Security

Hi Team,

 

what are the requirements that must be considered to implement "NAC" on a network?

 

What are the steps to implement ONGUARD with cisco switches?

 

Please a need help me

 

Regards,

 

OnGuard is only available for desktop operating systems (Windows, OS X, Linux).

 

Implementation is relatively simple.

 

At a high level:

 

In ClearPass, you configure the posture policies by operating system. These can include:

   - Firewall enforcement

   - Antivirus enforcement

   - Installed application enforcement

 

If the device does not have OnGuard installed, ClearPass tells the Cisco switch to redirect the user to the install page.

 

Once OnGuard is installed, it communicates with ClearPass directly to inform about posture changes. If the device goes out of compliance, ClearPass can trigger the switch to bump the user and redirect them to a quarantine VLAN.

 

 

Hi,

 

cappalli, 

 

In the configuration the ClearPass in the service.

 

First is user authentication?

   For example 802.1x

And then the verification of compliance?

 

Regards,

 

 

Correct. If a client doesn't have OnGuard installed, they'll usually get the "Unknown" posture token. In your 802.1X authorization, you can say:

If TIPS POSTURE EQUALS Unknown
Return a quarantine VLAN and Cisco redirect URL.

Hi.

 

Perfect.

 

When using 802.1x (WIRED). That is advisable to use authentication?

 

Regards,

You can use MAC-Auth or 802.1X on the wire. 802.1X would be the most secure.

Ok,

 

If a guest user should then use MAC authentication and not use agent.

 

Regards,

You could have a guest user use the dissolvable web agent if you wanted.

Hi,

 

Perfect. I thank you for the support. It has been very helpful

 

Regards,

Sorry Tim,

 

What is the redirect to the ENFORCEMENT PROFILE set to cisco

 

Regards,

Try something like this (you'll need to build the web page).

 

Thanks Tim.

 

Thanks very much :smileyvery-happy: