Chapter 14 Network Admission Control
About Network Admission Control
14-2
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
NAC AAA Components
The following list defines the components of the NAC AAA paradigm.
Posture
Validation, page 14-3
, describes the posture validation process in which these
components are used.
•
NAC-client computer
—A computer running NAC software, as follows:
–
NAC client
—The NAC client is the Cisco Trust Agent (CTA)
application. CTA collects data directly from the computer and from any
NAC-compliant applications installed on the computer. It uses this data
to create a set of attributes that contain information about the posture of
the computer. These attributes are also called
credentials
. For more
information about credentials, see
About NAC Credentials and
Attributes, page 14-11
.
–
NAC-compliant applications
—Applications that integrate with the
NAC client. Examples of such applications are Cisco Security Agent and
anti-virus programs from Network Associates, Symantec, or Trend
Micro. These applications provide the NAC client with attributes about
themselves, such as the version number of a virus definition file.
•
AAA client
—A network access device, such as a router, whose operating
system supports NAC.
•
Cisco Secure ACS
—Performs posture validation of the NAC-client
computer, using either internal policies, external policies, or both. When
external policies are used, Cisco Secure ACS forwards posture validation
requests to a NAC server.
•
NAC server
—Performs posture validation of the NAC-client computer when
Cisco Secure ACS is configured to use external policies.
•
Remediation server
—Provides support to NAC-client computers needing
repairs or updates to comply with network admission requirements.