Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC 4.7.2 NAA Checks, Rules and Requirements

As I Understand the way these work is sort of like this.

A Check is something that could be looked for on a device with an installed NAA.

A Check really doesn't do anything until it is coupled in a Rule which will return the equivalent of a true or false.

The Rule simply shows whether or not something complies with it but unless there a Role Requirement NAC will do nothing to force remediation or prevent access provided authentication (login) passes.

Say I have what I perceive as a single employee user role based upon mapping but I have 2 very different OS's Window and MAC OSx. If I create a requirement for that role and it is Necessarily Windows-centric would it effectively keep the MAC OSx agents from accessing the network?  Do I need to have a WINemployee role and a MACemployee role? 

Thanks!

Bob

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAC 4.7.2 NAA Checks, Rules and Requirements

Bob,

The agent is intelligent enough to discern that if a MAC is logging in, and your requirements are all Windows, it won't check for them. So long story short, you don't need a separate role for the MACs.

HTH,

Faisal

2 REPLIES

Re: NAC 4.7.2 NAA Checks, Rules and Requirements

Bob,

The agent is intelligent enough to discern that if a MAC is logging in, and your requirements are all Windows, it won't check for them. So long story short, you don't need a separate role for the MACs.

HTH,

Faisal

New Member

Re: NAC 4.7.2 NAA Checks, Rules and Requirements

Thank you Faisal!

I may be over thinking things a bit.

Bob

526
Views
0
Helpful
2
Replies
CreatePlease to create content