Cisco Secure Services Client

In Chapter 2, "Cisco Trust Agent," we covered CTA and its included 802.1X wired supplicant. In this chapter, we look at the Cisco Secure Services Client. This is a full-featured 802.1X supplicant for wired and wireless interfaces that integrates natively with NAC. This is important because the integration allows the posture validation to take place in the 802.1X exchange itself, within the authentication phase. Thus, posture information can be used along with authentication credentials for VLAN assignment.

NOTE The Cisco Secure Services Client was previously the Meetinghouse AEGIS SecureConnect client. Cisco acquired Meetinghouse in August 2006.

Table 3-1 compares the CTA 2.1 wired 802.1X client with the Cisco Secure Services Client.

Table 3-1 Comparison of CTA Wired Client and the Cisco Secure Services Client

Features/OS Support

CTA 2.1

Cisco Secure Services Client 4.0

Wired connections

Wireless connections

Windows 2003 Server (Enterprise, Standard, and Web)

Windows XP Professional

Windows 2000 (Professional and Server)

EAP support

FAST v.1a

FAST v.1a, EAP-LEAP, EAP-PEAP, EAP-TTLS, EAP-TLS

Network profiles

One

Multiple profiles allowed

Network adapter support

Wired only

Unlimited adapter support

NOTE Note that the Microsoft 802.1X supplicant is not included in this chapter. This is because the current Microsoft supplicant does not natively support NAC. This means that posture validation cannot occur in the 802.1X authentication phase. You can still use the Microsoft supplicant for 802.1X authentication, and when authentication is complete, CTA can be used for posture validation using NAC-L2-IP or NAC-L3-IP. However, in this case, authentication and posture validation are completely independent of one another. Cisco and Microsoft have agreed to work together to allow interoperability between NAC and Microsoft's Network Access Protection (NAP). Both Windows Vista and the next release of Windows Server (code-named Longhorn) will natively support NAC without the need for CTA.

If you do not plan to install the Cisco Secure Services Client, it is safe to skip this chapter and continue on to Chapter 4, "Configuring Layer 2 NAC on Network Access Devices."

0 0

Post a comment