Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

461

462

463

464

465

466

467

468

469

470

10-49

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 10 Cisco NAC Appliance Agents

Mac OS X Cisco NAC Agent

Mac OS X Agent Restrictions

• The Mac OS X Cisco NAC Agent only supports a subset of the posture assessment functions

available for the Windows Clean Access Agent. (Only Link Distribution, AV Definition Updates,

AS Definition Updates, and Local Checks are supported.)

• The Mac OS X Agent does not support auto-remediation. The user must manually remediate all

mandatory requirements to make the client machine compliant with network security guidelines.

• The Mac OS X Agent does not support IP-based certificates for authentication.

• The Log file (~/Library/Application Support/Cisco Systems/CCAAgent/event.log) is encrypted.

Contact Cisco Technical Assistance Center for help with decryption.

CAM/CAS Restrictions

• Cisco NAC Appliance only supports 10.5 and later. Mac OS 10.2, 10.3, and 10.4 are not supported.

For more information, see Support Information for Cisco NAC Appliance Agents, Release 4.5 and

Later.

• The Mac OS X Agent does not support custom checks and custom rules. You can only assign AV

and AS rules to the Link Distribution, Local Check, AV Definition Update, and AS Definition

Update requirement types for Mac OS X posture remediation.

• You cannot configure the CAM to install the Mac OS X Agent using a stub installer.

Requirement Types Supported for Mac OS X Agent

The Mac OS X Cisco NAC Agent performs a subset of the posture assessment functions supported on

the Windows Clean Access Agent. The posture assessment functions currently supported on the

Mac OS X Agent are:

• Link Distribution—This requirement type refers users to another web page where the software is

available, such as a software download page. Make sure the Temporary role is configured to allow

HTTP (and/or HTTPS) access to the link.

• Local Check—This requirement type can be used to create checks that look for software that should

or should not be on the client machine. For the Mac OS X Agent, Local Checks are used primarily

as a message medium to inform users what to do if/when a particular rule has/has not been met. The

Mac OS X Agent Assessment Report window displays Local Check requirements using a “Message”

icon.

3. In Release 4.9 and later, the VLAN Detect is automatically disabled when the client machine is on VPN connection. The

following VPN clients are supported:

- Cisco VPN Client

- AnyConnect

- Apple Native VPN Client to Cisco IPSEC

- Shimo(User Interface for Cisco IPSEC client)

4. During the discovery, all the VLAN Detect parameters are set to their default values and these values cannot be overridden.

The parameters are: RetryDetection, PingArp, PingMaxTimeout, and VlanDetectInterval. Refer to Table 10-1 for the

default values of these parameters.