Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
341342343344345346347348349350
9-41
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
Agent Posture Assessment Process
Figure 9-10 details the Cisco NAC Appliance client posture assessment process (with or without
network scanning) when a user authenticates via the Agent.
Figure 9-10 Agent Posture Assessment
The following user roles are used for Cisco NAC Appliance and must be configured with traffic policies
and session timeout:
Unauthenticated Role—Default system role for unauthenticated users (Agent or web login) behind
a Clean Access Server. Web login users are in the unauthenticated role while network scanning is
performed.
Agent Temporary Role—Agent users are in the Temporary role while Agent requirements are
checked on their systems.
Quarantine Role—Both web login and Agent users are put in the Quarantine role when network
scanning determines that the client machine has vulnerabilities.
If a user meets Agent requirements and/or has no network scanning vulnerabilities, the user is allowed
access to the network in the normal login user role or “restricted access” role. See Client Posture
Assessment Roles, page 6-5 for additional details.
During user login/remediation, the Agent dialogs present different buttons that users can click depending
on the type of Agent installed and the requirement(s) assigned to validate the client machine. For specific
information on Agent dialogs and behavior, see Chapter 10, “Cisco NAC Appliance Agents.
Configuring AV/AS Definition Update Requirements
The AV Definition Update and AS Definition Update requirement type can be used to report on and
update the definition files on a client for supported antivirus or antispyware products. If the client fails
to meet the AV/AS requirement, the Agent communicates directly with the installed antivirus or
antispyware software on the client and automatically updates the definition files when the user clicks the
Update/Remediate button on the Agent dialog.