Anne,
In more direct response to your questions, we have been running 4.1.1 with agent 4.1.2.1 & whitelisting 64-bit. We have just moved to 4.1.2.1 for 64-bit auth (& shared secret fix). Longer term, we may move to Bradford Campus Manager or Aruba Endpoint Compliance System (same product) for our NAC solution. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Pender, Anne Sent: Thursday, May 29, 2008 1:19 PM To: [email protected] Subject: Re: [CLEANACCESS] 64-bit Windows, again Thanks Bruce, but the thing is, from our point of view, auth-only is WORSE than no support, because it lets unprotected computers get onto the network. Kinda misses the whole point of having Clean Access in the first place... -Anne From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Osborne, Bruce W. (NS) Sent: Thursday, May 29, 2008 10:19 AM To: [email protected] Subject: Re: 64-bit Windows, again Anne, 4.1.2.1 with agent 4.1.2.1 or 4.1.2.2 supports 64-bit windows auth AFAIK. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Pender, Anne Sent: Thursday, May 29, 2008 10:15 AM To: [email protected] Subject: [CLEANACCESS] 64-bit Windows, again I know this has come up on the list before, but I wanted to check if anybody else has come up with any clever solutions... Right now we're running 4.1.2, which doesn't recognize and can't understand 64-bit versions of Windows, so effectively those are blocked from the network, though usually with a message that their auto update isn't set up right. Ugly, but safe. We would like (for other reasons) to go to 4.1.3, which has authentication-only support for 64-bit. This seems to mean that any student with 64-bit Windows can then get onto our network with full rights, even if they have no anti-virus, no patches, running 17 pieces of malware, etc., and there's nothing we can do about it because the server end won't recognize 64-bit as a separate version of Windows and thus can't set it up to go into a dead-end role or the like. What are you doing about this? - Stay with 4.1.2 indefinitely, until full support for 64-bit comes along? From what we've heard it's not even definitely in 4.5, and that won't be out for a while yet. - Upgrade the server, but leave the client at 4.1.2? - Upgrade both, then watch the server like a hawk and manually harvest MAC addresses and dump them into a blocking filter, so students might be able to connect for a few days and then find themselves blocked? (Assuming that the manager shows 64 bit separately in the OS list, which I'm not sure of.) - Just let the 64-bit folks on with no checks, and keep your fingers crossed that they don't catch anything? Thanks, Anne -- Anne B. Pender Computing Support Analyst, Student Services Information Technology Services, Davidson College [EMAIL PROTECTED]
