I've had a NAC Framework test environment (ACS 4.0 & CTA 2.1) for a couple of years now. We finally have the green light to move forward into production so I'm bringing more machines into the lab for additional testing.
I went to download the CTA again today as I couldn't find my original file and I see this in the 2.1 release notes (which I don't remember seeing before):
"Cisco Secure Services Client (SSC) replaces the CTA 802.1x Wired Client as the preferred supplicant in a deployment of the NAC security solution. NAC is supported for use in a wired network environment."
So should I now download the non-supplicant version of CTA and use it with SSC? I'm not sure I see the benefit of that.
Plus wouldn't that mean my switchports would need to be configured for both 802.1x and EAPoUDP for auth and posture respectively since the non-supplicant CTA doesn't use 802.1x like the supplicant version.
The above is the reason I hadn't used the CTA on any Mac clients and just do 802.1x with no posture for them.