Clean Access/NAC in Mac OS X

Unanswered Question
Jan 17th, 2010


Please tell me if this is placed in the wrong section, because I don't know where NAC-related questions should be...

At school, Clean Access is used for access to our wireless network. In Windows this worked fine, but I've switched to a MacBook. Now when I log in on the web-based log-in screen, I get a message saying "Windows operating systems are required to run Clean Access Agent".

Is there any way to get access to the wireless network? The school's IT-guys don't support Mac's.

For your info: I DO have the proper login credentials, so getting access to the network isn't any kind of hacking in my opinion.

With kind regards,

Jeroen van Zijp

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
koeppend Sun, 02/21/2010 - 19:41

Try installing the Cisco Clean Access Agent for Mac.

You will need to know exactly what version of NAC they are running because the agent is version specific

Then attempt to authenticate though the agent instead of the web login.

But this will fail if the IT staff have pushed out a policy that dictates only Windows platforms may connect.

Other than that, there is not much you can do other than negotiate with the IT manager that they change the policy to permit you access the web auth and have the ability to download and run the agent client and connect using a mac.


jeroenvanzijp Mon, 02/22/2010 - 07:10

At first, I would like to thank you for your response!

A few weeks ago, I got hold of a Mac-version of the Clean Access Agent. After logging in with it, I indeed got the error about only Windows-clients being allowed. The sysadmins at school are stupid Windows-fanboys and they keep refusing to make an exception for me (at MAC-address level).

Isn't there any way of cloaking available, which works on the latest version of the NAC?

koeppend Mon, 02/22/2010 - 16:24

Well thats the whole point of installing NAC, its to stop this type of activity. So it would seam that their install is doing the job as intended.

The only suggestion I can give you is that you talk to them and put in a request that they permit a VM host on your laptop to connect.

Suggest to them that your going to install Fusion for Mac or parallels (I prefer fusion), then have them install their SOE into that VM session on your mac.

Then get the VM session to authenticate into NAC for you. Remembering that they will have to place an exception into the NAC solution that permit 2x mac addresses will be seen from a single connection.

But I can pretty much guarantee they will 'Arc' up about this because once your VM has done the auth for you, your mac is free to roam the network.

And a majority of 'Windows-fan boys' as you most delicately put it,...hate this

But again, this will fail if they dont permit multiple mac addresses from a single ethernet connection.

P.S. they are not stupid, they are just different, everyone else knows OSx is better


This Discussion

Related Content