Cisco nac sequence of events – IBM Tivoli and Cisco User Manual
Page 465
Appendix A. Hints and tips
447
Cisco NAC sequence of events
The NAC process is initiated by the network. Whenever access to a protected
network is detected, the Network Access Device queries the endpoint for its
posture. In addition, there are two polling cycles that control what requests are
sent to the client by the network and when. There are three basic messages that
the network can send to the client: Two of these are queries (PostureQuery and
StatusChangeQuery) and one is a notification (PostureNotification).
Figure A-4 shows the communication flow between the Cisco Trust Agent and
the Security Compliance Manager agent.
Figure A-4 Cisco NAC sequence diagram
The PostureQuery asks the client for the full set of attribute data that the client
has registered with the ACS. The client responds to the PostureQuery by
sending the applicable values (PolicyVersion and ViolationCount) based on the
data in the local policy cache.
The StatusChangeQuery asks whether there has been a change in state since
the last PostureQuery or StatusChangeQuery. Both of these queries have their
own polling cycle configured on the Network Access Device. It is typical for the
PostureQuery polling cycle to be set to a relatively high value so that any
PostureResponse()
processPostureRequest()
Cisco Trust Agent
SCM Agent
StatusPoll()
No Status Change()
queryPostureStatusChange()
processPostureNotification()
PostureNotificationAcknowledgement()
Status Changed()
Posture
Polll