Table of Contents
Advertisement
Note: For more information about the ACS architecture and administration
refer to the ACS user guide and ACS administration guides at the Cisco Web
site:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_support_s
eries_home.html
Policy enforcement device
Clients access enterprise resources via the network which makes it an effective
point to validate system posture prior to allowing access to such resources. In the
NAC solution, policy enforcement is accomplished using a network access
device that has the NAC feature set enabled in Cisco IOS (Internetworking
Operating System). The network access device also acts as a client to ACS
which provides it with direction on how to handle connected devices.The
functions of policy enforcement devices are:
The NAD demands endpoint posture
client through a client software component. This information is relayed to ACS
for an admission decision.
Based on appropriate network access policy provided by ACS, the NAD
permits, denies, or restricts the network access of the network client.
The NAD also checks for a change in posture of the client by polling the client
at specified intervals.
Admission control client
The Cisco Trust Agent is a specialized application that runs on network clients. It
collects security posture information from the NAC-compliant applications that
are installed on network clients and reports the posture information to a posture
validation server, which is the Cisco Secure ACS. For the IBM Integrated Security
Solution for Cisco Networks, the posture information is provided by the Tivoli
Security Compliance Manager client. Based on the reported security posture, the
network client is either permitted, denied, or allowed restricted access to the
network.
credentials
from the network-attached
Chapter 3. Component structure
43
Advertisement
Table of Contents
