Thursday, November 13, 2008

NAC Version Matrix

In June of 2006, NAC Version 4.0.0 was released. Since then, Cisco has released numerous updates and features to the NAC Appliance line! Recently a member of the NAC Mailing List posted the following request:

Is there a feature matrix to compare the various versions/tracks of
Cisco NAC?

So that is exactly what this posts answers. It is long, but I know at least one person appreciates it!

I will explore 3 major lines of code.. 4.0.X, 4.1.X and 4.5.X. Realistically all new deployments should be using 4.1.X or 4.5.X, but I wanted to give a good overview for everyone on older codes.

4.0.X

4.0.0
  • Support for Active Directory (Windows Domain) Single Sign-On (SSO)
  • Corporate Asset Authentication and Posture Assessment by MAC Address
  • Support for Layer 3 Out-of-Band (OOB) Deployment
  • New Windows Update Requirement Type
  • SMP Kernel Support for Super CAM
  • Support for Assigning VLANs by VLAN Name in OOB Deployments
  • Support for "IGNORE" Global Device Filter for IP Phones in OOB Deployments
  • Ability to Change Priority of Wildcard/Range Global Device Filters
  • Ability to View or Search Active L2 Devices in Device Filter List
  • Ability to Test MAC Addresses Against Device Filters
  • Support for Relay IP Class Restrictions on DHCP Server
  • Support for DHCP Global Actions
  • New "service perfigo maintenance" CLI Command for CAS
  • Ability of Clean Access Agent to Send IP/MAC for All Available Adapters
  • Support for Stub Installation/Update of the Clean Access Agent
  • OOB Page Redirection Timers (SNMP Receiver Advanced Settings)
  • SNMP Enhancements for CAM
  • CAS Host-Based Traffic Policy Enhancements for Proxy Servers
  • Enhancements for DHCP Option Configuration Forms
  • Authentication Cache Timeout
4.0.1
  • Enable L3 Strict Mode
  • OOB Support for 3750 NME Modules for Cisco 2800/3800 ISRs
  • Link-Failure Based Failover in CAS HA
  • Upgrade Enhancements
  • CAM Disable Serial Login
  • CAM Admin Console Login Enhancements
  • Client OS Detection Signature Lookup
  • Start Timer Specification for Cisco Updates
  • API Enhancements
  • Enhancements for Windows XP Media Center Edition/Tablet PC
4.0.3
  • Restricted Network Access Option for Clean Access Agent Users
  • Daylight Savings Time Support
4.0.4
  • Support for Windows Vista Operating System
  • License Manager Support for Cisco Clean Access Lite, Standard, and Super Managers
  • Improved Memory Footprint for Clean Access Agent Reports
  • Broadcast ARP Server Management Option Removed
  • Kernel Upgrade
4.0.6
  • Debug Log Download Enhancement
  • Syslog Configuration Enhancement

4.1.X

4.1.0
  • CAS Policy Fallback
  • Clean Access Agent/ActiveX/Applet DHCP Release/Renew
  • Support for GPO Update Trigger
  • Online Update to Retrieve Switch OIDs
  • Qualified Remediation Program Launch
  • Clean Access Agent for Mac OS X Authentication
  • Clean Access Agent Installation Options
  • Clean Access Agent Language Template Support
  • Clean Access Agent Silent Auditing
  • Searchable Clean Access Agent Reports
  • Certified Devices Timer Enhancements for Periodic Assessment
  • DHCP Renewal Enhancements
  • DHCP Subnet List Enhancements
  • DHCP Global Option Enhancements
  • IE 7.0 Support
  • Clean Access Agent Enhancements (4.1.0.0)
  • Port Profile Management for OOB Users
  • Enhancements to Check Parameters
  • Daylight Savings Time Support
  • Supported AV/AS Product List Enhancements (Version 42)
  • Deprecated IPsec/L2TP/PPTP/PPP Features
  • Deprecated Roaming Features

4.1.1
  • Support for Windows Vista Operating System
  • RADIUS Challenge-Response Support
  • Layer 2 Traffic Policy Support
  • Multiple Active Directory Server Support in AD SSO
  • Restricted Administrator Web Console Options Hidden from View
  • Proxy Server Basic/Digest/NTLM Authentication Support
  • VLAN Profiles
  • VLAN Pruning
  • Event Logs Enhancement
  • Agent Report Retrieval API Operation
  • Out-of-Band IP Refresh Enhancement
  • Switch Port Configuration Enhancements
  • SNMP Receiver Settings Enhancement
  • Support for Windows Vista Operating System
  • Windows Update Upon Agent Login
  • Agent Reports Show System and User Information
  • Agent IP Address Refresh/Renew Enhancement
  • CAS-Agent Discovery (SWISS) Enhancements
  • 4.1.0.x Agent Support on Release 4.1(1)
  • MAC OS RADIUS Challenge-Response Support
  • MAC OS Automatically Close Message Dialog After Successful Login
  • MAC OS IP Refresh Support for Out-of-Band Deployments
  • MAC OS Allow Only One Mac OS Agent to Run on the Client at a Time
4.1.2
  • Cisco NAC Appliance Integration with Cisco NAC Profiler/Collector Solution
  • New Cisco NAC Network Module (NME-NAC-K9) Support
  • NAC Appliance Platform Type Display
  • Debug Log Download Enhancement
  • Active VPN Client Status Page Enhancement
  • WSUS Requirement Configuration Display Enhancement
  • New "service perfigo platform" CLI Command
  • Web Login Support Using Safari Browser for Mac OS
4.1.3
  • Windows Clean Access Agent Language Template Support Enhancement
  • Cisco NAC Web Agent
  • Support for Clients with Multiple Active NICs
  • Clean Access Server HA Heartbeat Link Enhancement
  • Clean Access Manager HA Configuration and Heartbeat Link Enhancements
  • Guest User Login and Registration Enhancements
  • LDAP Authentication Enhancement
  • Clean Access Server and WSUS Interaction Enhancement
  • Agent Restricted User Access Enhancement
  • Device Filter List Display and Import/Export Enhancement
  • Agent Report Information Display and Export Enhancement
  • VPN SSO Login Enhancement
  • VPN SSO Enhancement to Support Existing Clientless SSL VPN Users Launching the AnyConnect Client from a WebVPN Portal
  • Syslog Configuration Enhancement
  • Debug Log Download Enhancement
  • cisco_api.jsp Enhancement
  • CSRF Protection
  • Proxy Support Enhancements
  • ARP Broadcast Packet Handling Improvement
  • Clean Access Server HA ARP Broadcast Enhancement
  • Deprecated "Retag Trusted-side Egress Traffic with VLAN (In-Band)" Feature
  • Previously-Deprecated Features Removed from CAM/CAS Web Console Pages
  • Clean Access Agent Auto Remediation
  • Delay Agent Logoff on CAM/CAS
  • 64-bit Windows Operating System Agent Support
  • Access to Authentication VLAN Change Detection Enhancement
  • SNMP Inform Notification Enhancement
  • SNMP "MAC Move Notification" Switch Port Configuration Support
4.1.6
  • Trusted Certificate Authority Enhancement for Production Environments
  • Enhanced CAM/CAS Web Console Features Certificate Warning Messages
  • Ability to View and Remove Certificate Authorities from CAM/CAS Without Rebooting
  • Enhanced Security with Server Identity Based Authorization
  • JMX Over SSL Secured with Mutual Authentication
  • HTTPS Connections Enhanced with Mutual Authentication
  • Features Optimized/Removed

4.5.X

4.5.0
  • Policy Import/Export
  • CAM/CAS SSL Certificate Management Enhancement
  • CAM/CAS Software Upload Page Enhancements
  • Database Snapshot Upgrade Enhancement
  • Clean Access Manager High Availability User Interface Enhancement
  • CAM/CAS Support Log Level Settings Enhancement
  • CAM/CAS High Availability Configuration Able to Detect Hard-Drive Failure
  • Support for Wireless Out-of-Band Deployments
  • Assign Restricted VLAN for OOB Client Machines When Disconnected
  • Certified Device List/Online User List Enhancements
  • Out-of-Band Shield Enhancement
  • Out-of-Band Discovered Clients Cleanup
  • Pre-Login Banner
  • Strong Password Support for Root Admin Users
  • External Authentication Server Support for Web Administrator Login
  • Support for Cisco NAC Appliance/NME-NAC Platforms Only
  • Web Upgrade Support Removed
  • Default CAM Web Console Password Removed
  • Windows ME/98/NT OS Support Removed

Bottom Line, I recommend 4.1.6 for any new deployment that does require any of the features of 4.5.X
Posted by Jamie Sanbower at 7:49 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)