cancel
Showing results for 
Search instead for 
Did you mean: 

XMC NAC - Control devices and block old OS

XMC NAC - Control devices and block old OS

m18grunling
New Contributor

Hi @all,

 

we are using the XMC for the NAC control. Now we search for a solution to block old OS version’s like Windows XP, Windows Server 2003 and so on.

 

Is it possible to do this with the NAC. At the moment we are using on the Switches the naclogin. But in the future we plan to use the XMC Policies on the switch.

 

Thanks

marcus

1 ACCEPTED SOLUTION

StephanH
Valued Contributor III

Hello Marcus,

NAC tries to find out information about the device type and operating system via a DHCP fingerprint. This information is good, but usually too imprecise for your needs.

NAC Assessment is a remedy here. For this purpose, a piece of software is installed under Windows, for example, that reads data from the system and sends it to NAC. Based on this, it can then be decided, for example, that the operating system is too old and access can be denied.

There are also many products from other manufacturers, e.g. from the anti-virus software manufacturers, that can provide such information. Via the API of NAC/XMC, this information can also be read out, evaluated and used as a decision criterion.

Regards Stephan

View solution in original post

2 REPLIES 2

StephanH
Valued Contributor III

Hello Marcus,

another little hint. NAC Assessment is chargeable. You need corresponding licenses for each end device. But you can achieve much more with it (check which software is running, check if the patch level is up to date, ...).

Regards Stephan

StephanH
Valued Contributor III

Hello Marcus,

NAC tries to find out information about the device type and operating system via a DHCP fingerprint. This information is good, but usually too imprecise for your needs.

NAC Assessment is a remedy here. For this purpose, a piece of software is installed under Windows, for example, that reads data from the system and sends it to NAC. Based on this, it can then be decided, for example, that the operating system is too old and access can be denied.

There are also many products from other manufacturers, e.g. from the anti-virus software manufacturers, that can provide such information. Via the API of NAC/XMC, this information can also be read out, evaluated and used as a decision criterion.

Regards Stephan
GTM-P2G8KFN