1. The document shows a network access control diagram with various devices, operating systems, and authentication methods.
2. Key components include a Cisco ACS for EAP-FAST authentication, Microsoft NPS for EAP-TTLS, various system health verifiers (SHV) like Avenda and Juniper products, and integrity measurement verifiers (IMV).
3. Different network devices like switches and access points enforce access control policies using methods such as VLAN assignment, ACLs, and RADIUS routing.
1. Gigamon
Net Monitor
Cisco ACS
EAP-
FAST
Network Access Control
1 HCAP
Windows Windows
Security Center SHA Built-in Device Great Bay
Supplicant Las Vegas 2008 Microsoft NPS
Microsoft XP SP3 Authentication Beacon
Avenda Systems Universal SHV
EAP- (LDAP)
Windows
2 Windows Avenda Systems Linux NAP SHV Device
PEAP
Security Center SHA Built-in Blue Ridge EdgeGuard SHV Database
Supplicant Windows Security Center SHV
Microsoft Vista
SHV
Avenda Systems SHV - System Health Verifier
3 Server Realm
Windows
optional
Universal SHA Built-in
Avenda Systems eTIPS
Supplicant EAP-
Microsoft XP SP3
PEAP
Blue Ridge
4 Windows
EdgeGuard SHA Built-in
RADIUS Router
Supplicant
Microsoft Vista (proxy) EAP- Juniper Infranet Controller
PEAP Windows Security Center SHV
5 Avenda Systems Avenda
EAP- Juniper Host Checker IMV
Linux NAP SHA Systems
TTLS
Supplicant
CentOS Linux IMV - Integrity Measurement Verifier
Active
SHA - System Health Agent
User
OSC Radiator Directory
EAP- Authentication
libTNC Sample IMV
Cisco TTLS User
6 Juniper Juniper Enterasys Database
Host Checker IMC Odyssey ProCurve
Supplicant
Microsoft XP SP2 Force 10 Enforcement by:
Network Edge
Switches
Access Control List (ACL)
7 libTNC Aruba VLAN
Open1X
Sample IMC Cisco
Supplicant
ProCurve
Microsoft XP SP2 ACL
NAC Architectures Legend
Trapeze
IMC - Integrity Measurement Collector ACL
Xirrus
APs
TNC using IF-TNCCS-SOH (NAP)
8
Unhealthy Employees
Cisco SSC TNC using IF-TNCCS 1.1
Enforcement Realm
Supplicant
Microsoft XP SP2
Employees
802.1X Auth Only (no posture)
9 Built-in
Phones / Devices
Supplicant
Mac OS X UNIX
10
Built-in
Axis Camera
Supplicant VLAN 20
802.1X/TLS
Guests
Network
VLAN 30 ACL
11 Backbone
Linksys Avaya
Client Realm
NAS phone
Cisco
VLAN 40
Non-802.1X clients ACL
NAC Appliance