role and operating system in
the General Setup > Agent Login tab. The CAS then distributes the Agent Setup file when the client
requests the Agent. (This behavior does not apply to the Cisco NAC Web Agent.) If the CAS has an
outdated version of the Agent, the CAS acquires the newest version available from the CAM before
distributing it to the client.
Auto Upgrade
By configuring Agent auto-upgrade in the CAM, you can allow users to automatically upgrade upon
login to the latest version of the Agent available on the CAM. With the Cisco NAC Web Agent, users
automatically download the latest version of the temporal Agent available on the CAM.
Installation
You can configure the level of user interaction required when users initially install the Agent.
Out-of-Band Users
Because Out-of-Band users only encounter the Agent during the time they are In-Band for authentication
and certification, Agent configuration is the same for In-Band and Out-of-Band users.
Rules and Checks
With pre-configured Cisco checks and rules, or custom checks and rules that you configure, the Agent
can check if any application or service is running, whether a registry key exists, and/or the value of a
registry key. Cisco pre-configured rules provide support for Critical Windows OS hotfixes.
Agent Updates
Through the Updates page of your CAM web console, Cisco tracks and provides multiple updates per
hour, including the latest versions of Cisco NAC Agent installers and Cisco NAC Web Agent installation
packages as they become available. See Retrieving Cisco NAC Appliance Updates, page 9-12 for
complete details.