Specifications
10-22
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 10 Cisco NAC Appliance Agents
Cisco NAC Agent
Figure 10-30 Successful Logout
24. Once a user has met requirements, the user will pass these Cisco NAC Agent checks at the next login
unless there are changes to the user’s computer or Cisco NAC Agent requirements.
25. If a required software installation requires users to restart their computers, the user should log out
of the network before restarting. Otherwise, the user is still considered to be in the Temporary role
until the session times out. The session timeout and heartbeat check can be set to disconnect users
who fail to logout of the network manually.
RADIUS Challenge-Response Cisco NAC Agent Dialogs
If you configure the Clean Access Manager to use a RADIUS server to validate remote users, the
end-user Cisco NAC Agent login session may feature extra authentication challenge-response dialogs
not available in other dialog sessions—beyond the standard user ID and password. This additional
interaction is due to the user authentication profile on the RADIUS server, itself, and does not require
any additional configuration on the Clean Access Manager. For example, the RADIUS server profile
configuration may feature an additional authentication challenge like verifying a token-generated PIN
or other user-specific credentials in addition to the standard user ID and password. In this case, one or
more additional login dialog screens may appear as part of the login session.
The following section provides and example of the dialog exchange for Windows Cisco NAC Agent user
authentication.
1. The remote user logs in normally and provides their username and password as shown in
Figure 10-31.