This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XMC NAC - Control devices and block old OS

XMC NAC - Control devices and block old OS

Go to solution
m18grunling
New Contributor

‎04-16-2021 08:33 AM

Hi @all,

 

we are using the XMC for the NAC control. Now we search for a solution to block old OS version’s like Windows XP, Windows Server 2003 and so on.

 

Is it possible to do this with the NAC. At the moment we are using on the Switches the naclogin. But in the future we plan to use the XMC Policies on the switch.

 

Thanks

marcus

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
StephanH
Valued Contributor III

‎04-16-2021 10:23 AM

Hello Marcus,

NAC tries to find out information about the device type and operating system via a DHCP fingerprint. This information is good, but usually too imprecise for your needs.

NAC Assessment is a remedy here. For this purpose, a piece of software is installed under Windows, for example, that reads data from the system and sends it to NAC. Based on this, it can then be decided, for example, that the operating system is too old and access can be denied.

There are also many products from other manufacturers, e.g. from the anti-virus software manufacturers, that can provide such information. Via the API of NAC/XMC, this information can also be read out, evaluated and used as a decision criterion.

Regards Stephan

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
StephanH
Valued Contributor III

‎04-16-2021 12:36 PM

Hello Marcus,

another little hint. NAC Assessment is chargeable. You need corresponding licenses for each end device. But you can achieve much more with it (check which software is running, check if the patch level is up to date, ...).

Regards Stephan
0 Kudos

Go to solution
StephanH
Valued Contributor III

‎04-16-2021 10:23 AM

Hello Marcus,

NAC tries to find out information about the device type and operating system via a DHCP fingerprint. This information is good, but usually too imprecise for your needs.

NAC Assessment is a remedy here. For this purpose, a piece of software is installed under Windows, for example, that reads data from the system and sends it to NAC. Based on this, it can then be decided, for example, that the operating system is too old and access can be denied.

There are also many products from other manufacturers, e.g. from the anti-virus software manufacturers, that can provide such information. Via the API of NAC/XMC, this information can also be read out, evaluated and used as a decision criterion.

Regards Stephan
0 Kudos
GTM-P2G8KFN