Difference in NAC between filter and certified devices
I cannot seem to figure what what the difference is between filters and certfied devices in the NAC CAM interface. Both seem to allow devices to bypass authentication and posture assesment. When would one be perferred over the other?
Re: Difference in NAC between filter and certified devices
This topic was confusing to me as well when I first started with NAC. Let me see if I can help...
Filters provide requirements for authentication and posture assessment. It enables end-point devices to be checked for authentication, posture assessment, both, or neither based on either MAC address or Role assignment depending on the filter
A good example for something that you would be it the Allow category would be Printers or IP phones. Because these devices cannot authenticate you would always want them to have access to the LAN without NAC interference. You would add them to an ALLOW filter. The devices remain filtered unless you manually remove them
Certified Devices bypass posture assessment only. Authentication will still be required. These are best used with timers. For example, PCs that successfully complete authentication and posture assessment once are place in the certified device list. We have a certified device timer setup in our enviroment so that a device is checked for posture assessment once every two weeks. Once the two week window has expired all desktop PCs are removed from posture assessment and will once again have to be checked for compliance
You can use both filters and certified devices as a way of create role assignments in an OOB deployment.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...