cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
951
Views
10
Helpful
8
Replies

CAA + CTA + CCS?

Roman Rodichev
Level 7
Level 7

NAC requires CAA - Clean Access Agent.

Is CTA required for NAC deployment, and what value does it add?

What about CCS?

8 Replies 8

pcomeaux
Cisco Employee
Cisco Employee

Hi -

The NAC Appliance can use the CAA to provide Single Sign On and Posture for users accessing your network.

CTA is not required for NAC Appliance nor is needed, nor is CSSC.

The NAC Appliance can be deployed in a manner to fit most network architectures.

You may find the Chalk Talk series that the NAC Appliance product team did very informative.

Look for them here:

http://www.cisco.com/go/nac

thxs

peter

Hello Peter and thank you for your reply.

I will check out the Chalk Talk series.

If you were to choose between NAC+CAA and an 802.1X solution (CTA+CSSC), which one is more cost effective? Do they achieve the same goal? Both NAC and 802.1X can do Authentication, Authorization, and Posture Assessment. I'm trying to understand why would someone choose one or the other.

r-frank
Level 1
Level 1

Hello,

NAC Appliance requires CAA, but not CTA.

NAC Framework does not require CAA.

What is CCS ?

Cheers

Rick

Hi Rick,

Let's be clear: NAC Appliance does not require CAA, it is optional. Hope I didn't misinterpret what you meant.

CTA will soon become, if it hasn't already, part of the Open Source Community. My guess it was too much for Cisco to try and maintain so they are going to give it away.

I have no idea what CCS is and am hoping someone in the forum what explain.

Cheers!

Paul

My best guess is that he meant to ask about ACS, instead of CCS.

If so, NAC Appliance does not require ACS.

thxs

peter

CSS is Cisco Secure Services Client, a dot1x suplicant

In response to my comment about NAC requiring CAA, yes it is an option as you can authenticate by the web client and not the Agent if you want.

Cheers

Rick

hi Frank

i Required suggestion on NAC implementaiton, I am on edge of Implementing OOB NAC at one of site. Does ACS is required for User Authentication or Posture Validation or SSO in any manner .

Can it be possible to used ACS as Radius Server and integrate it with AD for Authentication , but then How to implement SSO using CCA ( Clean Access Agent ) ..

As per Cisco DOC its easy to implement SSO in OOB using AD only . But our Presales has suggest for ACS with NAC . pls put ur views on same

Hope u get my query , pls suggest on same

Hi -

ACS is not required for the NAC Appliance to perform SSO or Posture Validation.

The NAC Manager can be configured to talk directly to the AD server via Kerberos. The AD Server needs the ktpass.exe command executed with certain parameters for this to work. Please let me know if you need these details.

KTPASS.exe can be found on the Microsoft Resource CD.

Let me know what follow up questions you have or if you need a link to the documentation.

thxs

peter