Cisco Clean Access Agent and Network Access Control (NAC)
Need to know if you are in the domain?
Watch a quick video to find out.
The Cisco Clean Access Agent is part of the Cisco Network Access Control (or NAC) network security solution that will provide you with a secure and clean network environment by preventing infected and vulnerable machines from joining the University's network. At the same time, it will provide necessary directions and help pages for machines that do not pass the security requirements. UTHSC has implemented the use of the Cisco NAC and Clean Access Agent to make your network experience productive and secure. The Clean Access Agent ensures that any computers connected to the network have sufficient virus protection and system updates installed. Users who want access to the network must pass these checks to get online.
To provide for a smooth upgrade, please download and install the Cisco Clean Access agent as soon as possible. Having the agent preinstalled will make for a seamless update with minimal impact. Please see the correct preinstallation video for your computer.
Checks for Windows computers: (referred to as validation)
- Valid NetID and Password to gain access to the network
- Anti Virus Software Installed
- Up-to-Date Anti Virus Definitions
- Windows Updates
Checks for MacOS X computers: (referred to as validation)
- Valid NetID and Password to gain access to the network
If a computer does not meet the necessary requirements, the Clean Access Agent will identify the components that need updating and instruct the user on how to update these items. On Windows computers that are part of the uthsc.tennessee.edu domain, the NetID and password provided upon login to the computer is passed on to the Clean Access Agent so you do not need to enter it again (referred to as single sign on) and validation is performed automatically with no user interaction and takes just a few seconds. Computers that are not part of the uthsc.tennessee.edu domain (student laptops, etc.) are required to enter their NetID and password into the Cisco Clean Access Agent login dialog box when they are plugged into the network.
Once the necessary requirements have been confirmed by the Clean Access Agent, control of the network port to which your computer is connected is relinquished and your computer no longer interacts with the NAC servers until the next scheduled validation check or the computer is restarted.
The first time you connect your computer to a live data jack and launch a web browser, you will be redirected to a page for downloading the Cisco Clean Access Agent. Once the Clean Access Agent is installed, you will not be redirected to this page again. Instead, every time Windows or Mac OS X is restarted, the Clean Access Agent will present you with a pop-up window to log into the University network using your UTHSC NetID username and password. Upon successful authentication, the Clean Access Agent will check your computer to make sure it passes certain requirements. If your computer passes these requirements, you will be allowed to successfully log into the network. Otherwise, you will be granted temporary access to specific Web sites where you can get the missing requirements and/or instructions on how to get them from related Web sites. Once you pass all of the requirements, you will be able to access all network services and the Internet while the Clean Access Agent remains in the background. Please note that the server keeps a list of all computers that have passed the requirements. This list is cleared every week to ensure that all computers are patched and that they pass any new requirement, if needed.
Currently, this process is only for wired computers; that is, those computers that are plugged into the network with an ethernet cable. Later, wireless access will also require installation of the Cisco Clean Access Agent.
