Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

1-9

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 1 Introduction

Client Login Overview

Enable OOB logoff for

Windows NAC Agent and

Mac OS X Agent

Check this option to enable OOB Logoff. This option applies globally to all OOB CASs and user

roles and enables Agent logout and heartbeat timers for OOB Agent connections. You must also

enable this option for Passive Re-assessment to function with OOB Agent connections. See

Configure Out-of-Band Logoff, page 9-6 for more details.

Require use of Agent (for

Windows and Macintosh

OSX only)

Click this checkbox to redirect clients in the selected user role and OS to the Agent Download

Page Message (or URL) after the initial web login. Users will be prompted to download, install,

and use the Agent to log into the network. To modify the default download instructions, type

HTML text or enter a URL.

Note Agent requirement configuration must also be completed as described in Configuring

Agent-Based Posture Assessment, page 9-39

The Require use of Agent and Require use of Cisco NAC Web Agent options are not

mutually exclusive. If you choose to enable both options, both choices appear to users

when they are directed to the Login Page.

Require use of Cisco NAC

Web Agent (for Windows

only)

Click this checkbox to redirect clients in the selected user role and OS to the Cisco NAC Web

Agent Download Page Message (or URL) after the initial web login. Users will be prompted

to download, install, and access the network using the temporal Cisco NAC Web Agent. To

modify the default download instructions, type HTML text or enter a URL.

Note Agent requirement configuration must also be completed as described in Configuring

Agent-Based Posture Assessment, page 9-39

The Require use of Agent and Require use of Cisco NAC Web Agent options are not

mutually exclusive. If you choose to enable both options, both choices appear to users

when they are directed to the Login Page.

Allow restricted network

access in case user cannot

use NAC Agent and

Cisco NAC Web Agent

Click this optional checkbox to allow users to have restricted network access if they choose not

to install the Cisco NAC Agent or launch the Cisco NAC Web Agent. This feature is intended

primarily to allow access for users logging into a user role that requires an Agent, but who have

systems on which they cannot download and install the Agent (as in the case of

inadequate/non-admin privileges on the machine, for example).

Users can also take advantage of “restricted” network access to gain limited network access

when the client machine fails remediation and the user must implement updates to meet network

access requirements before they can log in using their assigned user role.

For details, see Configure Restricted Network Access for Agent Users, page 9-10.

Restricted Access User

Role

Use this dropdown menu to specify a user role for users who accept restricted network access

instead of installing the Cisco NAC Agent or installing and launching the Cisco NAC Web

Agent.

Restricted Access Button

Text

You can change the text in this box to show users who can log in to the Cisco NAC Appliance

system a “customized” button in the Agent login dialog process.

Table 1-1 Agent Login—General Setup Configuration Options (continued)

Control Description