Specifications
10-25
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 10 Cisco NAC Appliance Agents
Cisco NAC Web Agent
Figure 10-33 Windows RADIUS Challenge-Response Authentication Successful
Cisco NAC Web Agent
This chapter describes how to configure the Cisco NAC Web Agent to allow users to log in to the network
without requiring a permanent, dedicated network access application on the client machine.
• Overview, page 10-25
• Configuration Steps for the Cisco NAC Web Agent, page 10-27
• Cisco NAC Web Agent User Dialogs, page 10-28
Overview
Warning
Cisco does not recommend using the Cisco NAC Web Agent on client machines connecting with link
speeds slower than 56Kbits/s.
The Cisco NAC Web Agent provides temporal posture assessment for client machines. Users launch the
Cisco NAC Web Agent executable, which installs the Web Agent files in a temporary directory on the
client machine via ActiveX control or Java applet. When the user terminates the Web Agent session, the
Web Agent logs the user off of the network and their user ID disappears from the Online Users list.
After users log into the Cisco NAC Web Agent, the Web Agent gets the requirements configured for the
user role/OS from the Clean Access Server, checks the host registry, processes, applications, and
services for required packages and sends a report back to the CAM (via the CAS). If requirements are
met on the client, the user is allowed network access. If requirements are not met, the Web Agent
presents a dialog to the user for each unmet requirement. The dialog (configured in the New Requirement
form) provides the user with instructions and the action to take for the client machine to meet the
requirement. Alternatively, if the specified requirements are not met, users can choose to accept
“restricted” network access (if you have enabled that option in the Device Management > Clean Access
> General Setup > Agent Login page) while they try to remediate the client machine so that it meets