Hi,
With old Cisco NAC Framework (based on Cisco ACS 4.0, not available on 5.X), you can authenticate users with cisco 802.1X switches and push ACLs in Cisco Routers and PIX. NAC Framework Host checker is based on DLL files which must be added and configured manually on host.
This solution is not developped by Cisco since 2006/2007.
Juniper permit to authenticate user for:
- 802.1X Lan access with OAC Client (including host checker component)
- 802.1X Wifi access with OAC Client (including host checker component)
- 802.1X Lan access with Microsoft XPSP3, Vista SP1 802.1X supplicant and NAP host checker component
- L3 Authentication (through HTTPS connection) with OAC client (including host checker component)
- HTTPS authentication and Java / ActiveX hostchecker
- Mac Address authentication for printers, IP phones, ...
Host Enforcement can be done by:
- Any 802.1x compatible switch
- Juniper SSG/ISG/SRX Firewall with source based authorization for Clientless users
- Juniper SSG/ISG/SRX Firewall with source based authorization for OAC clients
- Juniper SSG/ISG/SRX Firewall with dynamic VPN for OAC clients (VPN client included in OAC)
- Juniper SSG/ISG Firewall redirect HTTP connections to IC appliance for unauthenticated clients (non implemented in SRX)
- Host enforcer (included in OAC) activate local firewall on OAC agent with rules based on Role identified by IC policy
Juniper UAC is compatible with TNC components:
- IF-TNCCS (NAP compatibility)
- IF-MAP (Metadata Access Point)
To deploy OAC agent, the procedure is:
- Install OAC agent on admin host
- Configure connection parameters according with company policy (authentication type, Machine authentication vs user authentication, SSID for wifi usage, ...)
- create a MSI file based on this configuration
- install MSI files through company solutions (AD GPO, Microsoft SMS, ...)
