As discussed in Chapter 2, all NAC/NAP solutions consist of the same basic elements. Not all NAC/NAP solutions will contain all of the elements, and some vendors will be better at some elements than others. This section will analyze the following NAC components as they relate directly to Cisco NAC:
A technology to analyze the security posture of the device
A policy-related component to configure and set the policy on what specific security criteria will be analyzed on the device
A technology to communicate the security state of the device to other facets of the NAC/NAP solution
A mechanism that receives the security posture of the device and performs an action based upon those results
A policy-related component to configure and set the policy regarding what action will take place
A remediation technology whose purpose is to bring the device back into compliance
As the solution is detailed, it is important to understand the concept of roles. In Cisco Clean Access, the roles are:
Unauthenticated role — Default for unauthenticated users who have not been given access to the network.
Clean Access Agent Temporary role — CAA users are in the Temporary role while CAA requirements are checked on their systems.
Quarantine role — When a device has security deficiencies and vulnerabilities, they are put into this role.
Normal Login Role — User is logged in successfully.
Defining the current security ...