Hi all,
Thank you for your reply.
@CJoseph : That's right that OnGuard is a similar agent, but from my understanding (not much experience with it) it is only for compliance/health check. Customer is not looking just for compliance check but also for replacing the Windows embedded 802.1x feature by an agent. They have both Clearpass and Cisco ISE implemented in their network, apparently Cisco is providing this agent called AnyConnect to replace Windows 802.1x supplicant (first time I hear about it) in order to improve authentication process.
@Cappalli : Basically customer wish to have more flexibility, simplicity and client control.
For instance being able to check authentication logs from the agent (without using the switch debug tool), being able to manually send reauthentication request directly to 802.1x supplicant from Clearpass and not from switch (we are in a wired environment). Aslo being able to send information messages to clients (possible with OnGuard if I remember well).
Lastly add more flexibility on start/logon process sequence, they meet security issues with processing GPOs along with Machine and User authentication. The 802.1x SSO feature isn't enough and revealed itself not working properly on laptop with an endpoint encryption agent.
Note that there is no good or bad answer, Clearpass implementation is successful. Onguard implementation is planned in near future. It is only for curiosity and maybe mid term improvement of the current Clearpass implementation.
Thank you very much.
Br,
Simon