Cisco Clean Access is an easily deployed software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. It identifies whether networked devices such as laptops, personal digital assistants, even game consoles are compliant with your network's security policies and repairs any vulnerabilities before permitting access to the network.
Cisco Clean Access expands its capabilities to provide a choice of out-of-band deployment or traditional in-band deployment. The Cisco Clean Access Manager can manage both in-band and out-of-band Clean Access Servers at the same time, as well as switches used for out-of-band deployment.
It uses HTTP, HTTPS, XML, and Java Management Extensions (JMX).
It integrates with existing backend authentication servers, including Kerberos, LDAP, RADIUS, and Windows NT domain.
VPN concentrator integration
Integrates with Cisco VPN concentrators (e.g. VPN 3000, ASA) and provides Single Sign-On (SSO).
Active directory SSO
It integrates with active directory on Windows servers to provide single sign-on for Cisco NAC Agent users logging into Windows systems.
Traffic filtering policies
Role-based IP and host-based policies provide fine-grained and flexible control for In-Band network traffic.
Bandwidth management controls
Limit bandwidth for downloads or uploads.
High availabilityProduct Highlights
Active/passive failover (requiring two servers) ensures services continue if an unexpected shutdown occurs. You can configure pairs of Clean Access Manager (CAM) machines and/or CAS machines in high-availability mode.
- Minimized network outages
- Enforcement of security policies
- Significant cost savings with automated device repairs and updates
- Recognizes users, their devices, and their roles in the network
- Evaluates whether machines are compliant with security policies
- Enforces security policies by blocking, isolating, and repairing noncompliant machines