Table of Contents
Advertisement
ABBC will institute posture-based network admission. Systems deemed in
noncompliance will be quarantined and allowed to access only the remediation
network. Figure 5-1 shows a conceptualized view of the functional requirements.
Workstation
-Tivoli SCM Client
-Cisco NAC Agent
3
3
Remediation
Figure 5-1 NAC solution conceptual functional requirements
The steps of the basic flow are:
1. The workstation, whether local or remote, attempts to access the ABBC
network. IEEE802.1x credentials are supplied.
compliance check
2. A
enabled device (for example, a router, switch, or Clean Access Server). This
enforcement device requests the posture status from the client, then queries
the Cisco NAC server (may be Cisco Secure Access Control Server or Clean
Access Manager) policy to make an access decision. If the system meets the
posture policy criteria, it is allowed access to the production network. For
illustration purposes we assume that the system does not meet the criteria,
and we continue through the flow.
3. Having failed the posture compliance check, the client workstation is denied
access to the production network. The workstation is now considered to be in
quarantined
status and is allowed to access only a subset of the network
(what we are calling the remediation network).
Cisco
NAC
Server
1
1
Compliance
2
2
Tivoli
Configuration
Manager
is initiated by the Cisco Network Admission Control
Tivoli
Security
Compliance
Manager
-
Posture Policy
Check
4
4
Production
Chapter 5. Solution design
99
Advertisement
Table of Contents
