IBM Tivoli and Cisco Network Card User Manual

Open as PDF

of 516

Chapter 3. Component structure 45

EAP methods Provide a mechanism to authenticate the application

or device requesting the host credentials, and

encrypts or decrypts that information.

Network Admission Control Appliance

The Network Admission Control Appliance consists of the following

subcomponents:

 Clean Access Manager (CAM)

 Clean Access Server (CAS)

 Clean Access Agent (CAA)

 Clean Access Policy Updates

Clean Access Manager (CAM)

The Clean Access Manager is the administration server and database that

centralizes configuration and monitoring of all Clean Access Servers, users, and

policies in a Cisco NAC Appliance deployment. The Web admin console for the

Clean Access Manager is a secure, browser-based management interface. For

out-of-band (OOB) deployment, the Web admin console provides the Switch

Management module to add and control switches in the Clean Access Manager's

domain and configure switch ports.

Clean Access Server (CAS)

The Clean Access Server is the gateway between an untrusted and a trusted

network. The CAS enforces the policies you have defined in the CAM Web admin

console, including network access privileges, authentication requirements,

bandwidth restrictions, and NAC Appliance system requirements. It can be

deployed

in-band (always inline with user traffic) or out-of-band (inline with user

traffic only during authentication/posture assessment). It can also be deployed in

Layer-2 mode (users are L2-adjacent to CAS) or Layer-3 (users are multiple L3

hops away from the CAS) mode.

Clean Access Agent (CAA)

When enabled for your Cisco NAC Appliance deployment, the Clean Access

Agent can ensure that computers accessing your network meet the system

requirements you specify. The Clean Access Agent is a free, read-only,

easy-to-use, small-footprint program that resides on user machines. When a user

attempts to access the network, the Clean Access Agent checks the client

system for the software you require, and helps users acquire any missing

updates or software.

Agent users who fail the system checks can be assigned to the

temporary role.

This role gives users limited network access to the resources needed to comply

with the Clean Access Agent requirements. Once a client system meets the

requirements, it is considered

clean and allowed network access.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM Tivoli and Cisco Network Card User Manual