cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
304
Views
0
Helpful
3
Replies

NAC 4.1 Posture Validation

acharyr123
Level 3
Level 3

Hi,

Whether Cisco NAC 4.1 does system check continuously after being logged in?

3 Replies 3

pmccubbin
Level 5
Level 5

Hi Partha,

It all depends on what you mean by "check continuously" because this is a setting which can be set. Though I doubt anyone would set it so low that it would be checking all the time. Everyday or so is usually good enough, unless you notice a higher than normal number of problems on your network.

This is taken directly from the Cisco NAC Appliance Field Q&A:

"Yes. The administrator can set the length of time after which all users on the certified devices list will need to be rescanned. Most customers require rescanning between once daily and once weekly. Administrators can also manually reset the certified devices list in the event of high worm and virus activity."

Hope this helps.

Paul

Hello Paul,

Where do you configure this? (timer for the certified devices to be rescanned)

The only option I've found is in "Certified Devices / timer" and then delete the X last certified devices every Y min.

This mean these devices have to go through an authentication/posture assessment again.

What I would like is a "silent" posture assessment every X min, and when the result is negative then disconnect the device.

Because in OOB Mode after a successful authentication / posture assessment, the users have then the possibility to do something "nasty".

Many thanks.

Regards

Rishi

Hi Rishi,

The "Silent" Posture assessment sounds like a great feature request. Unfortunately, here is what the documentation states:

"In most OOB deployments (except L2 OOB Virtual Gateway where the Default Access VLAN is the Access VLAN in Port profile), the client, after posture assessment, needs to acquire a different IP address from the Access VLAN."

I don't see anyway around having end users go through the authentication/posture assessment again.

You are correct that in OOB mode end users have the ability to do something "nasty" after they have been allowed on the network.

I suppose another layer of security is what is needed in these cases, like a Cisco Security Agent to prevent Day Zero attacks.

Hope this helps.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: