1. I understand it is a NAC that can be integrated into any 802.1x switch. However, certain level of firmware version is required. But I also heard that it still can be achieve using SNMP. Is that correct?
This is correct, but the snmp option have some caveats when changing VLANs or when a device is behind a VoIP phone2. I also understand that a client software needs to be installed. But there is also an option for being clientless. What is the pro and cons with or without client software installed?
1- Persistent agent
provides nonstop monitoring and automatic remediation and control. When running persistent OnGuard agents, ClearPass
Policy Manager can centrally send system-wide notifications and alerts, and allow or deny network access. The persistent agent
also supports auto and manual remediation.
2- Dissolvable agent is ideal for personal
non IT-issued devices that connect via a captive portal and do not allow agents to be permanently installed. A one-time check at
login ensures policy compliance. Devices not meeting compliance can be redirected to a captive portal for manual remediation.
Once the browser page used during authentication is closed, the dissolvable agent is removed leaving no trace.
What kind of switches do you have?
The persistent agent also adds a ton more features like automatically killing banned applications (or not letting the device on the network if the application is installed, good example is BitTorrent). It can also detect registry keys, can shut down running VM guests, etc.
i dont want to install onguard agent on my clinet pc, and we dont have captive portal page,
can we use dissolvable agent for wireless pc connection?
how redirect them once they connect to network to dissolvable agent page?
Are there any guides available from Aruba regarding the integration with Microsoft NAP?
I hadn't heard of Microsoft NAP until reading this post.
Ideally, I would like the ClearPass to remain as the RADIUS server, but have the NAP clients send their status information to the CPPM.
Oh really? Thank you for telling me that. I am glad I didn't invest to much time into it.
That being said, what would your recommendation be for the OP today?
I like the idea of this agent.
I have another tool I use to do software deployment that installs an agent. I could leverage the data stored in this tool to do "health checks". It is cool though that this agent can dynamically change the role of the device depending upon whether it is in violation or not.
Sorry, your right.
I can start another post instead of highjacking someone elses.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.