Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco Network Admission Control Appliance, Clean Access Manager CAM, EAP methods

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 63
Image 63

EAP methods

Provide a mechanism to authenticate the application

 

or device requesting the host credentials, and

 

encrypts or decrypts that information.

Network Admission Control Appliance

The Network Admission Control Appliance consists of the following subcomponents:

￿Clean Access Manager (CAM)

￿Clean Access Server (CAS)

￿Clean Access Agent (CAA)

￿Clean Access Policy Updates

Clean Access Manager (CAM)

The Clean Access Manager is the administration server and database that centralizes configuration and monitoring of all Clean Access Servers, users, and policies in a Cisco NAC Appliance deployment. The Web admin console for the Clean Access Manager is a secure, browser-based management interface. For out-of-band (OOB) deployment, the Web admin console provides the Switch Management module to add and control switches in the Clean Access Manager's domain and configure switch ports.

Clean Access Server (CAS)

The Clean Access Server is the gateway between an untrusted and a trusted network. The CAS enforces the policies you have defined in the CAM Web admin console, including network access privileges, authentication requirements, bandwidth restrictions, and NAC Appliance system requirements. It can be deployed in-band(always inline with user traffic) or out-of-band(inline with user traffic only during authentication/posture assessment). It can also be deployed in Layer-2 mode (users are L2-adjacent to CAS) or Layer-3 (users are multiple L3 hops away from the CAS) mode.

Clean Access Agent (CAA)

When enabled for your Cisco NAC Appliance deployment, the Clean Access Agent can ensure that computers accessing your network meet the system requirements you specify. The Clean Access Agent is a free, read-only, easy-to-use, small-footprint program that resides on user machines. When a user attempts to access the network, the Clean Access Agent checks the client system for the software you require, and helps users acquire any missing updates or software.

Agent users who fail the system checks can be assigned to the temporary role. This role gives users limited network access to the resources needed to comply with the Clean Access Agent requirements. Once a client system meets the requirements, it is considered clean and allowed network access.

Chapter 3. Component structure 45

Page 62 Page 64
Page 63
Image 63
IBM Tivoli and Cisco Network Admission Control Appliance, Clean Access Manager CAM, Clean Access Server CAS, EAP methods
Page 62 Page 64