We too have been looking at Bradford as an alternative because of Cisco's inability to keep their NAC software support up to date.
Michael Stanclift Network Analyst Rockhurst University Conway Hall, Office 415 1100 Rockhurst Road Kansas City, Missouri 64110 (816) 501-4231 From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Osborne, Bruce W. (NS) Sent: Thursday, May 29, 2008 12:29 PM To: [email protected] Subject: Re: 64-bit Windows, again Anne, In more direct response to your questions, we have been running 4.1.1 with agent 4.1.2.1 & whitelisting 64-bit. We have just moved to 4.1.2.1 for 64-bit auth (& shared secret fix). Longer term, we may move to Bradford Campus Manager or Aruba Endpoint Compliance System (same product) for our NAC solution. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Pender, Anne Sent: Thursday, May 29, 2008 1:19 PM To: [email protected] Subject: Re: [CLEANACCESS] 64-bit Windows, again Thanks Bruce, but the thing is, from our point of view, auth-only is WORSE than no support, because it lets unprotected computers get onto the network. Kinda misses the whole point of having Clean Access in the first place... -Anne From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Osborne, Bruce W. (NS) Sent: Thursday, May 29, 2008 10:19 AM To: [email protected] Subject: Re: 64-bit Windows, again Anne, 4.1.2.1 with agent 4.1.2.1 or 4.1.2.2 supports 64-bit windows auth AFAIK. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Pender, Anne Sent: Thursday, May 29, 2008 10:15 AM To: [email protected] Subject: [CLEANACCESS] 64-bit Windows, again I know this has come up on the list before, but I wanted to check if anybody else has come up with any clever solutions... Right now we're running 4.1.2, which doesn't recognize and can't understand 64-bit versions of Windows, so effectively those are blocked from the network, though usually with a message that their auto update isn't set up right. Ugly, but safe. We would like (for other reasons) to go to 4.1.3, which has authentication-only support for 64-bit. This seems to mean that any student with 64-bit Windows can then get onto our network with full rights, even if they have no anti-virus, no patches, running 17 pieces of malware, etc., and there's nothing we can do about it because the server end won't recognize 64-bit as a separate version of Windows and thus can't set it up to go into a dead-end role or the like. What are you doing about this? - Stay with 4.1.2 indefinitely, until full support for 64-bit comes along? From what we've heard it's not even definitely in 4.5, and that won't be out for a while yet. - Upgrade the server, but leave the client at 4.1.2? - Upgrade both, then watch the server like a hawk and manually harvest MAC addresses and dump them into a blocking filter, so students might be able to connect for a few days and then find themselves blocked? (Assuming that the manager shows 64 bit separately in the OS list, which I'm not sure of.) - Just let the 64-bit folks on with no checks, and keep your fingers crossed that they don't catch anything? Thanks, Anne -- Anne B. Pender Computing Support Analyst, Student Services Information Technology Services, Davidson College [EMAIL PROTECTED]
