HP BladeSystem bc2000 Cisco Network Access Control for HP Thin Clients and CCI - Page 23

23

Policy Enforcement Using Clean Access Agent

Now that the Clean Access and thin client firewall policies are defined, we will demonstrate policy

enforcement for both thin client and HP blade PCs using Cicso Clean Access Agent. We begin by

ensuring that none of the blades or thin clients being tested is on the list of certified clients.

Open the CAM console (

http://10.3.3.3

on your Web browser, in this reference implementation).

Click

Clean Access

under

Device Management

in the left panel. Click the

Certified Devices

tab, and then click

Certified List

. Click

Clear Certified

to ensure the system is checked upon clean

access agent connection to the network. The following illustration shows the default configuration after

clearing system entries.

Section	Page
Contents	1
Introduction	2
The Components	2
HP PC Client Computing Solutions	2
Network Access Control	3
Cisco Network Admission Control	3
Implementation Prerequisites	4
The Implementation	4
NAC Installation	4
Configuring Policy Settings	5
Testing Methods	5
Thin Client Policy	5
Blade PC Policy	12
End-Point Configuration	17
Thin Client Firewall Exceptions	17
Policy Enforcement Using Clean Access Agent	23
Thin Client Policy Enforcement	24
Special Thin Client Consideration: Committing Image Changes	27
Blade PC Policy Enforcement	32
Closing Observations	39
Appendix A - CISCO 3560 Switch Configuration	40
For more information	42
HP Links	42
CISCO NAC Links	42

HP BladeSystem bc2000 Cisco Network Access Control for HP Thin Clients and CCI - Page 23

Policy Enforcement Using Clean Access Agent, Clean Access, Device Management, Certified Devices

Page 23 highlights