Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
5
Helpful
2
Replies

Difference in NAC between filter and certified devices

smesiatowsky
Level 1
Level 1

‎12-14-2007 07:39 AM - edited ‎02-21-2020 01:49 AM

I cannot seem to figure what what the difference is between filters and certfied devices in the NAC CAM interface. Both seem to allow devices to bypass authentication and posture assesment. When would one be perferred over the other?

0 Helpful
2 Replies 2

gojericho0
Level 1
Level 1

‎12-14-2007 01:11 PM

This topic was confusing to me as well when I first started with NAC. Let me see if I can help...

Filters provide requirements for authentication and posture assessment. It enables end-point devices to be checked for authentication, posture assessment, both, or neither based on either MAC address or Role assignment depending on the filter

A good example for something that you would be it the Allow category would be Printers or IP phones. Because these devices cannot authenticate you would always want them to have access to the LAN without NAC interference. You would add them to an ALLOW filter. The devices remain filtered unless you manually remove them

Certified Devices bypass posture assessment only. Authentication will still be required. These are best used with timers. For example, PCs that successfully complete authentication and posture assessment once are place in the certified device list. We have a certified device timer setup in our enviroment so that a device is checked for posture assessment once every two weeks. Once the two week window has expired all desktop PCs are removed from posture assessment and will once again have to be checked for compliance

You can use both filters and certified devices as a way of create role assignments in an OOB deployment.

HTH

pmccubbin
Level 5
Level 5
In response to gojericho0

‎12-14-2007 01:30 PM

Hi Joshua,

Good answer! A "5" in my book.

Best,

Paul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card