NAC Framework and CTA

jason.eberhard — Fri, 21 Feb 2020 11:20:44 GMT

I've had a NAC Framework test environment (ACS 4.0 & CTA 2.1) for a couple of years now. We finally have the green light to move forward into production so I'm bringing more machines into the lab for additional testing.

I went to download the CTA again today as I couldn't find my original file and I see this in the 2.1 release notes (which I don't remember seeing before):

"Cisco Secure Services Client (SSC) replaces the CTA 802.1x Wired Client as the preferred supplicant in a deployment of the NAC security solution. NAC is supported for use in a wired network environment."

So should I now download the non-supplicant version of CTA and use it with SSC? I'm not sure I see the benefit of that.

Plus wouldn't that mean my switchports would need to be configured for both 802.1x and EAPoUDP for auth and posture respectively since the non-supplicant CTA doesn't use 802.1x like the supplicant version.

The above is the reason I hadn't used the CTA on any Mac clients and just do 802.1x with no posture for them.

Re: NAC Framework and CTA

APatotski — Fri, 24 Jul 2009 06:13:48 GMT

Hello JASON,

You can use SSC with non-supplicant CTA in 802.1x NAC framework environment. You do not need to config EAPoUDP on switchports.

topic Re: NAC Framework and CTA in Network Security

NAC Framework and CTA

Re: NAC Framework and CTA