What's the point of using that at all then? Sure it will catch most of your users, but the ones that are smart enough to notice this and spoof their user agent will completely bypass having to install the agent. Identifying a device by the web browser's user agent doesn't seem to be any form of security. If you've already identified them using 802.1x and are allowing a loop hole like this why have it at all? It will only keep honest users honest.
Sam Stelfox Network Administrator Vermont Technical College ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]] On Behalf Of Dennis Xu [[email protected]] Sent: Friday, June 25, 2010 10:09 AM To: [email protected] Subject: [WIRELESS-LAN] Mobile devices and NAC Just want to check how other people deal with mobile device with NAC? We use Cisco NAC and configured "not require agent" for mobile devices, but the problem is they have to open the browser first (even they have already been authenticated using 802.1X) to become online users in NAC before they can use any other applications(email clients, calendar, etc). Cisco NAC detects the user O/S after user opens the browser. So no browser open, no other network connectives. This has caused many frustrations. How do you make the mobile devices work with NAC without these pains? If you use MAC filter to bypass NAC, how do you manage and maintain the filter list? Any suggestions are appreciated! Dennis Xu Network Analyst Computing and Communication Services University of Guelph 5198244120 x 56217 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
