I have to deviate from our latest discussion track to bring up some exciting news in NAC world. This past week Cisco decided to release NAC 4.6 (it also just so happens to be Cisco Live here in Frisco but we won’t go there).
Anyway, since there are quite a number of people who are following this blog now it’s worthwhile to cover 4.6 and then we’ll shift back to our original discussion. It just so happened that when Cisco decided to release 4.6 I was in the middle of a NAC install for a city here in the SF Bay Area. Needless to say, I upgraded all appliances immediately and decided to start posting my findings.
So what’s the big deal? Why is 4.6 so significant? To answer this with a short answer the only big difference that I’ve noticed so far is the agent. Yes, Cisco has finally, finally, decided to go to a service-based agent. The agent itself has also been re-skinned. Basically, now it looks prrrrrreeetttttty.
Here is what it looks like in the system tray now:
And here is a shot of the service:
Also here is what the new skin looks like now. Notice that Cisco ordered the versioning information to be a little friendlier than the past:
Just so you know, along with this agent changing comes some registry enhancements as well. It’s well documented in the user guide for 4.6 regarding the registry changes that we had to manually configure in the past.
In this newer version, Cisco provided a location in the NAM to upload an XML configuration file. This config now identifies items such as the discovery host seen in the above image. So if you are pushing out the agent to your users, make sure the XML file is in the same folder as your nacagent-setup.msi file.
Also since we are talking about the agent, realize that the Stub Installer is no longer needed, which is a little easier for deployments. Just remember that the new agent itself still needs to be installed with admin rights in order to run as a service, that still makes sense.
Other than this agent change, some new product updates were integrated which fixed some AV products such as AVG and Symantec with specific patches. You’ll have to check the release notes to see if this rev fixes any specific issues you may be having.
As for everything else in the GUI, everything looks the same. I see really no difference whatsoever. I’d say this is an agent update more than anything else.
I’m dying to add a wishlist here on minor enhancements that would be really really useful in production but I wouldn’t want to wait for Cisco Live next year for the answer (lol).
Feel free to hit me up on any specific questions related to this rev of code since I have it in production for VPN (InBand) and OOB.
Author: Jim Thomas