Administrator Guide for Cisco Trust Agent, Release 2.1, With Bundled Supplicant - Index [Cisco Trust Agent]

Table Of Contents

Numerics - A - B - C - D - E - H - I - L - M - N - O - P - R - S - T - U - W -

Index

Numerics

802.1x Wired Client 4-4, 9-1

administrative version 9-4

administrator's main window 9-8

authentication methods 9-16

authentication policies 9-24

authentication policy summary 9-12

authentication retries 9-34

automatically establish machine connection 9-27

changing authentication profile 9-44

changing deployment packages 9-44

client version 9-4

connection status description 9-8

connection status details 9-10

connection status window 9-14

creating authentication policies 9-26

creating authentication profiles 9-35

creating machine and user authentication deployment package 9-38

creating machine only authentication deployment package 9-40

creating user authenticaton deployment package 9-36

credential revalidation 9-23

credentials expiring 9-23

deploying end-user 802.1x wired clients 9-35

deploying trusted servers 9-31

description 9-1

enabling connection status 9-9

features 9-3

forcing credential revalidation 9-23

installing 4-17

installing authentication profiles 9-43

installing deployment packages 9-43

installing server certificates for machine connection 9-42

installing server certificates for user connection 9-43

launching client 9-11

logging 10-1

Machine Auth (Boot-time) 9-28

Machine Auth (Logon time) 9-28

machine authentication description 9-16

machine authentication only 9-27

machine authentication requirements 9-16

machine certificate credentials 9-22

machine connections after PAC 9-19

machine connections before PAC 9-18

machine credentials 9-21

machine SID credentials 9-22

main window description 9-7

manually connecting to a port 9-12

manually disconnecting from a port 9-12

network adapter information box 9-11

network configuration summary window 9-13

networks.xml file 9-25, 9-26

opening client 9-11

overview 9-16

overview of EAP-FAST connections 9-17, 9-18

policy.xml file 9-24, 9-26

request password 9-27

role in NAC 9-1

send anonymous in clear 9-33

sent username in clear 9-33

station policy window 9-26

system report 10-1, 10-15, 10-16

technical log 10-1, 10-2

technical log content 10-5

technical log format 10-3

troubleshooting 10-1

trusted server validation 9-29

user and machine authentication description 9-16

user authentication description 9-16

user certificate credentials 9-20, 9-21

user connections after PAC 9-18

user connections before PAC 9-17

user credential provisioning 9-20

user credentials 9-20

user credentials area 9-27

user identity protection 9-32

user interface 9-4, 9-26

user password credentials 9-20, 9-21

use single sign-on 9-27

viewing access device status 9-13

Windows operating system support 4-3

Windows service 4-30

A

ACS

see Cisco Secure Access Control Server

asynchronous status query 5-19

authentication profiles

adding to custom installation 4-25

authentication servers 1-2

B

browser auto-launch feature 5-24

C

Certificate DN matching 5-25

certificates

ACS root certificate 8-3

adding to custom installation 2-6, 3-13, 4-24

certificate formats allowed 8-3

certificate utility 8-3

clearing Linux certificate store 8-9

clearing Mac OS X certificate store 8-10

converting DER to PEM format 8-14

ctaCert.exe utility 8-3

CTA supported certificates 8-3

deleting from Linux certificate store 8-8

deleting from Mac OS X certificate store 8-7

DN matching 5-25

for machine and user authentication 8-13

for machine authentication 8-10

for user authentication 8-12

importing user certificate 8-12

installing 8-3, 8-4

installing on Linux 8-4

installing on Mac OS X 8-4

installing on Windows 8-5

listing certificates in Linux certificate store 8-6

listing certificates in store 8-6

obtaining from Cisco Secure ACS 8-3

updating 8-3, 8-4

updating on Linux 8-4

updating on Mac OS X 8-4

updating on Windows 8-5

use with Cisco Trust Agent 8-1

certificate utility

about 8-3

adding certficate to Windows store 8-5

command parameters in Windows 8-5

deleting certificates in Mac OS X store 8-9

Linux operating system

clearing all certificates from store 8-9

deleting certificates from store 8-8

listing certificates in store 8-6

listing certificates in store 8-6

Mac OS X

clearing all certificates from store 8-10

listing certificates in store 8-7

using on Linux 8-6

using on Windows 8-5

Cisco Secure Access Control Server (ACS) xi, 1-2

certificates 8-1

managing stale posture data 11-22

role in NAC 1-2

role in posture validation1-2to 1-4

write_time_stamp.ini file 11-23

Cisco Security Agent (CSA) 1-2

role in NAC 1-2

used to install CTA B-1

ciscotauser

permissions for posture scripts 11-15

Cisco Trust Agent (CSA)

use of certificates 8-1

Cisco Trust Agent (CTA) xi

802.1x Wired Client 9-1

additional features 4-4

alternate methods of installing B-1

configuring 5-1

deployment options 1-5

installing on Linux operating systems 2-1

installing on Mac OS X 3-1

installing on Windows operating systems 4-1

installing using Cisco Security Agent B-1

Linux daemons

ctad 2-8

ctaeoud 2-9

ctalogd 2-9

ctapsd 2-9

logging 6-1

Mac OS X daemons

ctad 3-16

ctaeoud 3-16

ctalogd 3-16

ctapsd 3-16

open-source license acknowledgement C-1

overview 1-1

purpose xi

role in NAC 1-1

role in posture validation1-2to 1-4

scripting interface 11-1

statistics utility A-1

supplicant 9-1

use of posture plugins 7-1

Windows daemons

Cisco Posture Server Daemon 4-30

Cisco Systems Inc. CTA Posture State Daemon 4-30

Cisco Trust Agent EoU Daemon 4-30

Cisco Trust Agent Logger Daemon 4-30

Clickable URL feature 5-23

clogcli utility 6-4

clearing current log files 6-5

collecting log files 6-10

commands 6-5

disabling logging 6-5

enabling logging 6-6

location on Linux operating system 6-4

location on Mac OS X 6-4

location on Windows operating system 6-4

logging level explanation 6-11

running 6-5

setting log file location 6-7

setting logging level 6-8

zipit command 6-10

configuration files

ctad.ini file 5-2

ctalogd.ini file 6-13

configuring Cisco Trust Agent 5-1, 5-16, 5-17, 5-18, 5-19

behavior of posture notifications 5-7

blocking or non-blocking plugins 5-5

clearing or saving old posture notifications 5-10

configuring status query timer 5-6

ctad.ini file 5-2

ctalogd.ini file 6-4

defining communication port for EAPoUDP 5-6

displaying posture messages in GUI 5-9

display time of pop-up notifications 5-9

distinguished name matching 5-11

distinguished name matching parameters 5-11

EAP over UDP communication 5-12

EAP over UDP session idle timeout 5-7

editing the ctad.ini file 5-3

enabling or disabling pop-up posture messages 5-8

font used to display messages in terminal 5-10

for Windows XP SP-2 or SP-3 firewall 5-7

logging 6-4

maximum EAP over UDP sessions 5-7

notification pop-up modality 5-8

parameter descriptions 5-4

pop-up notifications received before logon 5-9

posture plugin interaction with CTA 5-13

posture plugins 5-13

posture pop-up notifications 5-20, 5-23

posture pop-up notifications on Linux 5-21

posture pop-up notifications on Mac OS X 5-22

posture pop-up notifications on Windows 5-20

query plugin for posture status 5-19

receive posture message after obtaining IP address 5-8

saving posture notifications 5-9

scripting interface parameter 5-11

setting application-specific posture message 5-6

setting browser path on Linux 5-10

setting default posture message size 5-6

time before posture database record is outdated 5-11

timeout for non-blocking plugins 5-5

user notifications 5-20, 5-23

user notifications on Linux 5-21

user notifications on Mac OS X 5-22

user notifications on Windows 5-20

Windows

SysModal parameter 5-21

CSA

see Cisco Security Agent

ctacert utility

See certificate utility

ctad.ini file

[EAPoUDP] section description 5-6

[Scripting_Interface]section 5-11

[ServerCertDNVerification] section 5-11, 5-25

[UserNotifies] section 5-7

about 5-2

adding to custom installation 2-7, 3-13, 4-25

configuring Validation-Flag TLV 5-4

ctad-temp.ini 5-2

delta_stale 11-21

editing 5-3

location 5-2

parameter descriptions 5-4

BootTimeUDPExemptions 5-7

BrowserPath 5-10

ClearOldNotification 5-10

delta_stale 5-11

DisplayType 5-9

EnableLogonNotifies 5-9

EnableNotifies 5-8

EnableVFT 5-4

LocalPort 5-6

LogonMsgTimeout 5-9

MaxSessions 5-7

MsgTimeout 5-9

PPInterfaceType 5-5

PPMsgSize 5-6

PPWaitTimeout 5-5

Rule X 5-11

SessionIdleTimeout 5-7

SQTimer 5-6

SysModal 5-8

TermFont 5-10

TotalRules 5-11

userActionDelayTimeout 5-8

ctad-temp.ini file

See ctad.ini file

ctalogd.ini file

[LogLevel] section 5-24

adding to custom installation 2-7, 4-25

including in custom installation 3-13

ctalogd-temp.ini file 6-13

example of 6-13

location on Linux operating system 6-13

location on Mac OS X 6-13

location on Windows operating system 6-13

See also ctalogd.ini file

CTA posture plugin 7-2, 7-5

application posture-token attribute 7-6

attributes of 7-6

for Linux operating system 7-6

for Mac OS X 7-6

for Windows operating system 7-6

kernel-version attribute 7-6

machine posture state attribute 7-6, 7-8

operating system attribute 7-7

operating system version attribute 7-7

operating sytsem release attribute 7-6

posture agent name attribute 7-7

posture agent version attribute 7-7

posture message attribute 7-8

posture token attribute 7-8

ctascriptPP.dll 11-1

description of 11-5

ctascriptpp.so 11-1

description of 11-5

ctasi 11-1

invoked by posture script 11-18

location of executable on Linux 11-19

location of executable on Mac OS X 11-19

ctasi.exe 11-1

location on Windows 11-19

ctastat utility

identifying CTA information A-3

identifying session information A-3

output A-3

overview A-1

running on Linux A-2

running on Mac OS X A-2

running on Windows A-2

sample output A-4

customized installation

deployment considerations 1-5

Linux operating system 2-5

benefits of 2-6

including certificates 2-6

including ctad.ini file 2-7

including ctalogd.ini file 2-7

including posture plugins 2-7

Mac OS X

benefits of 3-12

ctad.ini file 3-13

including certificates 3-13

including ctad.ini file 3-13

including ctalogd.ini file 3-13

including posture plugins 3-13

Windows operating system 4-22, 4-24

802_1x directory 4-25

benefits of 4-24

including authentication profiles 4-25

including certificates 4-24

including ctad.ini file 4-25

including ctalogd.ini file 4-25

including plugins 4-24

installation directory 4-24

install customized package 4-25

D

delta_stale parameter 11-21

deploying Cisco Trust Agent 1-5, 2-3

benefit of custom package 2-3

initial deployment options 2-3

distinguished name matching

See DN matching

DN matching

about 5-25, 8-14

about rules 8-14

attributes supported 5-26

issuer attributes 5-26

parameters in ctad.ini file 5-11

rule length 5-25

rules 5-25

sub-rule operators 5-25

sub-rules 5-25

when occurs 8-14

documentation

additional reading xiv

text conventions xiii

E

EAP-FAST connections

machine credentials context 9-18

overview 9-17, 9-18

user logon context 9-17

EAP over UDP

configuring communication 5-12

configuring communication port 5-6

H

host posture plugin 7-2

attributes of 7-3

Linux package attribute 7-3

Linux package information 7-4

location on Linux 7-2

location on Mac OS X 7-2

location on Windows 7-2

MAC address attribute 7-3

MAC address information 7-3

machine name attribute 7-3

Mac OS X package attribute 7-3

Mac OS X package information 7-5

Windows hot fix attribute 7-3

Windows service pack attribute 7-3

I

installation files

Linux operating system 2-3

Mac OS X operating system 3-3

Windows operating system

CTA with 802.1x Wired Client 4-5

CTA without 802.1x Wired Client 4-5

discontinued versions 4-5

installation procedures

Linux operating system 2-4

accepting EULA 2-4

command line procedure 2-5

customized installation 2-5

extracting install file 2-4

general instructions 2-4

package information 2-9

uninstalling CTA 2-9

upgrading CTA 2-7

verifying installation 2-8

Mac OS X 3-3, 3-16

accepting EULA 3-4

command line procedure 3-4

extracting install file 3-4

general instructions 3-3

installation wizard 3-6

repairing 3-14

uninstalling scripting interface 3-17

upgrading 3-14

verifying installation 3-16

Windows operating system 4-5

accepting EULA 4-6

custom installation package 4-22

customized installation 4-24

extracting MSI file 4-6

general instructions 4-6

installation directory 4-24

installation wizard 4-11, 4-13

install customized package 4-25

installing 802.1x Wired Client 4-17

installing scripting interface 4-17

uninstalling 4-31

upgrading 4-27

upgrading from CTA 1.0 4-27

upgrading from CTA 2.0 4-28

upgrading from CTA 2.0.1 4-29

using MSI commands 4-7

verify CTA installation 4-30

L

licenses

for open-source software C-1

log files

about 6-2

collecting all log files 6-10

creating 6-2

format 6-3

location on Linux operating systems 6-2

location on Mac OS X 6-2

location on Windows operating systems 6-2

naming convention 6-3

persistance 6-4

taking up disk space 6-4

logging

about CTA logging 6-2

Cisco Trust Agent 6-1

clearing current log files 6-5

clogcli utility 6-4, 6-5

collecting all log files 6-10

configuring for large deployments 6-11

ctalogd-temp.ini file 6-13

default setting 6-1

disabling logging 6-5

enabling logging 6-6

log files 6-2

logging level explanation 6-11

notifications 5-24

running 6-5

setting log file location 6-7

setting logging level 6-8

M

machine and user authentication

configuring by using certificates 8-13

machine authentication

configuring by using certificates 8-10

requesting machine certificate 8-11

N

NAC-L2-IP method 5-12

NAC-L3-IP method 5-12

NAD

See network access device

network access device (NAD) xi, 1-2

role in NAC 1-2

role in posture validation1-2to 1-4

Network Admission Control (NAC) xi

objective of 1-1

overview 1-1

network client

definition of 1-5

network clients 1-1

notifications

logging 5-24

posture 7-1

O

open source

software licenses C-1

open-source software

license acknowledgement C-1

P

posture credentials xi, 7-1

relayed by scripting interface 11-3

transfer from plugin to CTA to ACS 7-1

posture data file 11-3, 11-7

attribute definitions 11-11

creating files for Linux 11-8

creating files for Mac OS X 11-8

creating files for Windows 11-9

description of 11-7

location on Linux 11-8

location on Mac OS X 11-8

location on Windows 11-9

requirements of 11-8

sample 11-9

syntax for attribute datatype values 11-12

syntax of 11-8

posture notifications

clearing or saving old posture notifications 5-10

configuring browser auto-launch feature 5-23

configuring clickable URL feature 5-23

configuring display time of pop-up notifications 5-9

configuring pop-up notifications received before logon 5-9

configuring pop-up window 5-8

displaying posture messages in GUI 5-9

enabling or disabling pop-up message 5-8

font used to display messages in terminal 5-10

how they are sent 5-20

pop-up box modality 5-8

pop-up message parameters 5-7

saving pop-up notifications 5-9

setting browser path on Linux 5-10

posture plugins

adding to custom installation 2-7, 3-13, 4-24

application posture-token attribute 7-6

application-specific posture message size 5-17

asynchronous status query 5-19

configuring application-specific message size 5-6

configuring application-specific posture message size 5-17

configuring blocking or non-blocking interface 5-5, 5-13

configuring default message size 5-16

configuring default posture message size 5-6

configuring host posture plugin message size 5-18

configuring interaction with CTA 5-13

configuring status query timer 5-6

configuring Symantec posture plugin message size 5-19

configuring timeout for non-blicking plugins 5-5

configuring to query for status change 5-19

CTA posture plugin 7-2, 7-5

default message size 5-16

definition of 7-1

example of blocking and non-blocking interface 5-14

host posture plugin 7-2

host posture plugin message size 5-18

installation process overview 7-9

installed by default 7-2

installing 7-9

kernel-version attribute 7-6

Linux host 7-2

Linux installation directory 7-9

Linux package attribute 7-3

MAC address attribute 7-3

machine name attribute 7-3

machine posture state attribute 7-6, 7-8

Mac OS X host 7-2

Mac OS X installation directory 7-9

Mac OS X package attribute 7-3

operating system attribute 7-7

operating system release attribute 7-6

operating system version number attribute 7-7

posture agent name attribute 7-7

posture agent version attribute 7-7

posture message attribute 7-8

quarantined plugin 7-10

scripting interface 11-3

scripting interface plugin 7-9

script substituting as 7-9

system posture token attribute 7-8

upgrading 7-9

Windows host 7-2

Windows hot fix attribute 7-3

Windows installlation directory 7-9

Windows service pack attribute 7-3

posture scripts 11-3, 11-7

ciscotauser 11-15

invoking ctasi 11-18

location for new scripts 11-14

registering 11-14

requirements of 11-7

user permissions 11-15

posture token

definition of 7-1

posture validation 1-1

authentication servers 1-2

components of 1-1

definition of 1-1

network clients 1-1

posture validation servers 1-2

process1-2to 1-4

posture validation servers 1-2

role in NAC 1-2

R

repairing CTA

Mac OS X 3-14

Windows 4-8

S

scripting interface 4-4

adding attributes to ACS 11-15

asynchronous status change notification 11-20

creating posture data files 11-8, 11-9

ctascript.so 11-1

ctascriptPP.dll 11-1

ctasi 11-1

ctasi.exe 11-1

executable file 11-4

file name conventions 11-1

information file 11-3, 11-5

information file parameter descriptions 11-6

installing 2-3, 3-5, 3-10, 4-17

interaction with CTA 11-1

invoking ctasi executable 11-18

invoking on Linux 11-19

invoking on Mac OS X 11-19

invoking on Windows 11-18

making it accept the posture data file 11-19

making it ignore the posture data file 11-19

managing stale posture data 11-21

overview 11-3

posture data file 11-3, 11-7

posture data file attributes 11-11

posture plugin 7-9, 11-3

posture plugin description 11-5

posture scripts 11-3, 11-7

posture-validation attribute definiton file 11-16

registering posture scripts 11-14

relaying posture credentials 11-3

reporting status change at layer 2 11-20

reporting status change at layer 3 11-20

role in NAC 11-1

sample posture data file 11-9

stale posture data 11-20

status change 11-20

syntax for attribute datatype values 11-12

uninstalling 3-17

scripting interface posture plugin 7-9

description of 11-5

supplicant

logging 10-1

See 802.1x Wired Client

system requirements

Linux installer 2-2

Linux operating system 2-2

hard disk space 2-2

listening port 2-3

memory 2-3

operating systems version 2-2

processor 2-2

Mac OS X 3-2

hard disk space 3-2

listening port 3-2

memory 3-2

operating systems version 3-2

processor 3-2

Windows operating system 4-2

hard disk space 4-2

installer 4-2

listening port 4-2

memory 4-2

processor 4-2

system requirements 4-2

T

Text conventions xiii

transport layer security (TLS) 5-25

U

uninstalling CTA

Linux operating system 2-9

Mac OS X 3-16

Windows operating system 4-31

upgrading CTA

compatibility of authentication profiles from CTA 2.0 4-28

Linux operating system 2-7

Mac OS X 3-14

Windows operating system

from CTA 1.0 4-27

from CTA 2.0 4-28

from CTA 2.0.1 4-29

user authentication

configuring by using certificates 8-12

importing user certificate 8-12

user credentials

expiring 9-23

forcing revalidation 9-23

user notifications

logging notifications 5-24

posture notifications 7-1

W

Windows MSI commands

4-7

changing installation directory 4-10

installing 4-7

installing optional features 4-9

quiet mode 4-11

reboot options 4-11

reinstalling or repairing 4-8

uninstalling 4-8

Windows operating systems

support for 802.1x Wired Client 4-3

support for CTA 4-3

	Administrator Guide for Cisco Trust Agent, Release 2.1, With Bundled Supplicant
	Index
Administrator Guide for Cisco Trust Agent, Release 2.1, With Bundled Supplicant Title page Table of Contents Preface Cisco Trust Agent Overview Installing the Cisco Trust Agent on Linux Operating Systems Installing the Cisco Trust Agent on Macintosh Operating Systems Installing the Cisco Trust Agent on Windows Operating Systems Configuring Cisco Trust Agent Cisco Trust Agent Event Logging Posture Plugins Cisco Trust Agent's Use of Certificates Cisco Trust Agent 802.1x Wired Client Cisco Trust Agent 802.1x Wired Client Logging Using the Scripting Interface ctastat Diagnostic Tool Altnerative Methods of Installing CTA Open Source License Acknowledgement Index	Download this chapter Index Download the complete book Administrator Guide for Cisco Trust Agent, Release 2.1 (PDF - 3 MB) Feedback Table Of Contents Numerics - A - B - C - D - E - H - I - L - M - N - O - P - R - S - T - U - W - Index Numerics 802.1x Wired Client 4-4, 9-1 administrative version 9-4 administrator's main window 9-8 authentication methods 9-16 authentication policies 9-24 authentication policy summary 9-12 authentication retries 9-34 automatically establish machine connection 9-27 changing authentication profile 9-44 changing deployment packages 9-44 client version 9-4 connection status description 9-8 connection status details 9-10 connection status window 9-14 creating authentication policies 9-26 creating authentication profiles 9-35 creating machine and user authentication deployment package 9-38 creating machine only authentication deployment package 9-40 creating user authenticaton deployment package 9-36 credential revalidation 9-23 credentials expiring 9-23 deploying end-user 802.1x wired clients 9-35 deploying trusted servers 9-31 description 9-1 enabling connection status 9-9 features 9-3 forcing credential revalidation 9-23 installing 4-17 installing authentication profiles 9-43 installing deployment packages 9-43 installing server certificates for machine connection 9-42 installing server certificates for user connection 9-43 launching client 9-11 logging 10-1 Machine Auth (Boot-time) 9-28 Machine Auth (Logon time) 9-28 machine authentication description 9-16 machine authentication only 9-27 machine authentication requirements 9-16 machine certificate credentials 9-22 machine connections after PAC 9-19 machine connections before PAC 9-18 machine credentials 9-21 machine SID credentials 9-22 main window description 9-7 manually connecting to a port 9-12 manually disconnecting from a port 9-12 network adapter information box 9-11 network configuration summary window 9-13 networks.xml file 9-25, 9-26 opening client 9-11 overview 9-16 overview of EAP-FAST connections 9-17, 9-18 policy.xml file 9-24, 9-26 request password 9-27 role in NAC 9-1 send anonymous in clear 9-33 sent username in clear 9-33 station policy window 9-26 system report 10-1, 10-15, 10-16 technical log 10-1, 10-2 technical log content 10-5 technical log format 10-3 troubleshooting 10-1 trusted server validation 9-29 user and machine authentication description 9-16 user authentication description 9-16 user certificate credentials 9-20, 9-21 user connections after PAC 9-18 user connections before PAC 9-17 user credential provisioning 9-20 user credentials 9-20 user credentials area 9-27 user identity protection 9-32 user interface 9-4, 9-26 user password credentials 9-20, 9-21 use single sign-on 9-27 viewing access device status 9-13 Windows operating system support 4-3 Windows service 4-30 A ACS see Cisco Secure Access Control Server asynchronous status query 5-19 authentication profiles adding to custom installation 4-25 authentication servers 1-2 B browser auto-launch feature 5-24 C Certificate DN matching 5-25 certificates ACS root certificate 8-3 adding to custom installation 2-6, 3-13, 4-24 certificate formats allowed 8-3 certificate utility 8-3 clearing Linux certificate store 8-9 clearing Mac OS X certificate store 8-10 converting DER to PEM format 8-14 ctaCert.exe utility 8-3 CTA supported certificates 8-3 deleting from Linux certificate store 8-8 deleting from Mac OS X certificate store 8-7 DN matching 5-25 for machine and user authentication 8-13 for machine authentication 8-10 for user authentication 8-12 importing user certificate 8-12 installing 8-3, 8-4 installing on Linux 8-4 installing on Mac OS X 8-4 installing on Windows 8-5 listing certificates in Linux certificate store 8-6 listing certificates in store 8-6 obtaining from Cisco Secure ACS 8-3 updating 8-3, 8-4 updating on Linux 8-4 updating on Mac OS X 8-4 updating on Windows 8-5 use with Cisco Trust Agent 8-1 certificate utility about 8-3 adding certficate to Windows store 8-5 command parameters in Windows 8-5 deleting certificates in Mac OS X store 8-9 Linux operating system clearing all certificates from store 8-9 deleting certificates from store 8-8 listing certificates in store 8-6 listing certificates in store 8-6 Mac OS X clearing all certificates from store 8-10 listing certificates in store 8-7 using on Linux 8-6 using on Windows 8-5 Cisco Secure Access Control Server (ACS) xi, 1-2 certificates 8-1 managing stale posture data 11-22 role in NAC 1-2 role in posture validation1-2to 1-4 write_time_stamp.ini file 11-23 Cisco Security Agent (CSA) 1-2 role in NAC 1-2 used to install CTA B-1 ciscotauser permissions for posture scripts 11-15 Cisco Trust Agent (CSA) use of certificates 8-1 Cisco Trust Agent (CTA) xi 802.1x Wired Client 9-1 additional features 4-4 alternate methods of installing B-1 configuring 5-1 deployment options 1-5 installing on Linux operating systems 2-1 installing on Mac OS X 3-1 installing on Windows operating systems 4-1 installing using Cisco Security Agent B-1 Linux daemons ctad 2-8 ctaeoud 2-9 ctalogd 2-9 ctapsd 2-9 logging 6-1 Mac OS X daemons ctad 3-16 ctaeoud 3-16 ctalogd 3-16 ctapsd 3-16 open-source license acknowledgement C-1 overview 1-1 purpose xi role in NAC 1-1 role in posture validation1-2to 1-4 scripting interface 11-1 statistics utility A-1 supplicant 9-1 use of posture plugins 7-1 Windows daemons Cisco Posture Server Daemon 4-30 Cisco Systems Inc. CTA Posture State Daemon 4-30 Cisco Trust Agent EoU Daemon 4-30 Cisco Trust Agent Logger Daemon 4-30 Clickable URL feature 5-23 clogcli utility 6-4 clearing current log files 6-5 collecting log files 6-10 commands 6-5 disabling logging 6-5 enabling logging 6-6 location on Linux operating system 6-4 location on Mac OS X 6-4 location on Windows operating system 6-4 logging level explanation 6-11 running 6-5 setting log file location 6-7 setting logging level 6-8 zipit command 6-10 configuration files ctad.ini file 5-2 ctalogd.ini file 6-13 configuring Cisco Trust Agent 5-1, 5-16, 5-17, 5-18, 5-19 behavior of posture notifications 5-7 blocking or non-blocking plugins 5-5 clearing or saving old posture notifications 5-10 configuring status query timer 5-6 ctad.ini file 5-2 ctalogd.ini file 6-4 defining communication port for EAPoUDP 5-6 displaying posture messages in GUI 5-9 display time of pop-up notifications 5-9 distinguished name matching 5-11 distinguished name matching parameters 5-11 EAP over UDP communication 5-12 EAP over UDP session idle timeout 5-7 editing the ctad.ini file 5-3 enabling or disabling pop-up posture messages 5-8 font used to display messages in terminal 5-10 for Windows XP SP-2 or SP-3 firewall 5-7 logging 6-4 maximum EAP over UDP sessions 5-7 notification pop-up modality 5-8 parameter descriptions 5-4 pop-up notifications received before logon 5-9 posture plugin interaction with CTA 5-13 posture plugins 5-13 posture pop-up notifications 5-20, 5-23 posture pop-up notifications on Linux 5-21 posture pop-up notifications on Mac OS X 5-22 posture pop-up notifications on Windows 5-20 query plugin for posture status 5-19 receive posture message after obtaining IP address 5-8 saving posture notifications 5-9 scripting interface parameter 5-11 setting application-specific posture message 5-6 setting browser path on Linux 5-10 setting default posture message size 5-6 time before posture database record is outdated 5-11 timeout for non-blocking plugins 5-5 user notifications 5-20, 5-23 user notifications on Linux 5-21 user notifications on Mac OS X 5-22 user notifications on Windows 5-20 Windows SysModal parameter 5-21 CSA see Cisco Security Agent ctacert utility See certificate utility ctad.ini file [EAPoUDP] section description 5-6 [Scripting_Interface]section 5-11 [ServerCertDNVerification] section 5-11, 5-25 [UserNotifies] section 5-7 about 5-2 adding to custom installation 2-7, 3-13, 4-25 configuring Validation-Flag TLV 5-4 ctad-temp.ini 5-2 delta_stale 11-21 editing 5-3 location 5-2 parameter descriptions 5-4 BootTimeUDPExemptions 5-7 BrowserPath 5-10 ClearOldNotification 5-10 delta_stale 5-11 DisplayType 5-9 EnableLogonNotifies 5-9 EnableNotifies 5-8 EnableVFT 5-4 LocalPort 5-6 LogonMsgTimeout 5-9 MaxSessions 5-7 MsgTimeout 5-9 PPInterfaceType 5-5 PPMsgSize 5-6 PPWaitTimeout 5-5 Rule X 5-11 SessionIdleTimeout 5-7 SQTimer 5-6 SysModal 5-8 TermFont 5-10 TotalRules 5-11 userActionDelayTimeout 5-8 ctad-temp.ini file See ctad.ini file ctalogd.ini file [LogLevel] section 5-24 adding to custom installation 2-7, 4-25 including in custom installation 3-13 ctalogd-temp.ini file 6-13 example of 6-13 location on Linux operating system 6-13 location on Mac OS X 6-13 location on Windows operating system 6-13 See also ctalogd.ini file CTA posture plugin 7-2, 7-5 application posture-token attribute 7-6 attributes of 7-6 for Linux operating system 7-6 for Mac OS X 7-6 for Windows operating system 7-6 kernel-version attribute 7-6 machine posture state attribute 7-6, 7-8 operating system attribute 7-7 operating system version attribute 7-7 operating sytsem release attribute 7-6 posture agent name attribute 7-7 posture agent version attribute 7-7 posture message attribute 7-8 posture token attribute 7-8 ctascriptPP.dll 11-1 description of 11-5 ctascriptpp.so 11-1 description of 11-5 ctasi 11-1 invoked by posture script 11-18 location of executable on Linux 11-19 location of executable on Mac OS X 11-19 ctasi.exe 11-1 location on Windows 11-19 ctastat utility identifying CTA information A-3 identifying session information A-3 output A-3 overview A-1 running on Linux A-2 running on Mac OS X A-2 running on Windows A-2 sample output A-4 customized installation deployment considerations 1-5 Linux operating system 2-5 benefits of 2-6 including certificates 2-6 including ctad.ini file 2-7 including ctalogd.ini file 2-7 including posture plugins 2-7 Mac OS X benefits of 3-12 ctad.ini file 3-13 including certificates 3-13 including ctad.ini file 3-13 including ctalogd.ini file 3-13 including posture plugins 3-13 Windows operating system 4-22, 4-24 802_1x directory 4-25 benefits of 4-24 including authentication profiles 4-25 including certificates 4-24 including ctad.ini file 4-25 including ctalogd.ini file 4-25 including plugins 4-24 installation directory 4-24 install customized package 4-25 D delta_stale parameter 11-21 deploying Cisco Trust Agent 1-5, 2-3 benefit of custom package 2-3 initial deployment options 2-3 distinguished name matching See DN matching DN matching about 5-25, 8-14 about rules 8-14 attributes supported 5-26 issuer attributes 5-26 parameters in ctad.ini file 5-11 rule length 5-25 rules 5-25 sub-rule operators 5-25 sub-rules 5-25 when occurs 8-14 documentation additional reading xiv text conventions xiii E EAP-FAST connections machine credentials context 9-18 overview 9-17, 9-18 user logon context 9-17 EAP over UDP configuring communication 5-12 configuring communication port 5-6 H host posture plugin 7-2 attributes of 7-3 Linux package attribute 7-3 Linux package information 7-4 location on Linux 7-2 location on Mac OS X 7-2 location on Windows 7-2 MAC address attribute 7-3 MAC address information 7-3 machine name attribute 7-3 Mac OS X package attribute 7-3 Mac OS X package information 7-5 Windows hot fix attribute 7-3 Windows service pack attribute 7-3 I installation files Linux operating system 2-3 Mac OS X operating system 3-3 Windows operating system CTA with 802.1x Wired Client 4-5 CTA without 802.1x Wired Client 4-5 discontinued versions 4-5 installation procedures Linux operating system 2-4 accepting EULA 2-4 command line procedure 2-5 customized installation 2-5 extracting install file 2-4 general instructions 2-4 package information 2-9 uninstalling CTA 2-9 upgrading CTA 2-7 verifying installation 2-8 Mac OS X 3-3, 3-16 accepting EULA 3-4 command line procedure 3-4 extracting install file 3-4 general instructions 3-3 installation wizard 3-6 repairing 3-14 uninstalling scripting interface 3-17 upgrading 3-14 verifying installation 3-16 Windows operating system 4-5 accepting EULA 4-6 custom installation package 4-22 customized installation 4-24 extracting MSI file 4-6 general instructions 4-6 installation directory 4-24 installation wizard 4-11, 4-13 install customized package 4-25 installing 802.1x Wired Client 4-17 installing scripting interface 4-17 uninstalling 4-31 upgrading 4-27 upgrading from CTA 1.0 4-27 upgrading from CTA 2.0 4-28 upgrading from CTA 2.0.1 4-29 using MSI commands 4-7 verify CTA installation 4-30 L licenses for open-source software C-1 log files about 6-2 collecting all log files 6-10 creating 6-2 format 6-3 location on Linux operating systems 6-2 location on Mac OS X 6-2 location on Windows operating systems 6-2 naming convention 6-3 persistance 6-4 taking up disk space 6-4 logging about CTA logging 6-2 Cisco Trust Agent 6-1 clearing current log files 6-5 clogcli utility 6-4, 6-5 collecting all log files 6-10 configuring for large deployments 6-11 ctalogd-temp.ini file 6-13 default setting 6-1 disabling logging 6-5 enabling logging 6-6 log files 6-2 logging level explanation 6-11 notifications 5-24 running 6-5 setting log file location 6-7 setting logging level 6-8 M machine and user authentication configuring by using certificates 8-13 machine authentication configuring by using certificates 8-10 requesting machine certificate 8-11 N NAC-L2-IP method 5-12 NAC-L3-IP method 5-12 NAD See network access device network access device (NAD) xi, 1-2 role in NAC 1-2 role in posture validation1-2to 1-4 Network Admission Control (NAC) xi objective of 1-1 overview 1-1 network client definition of 1-5 network clients 1-1 notifications logging 5-24 posture 7-1 O open source software licenses C-1 open-source software license acknowledgement C-1 P posture credentials xi, 7-1 relayed by scripting interface 11-3 transfer from plugin to CTA to ACS 7-1 posture data file 11-3, 11-7 attribute definitions 11-11 creating files for Linux 11-8 creating files for Mac OS X 11-8 creating files for Windows 11-9 description of 11-7 location on Linux 11-8 location on Mac OS X 11-8 location on Windows 11-9 requirements of 11-8 sample 11-9 syntax for attribute datatype values 11-12 syntax of 11-8 posture notifications clearing or saving old posture notifications 5-10 configuring browser auto-launch feature 5-23 configuring clickable URL feature 5-23 configuring display time of pop-up notifications 5-9 configuring pop-up notifications received before logon 5-9 configuring pop-up window 5-8 displaying posture messages in GUI 5-9 enabling or disabling pop-up message 5-8 font used to display messages in terminal 5-10 how they are sent 5-20 pop-up box modality 5-8 pop-up message parameters 5-7 saving pop-up notifications 5-9 setting browser path on Linux 5-10 posture plugins adding to custom installation 2-7, 3-13, 4-24 application posture-token attribute 7-6 application-specific posture message size 5-17 asynchronous status query 5-19 configuring application-specific message size 5-6 configuring application-specific posture message size 5-17 configuring blocking or non-blocking interface 5-5, 5-13 configuring default message size 5-16 configuring default posture message size 5-6 configuring host posture plugin message size 5-18 configuring interaction with CTA 5-13 configuring status query timer 5-6 configuring Symantec posture plugin message size 5-19 configuring timeout for non-blicking plugins 5-5 configuring to query for status change 5-19 CTA posture plugin 7-2, 7-5 default message size 5-16 definition of 7-1 example of blocking and non-blocking interface 5-14 host posture plugin 7-2 host posture plugin message size 5-18 installation process overview 7-9 installed by default 7-2 installing 7-9 kernel-version attribute 7-6 Linux host 7-2 Linux installation directory 7-9 Linux package attribute 7-3 MAC address attribute 7-3 machine name attribute 7-3 machine posture state attribute 7-6, 7-8 Mac OS X host 7-2 Mac OS X installation directory 7-9 Mac OS X package attribute 7-3 operating system attribute 7-7 operating system release attribute 7-6 operating system version number attribute 7-7 posture agent name attribute 7-7 posture agent version attribute 7-7 posture message attribute 7-8 quarantined plugin 7-10 scripting interface 11-3 scripting interface plugin 7-9 script substituting as 7-9 system posture token attribute 7-8 upgrading 7-9 Windows host 7-2 Windows hot fix attribute 7-3 Windows installlation directory 7-9 Windows service pack attribute 7-3 posture scripts 11-3, 11-7 ciscotauser 11-15 invoking ctasi 11-18 location for new scripts 11-14 registering 11-14 requirements of 11-7 user permissions 11-15 posture token definition of 7-1 posture validation 1-1 authentication servers 1-2 components of 1-1 definition of 1-1 network clients 1-1 posture validation servers 1-2 process1-2to 1-4 posture validation servers 1-2 role in NAC 1-2 R repairing CTA Mac OS X 3-14 Windows 4-8 S scripting interface 4-4 adding attributes to ACS 11-15 asynchronous status change notification 11-20 creating posture data files 11-8, 11-9 ctascript.so 11-1 ctascriptPP.dll 11-1 ctasi 11-1 ctasi.exe 11-1 executable file 11-4 file name conventions 11-1 information file 11-3, 11-5 information file parameter descriptions 11-6 installing 2-3, 3-5, 3-10, 4-17 interaction with CTA 11-1 invoking ctasi executable 11-18 invoking on Linux 11-19 invoking on Mac OS X 11-19 invoking on Windows 11-18 making it accept the posture data file 11-19 making it ignore the posture data file 11-19 managing stale posture data 11-21 overview 11-3 posture data file 11-3, 11-7 posture data file attributes 11-11 posture plugin 7-9, 11-3 posture plugin description 11-5 posture scripts 11-3, 11-7 posture-validation attribute definiton file 11-16 registering posture scripts 11-14 relaying posture credentials 11-3 reporting status change at layer 2 11-20 reporting status change at layer 3 11-20 role in NAC 11-1 sample posture data file 11-9 stale posture data 11-20 status change 11-20 syntax for attribute datatype values 11-12 uninstalling 3-17 scripting interface posture plugin 7-9 description of 11-5 supplicant logging 10-1 See 802.1x Wired Client system requirements Linux installer 2-2 Linux operating system 2-2 hard disk space 2-2 listening port 2-3 memory 2-3 operating systems version 2-2 processor 2-2 Mac OS X 3-2 hard disk space 3-2 listening port 3-2 memory 3-2 operating systems version 3-2 processor 3-2 Windows operating system 4-2 hard disk space 4-2 installer 4-2 listening port 4-2 memory 4-2 processor 4-2 system requirements 4-2 T Text conventions xiii transport layer security (TLS) 5-25 U uninstalling CTA Linux operating system 2-9 Mac OS X 3-16 Windows operating system 4-31 upgrading CTA compatibility of authentication profiles from CTA 2.0 4-28 Linux operating system 2-7 Mac OS X 3-14 Windows operating system from CTA 1.0 4-27 from CTA 2.0 4-28 from CTA 2.0.1 4-29 user authentication configuring by using certificates 8-12 importing user certificate 8-12 user credentials expiring 9-23 forcing revalidation 9-23 user notifications logging notifications 5-24 posture notifications 7-1 W Windows MSI commands 4-7 changing installation directory 4-10 installing 4-7 installing optional features 4-9 quiet mode 4-11 reboot options 4-11 reinstalling or repairing 4-8 uninstalling 4-8 Windows operating systems support for 802.1x Wired Client 4-3 support for CTA 4-3
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks