HP BladeSystem bc2000 Cisco Network Access Control for HP Thin Clients and CCI - Page 39

Closing Observations, controlled by CAS policy to the 3560 switch.

Get HP BladeSystem bc2000 - Blade PC PDF manuals and user guides View all HP BladeSystem bc2000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 39 highlights

Closing Observations In this reference implementation, CISCO Clean Access NAC appliance has been used to gate access of HP t5720 Thin Clients and Blade HP blade PCs. We have used NAC agents on each client device to validate device configuration and user access to the network. In effect, the CAS bridges the production and quarantine networks and works along with CAS agents on client devices to ensure that configuration policy is met and that users are authorized to access the network. In this example, we've used a Cisco 3560 Layer 3 switch and set policies to move client ports (ports 10 and 11, in this implementation) from quarantine VLAN as a default startup state to the production VLAN. The switchover is accomplished (per settings in Appendix A) by sending SNMP messages (controlled by CAS policy) to the 3560 switch. HP blade PCs did not require special handling prior to loading Clean Access Agent. In the case of t5720 thin clients, the default Sygate firewall is provided by HP in a locked-down mode and ports must be opened to allow traffic between CAS/CAM server appliances and the thin clients. We have walked through the Firewall setup and committing write changes via the EWF. 39

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
39
Closing Observations
In this reference implementation, CISCO Clean Access NAC appliance has been used to gate access
of HP t5720 Thin Clients and Blade HP blade PCs. We have used NAC agents on each client device
to validate device configuration and user access to the network. In effect, the CAS bridges the
production and quarantine networks and works along with CAS agents on client devices to ensure
that configuration policy is met and that users are authorized to access the network.
In this example, we’ve used a Cisco 3560 Layer 3 switch and set policies to move client ports (ports
10 and 11, in this implementation) from quarantine VLAN as a default startup state to the production
VLAN. The switchover is accomplished (per settings in
Appendix A
) by sending SNMP messages
(controlled by CAS policy) to the 3560 switch.
HP blade PCs did not require special handling prior to loading Clean Access Agent. In the case of
t5720 thin clients, the default Sygate firewall is provided by HP in a locked-down mode and ports
must be opened to allow traffic between CAS/CAM server appliances and the thin clients. We have
walked through the Firewall setup and committing write changes via the EWF.