Document ID: 71272
Contents
Introduction
Prerequisites
Components Used
Conventions
Configure Cisco Secure Services Client with CTA in a NAC Environment
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
This document describes how to configure Secure Services Client with Cisco Trust Agent (CTA) in a Network Admission Control (NAC) environment.
Prerequisites
Components Used
This section lists the software versions used in this document.
-
Cisco Secure Services Client version 4.0
The Cisco Secure Services Client is available for download from Cisco.com Software Center ( registered customers only) .
-
Cisco Trust Agent version 2.0.0.30 or higher (without supplicant)
Cisco Trust Agent is available for download from the Cisco.com Software Center ( registered customers only) .
Conventions
For more information about document conventions, refer to Cisco Technical Tips Conventions.
Configure Cisco Secure Services Client with CTA in a NAC Environment
The Cisco NAC environment is a multipartner program designed to limit damage caused by viruses and worms. In order to control network access, NAC monitors network devices to ensure they comply with network security policies. Cisco Secure Services Client and the CTA are core components of the NAC environment. Every device that seeks network access contacts a network access device (router, switch, VPN concentrator, or firewall). These devices demand endpoint security credentials through Cisco Secure Services Client and CTA. This information is relayed to policy servers in order to allow or deny admission to the network.
Note: CTA must be installed on all hosts that require validation for network access.
CTA allows the NAC application to determine if the necessary partner software products, such as antivirus software, are installed and current. CTA also determines current operating system and patch levels.
The key features and benefits of CTA include:
-
Small non-intrusive agent that acts as a middleware component and securely communicates host policy information to the authentication, authorization, and accounting (AAA) policy server through an 802.1X supplicant such as Cisco Secure Services Client. CTA can communicate the Cisco security, operating system, and patch versions, as well as the version of any partner software.
-
Interacts directly with NAC-enabled applications that run on the host without user intervention. CTA communicates with NAC-enabled applications through communication channels integrated by the NAC partners within their applications.
To set up NAC environment with Cisco Secure Services Client and CTA, complete these steps:
-
Download and install the Cisco Secure Services Client and CTA applications.
-
Download and install NAC-enabled applications from the appropriate NAC software partners.
-
Use Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) in order to configure Cisco Secure Services Client to authenticate to the network. Without posture validation, users are placed in a quarantined VLAN.
-
Configure the CTA as instructed in Cisco Trust Agent Administrator Guide (available on the Cisco Web site).
-
Configure partner software to use with the CTA application as instructed in the partner documentation.
Once operational, the NAC is transparent. NAC posture messages are displayed by the CTA on the users screen.
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for Wireless |
| Wireless - Mobility: WLAN Radio Standards |
| Wireless - Mobility: Security and Network Management |
| Wireless - Mobility: Wireless IP Voice and Video |
| Wireless - Mobility: Getting Started with Wireless |
| Wireless - Mobility: General |
Related Information
| Updated: Sep 14, 2006 | Document ID: 71272 |