https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599574#M75907 <P>Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies</P><P>&nbsp;</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html</P> Fri, 19 Dec 2014 14:02:55 GMT Venkatesh Attuluri 2014-12-19T14:02:55Z https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599572#M75898 <P>Hello all,</P><P>&nbsp;</P><P>The basic idea of what I am wanting to do is control access to networks based on computers having up to date Antivirus installed on a computer.&nbsp; If the computer does not, it is denied access or put off for remediation.&nbsp; I am in a Windows AD environment with two RADIUS servers at a central location.&nbsp; Each one of my remote sites has a Cisco 2901,2911, or a 2951 with the ipbase, securityk9, datak9, and uck9 licensed router as the edge device.&nbsp; I would like to somehow use the Cisco routers to use NAC to evaluate the computers and make the decision for network access.&nbsp; I only use 1 brand of AV software so the setup should hopefully be simple.&nbsp; Can someone give me some pointers on the best way to do this using NAC, RADIUS, NPS, or some combination to do this.&nbsp; I am not opposed to buying a Cisco device to put at my headquarters for this function.&nbsp; I would really like to not buy a device for all of my locations.</P><P>&nbsp;</P><P>Thanks in Advance,</P><P>&nbsp;</P><P>David</P> Mon, 11 Mar 2019 05:12:47 GMT https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599572#M75898 David Lee 2019-03-11T05:12:47Z https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599573#M75903 <P>Hi David, it sounds like you are trying to perform "Posture Assessment" The legacy Cisco product that can do this is Cisco NAC. The newer and definitely recommended solution/product would be Cisco ISE. With ISE you can accomplish everything that you have listed above. You need to make sure that you are running on supported hardware/software:</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html">http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html</A></P><P>The most important feature that you will need is CoA (Change of Authorization). This feature will allow you to place the ISE nodes centrally and not having to run them inline.&nbsp;</P><P>For more information on ISE check out its main page and/or contact your local Cisco partner:</P><P><A href="http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html">http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html</A></P><P>Hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 25 Nov 2014 04:01:12 GMT https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599573#M75903 nspasov 2014-11-25T04:01:12Z https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599574#M75907 <P>Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies</P><P>&nbsp;</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html</P> Fri, 19 Dec 2014 14:02:55 GMT https://community.cisco.com/t5/network-access-control/controlling-network-access/m-p/2599574#M75907 Venkatesh Attuluri 2014-12-19T14:02:55Z