Endpoint Protection

 View Only

  • 1.  calling access control experts!

    Posted Jul 29, 2009 09:31 AM
    We have SEP running on everything (well, not our Ubuntu print server but that's a different story)
    We have an engineer here on site to make our Cisco NAC appliance work for us. He's setting up all the subnets, virtual gateway, etc.
    I have asked him if we could use SEP as the NAC agent and NOT mess with that screwy Cisco Network Access Control Agent (Clean Access Agent)
    It was a mess last time, required a stub, then the agent, so it took two installs, was constantly hounding about updates and kept popping behind other things asking for input and made it appear computers were locked.
    Anyway, IF possible, we'd like to use SEP as the NAC agent - it's already on everything!

    I know - we have to buy a license to "turn it on".
    BUT, our engineer is asking me a question:

    Does SEP’s network access control piece support SWISS protocol?

    I dunno! As opposed to the German or Australian protocol? What's the SWISS protocol, and does SEP's NAC (SNAC) support it?
    He said if it does, we can probably use SEP's SNAC as the clean access agent for the Cisco NAC appliance.


  • 2.  RE: calling access control experts!

    Posted Jul 29, 2009 11:12 AM
    Bummer - either no one uses Symantec's SNAC, or it can't work with Cisco's hardware/appliance meaning the SEP client can't act as a NAC agent..............
    What does anyone here use for NAC?
    Cisco or Symantec - and why?


  • 3.  RE: calling access control experts!

    Posted Jul 29, 2009 11:29 AM
    What is this SWISS protocol..it seems even google doesn't know much about it..
    Neither do the SNAC documentation know about it..
    Can you atleast get the expanded form of this SWISS protocol or atleast where and for what is it applied ? 


  • 4.  RE: calling access control experts!
    Best Answer

    Posted Jul 29, 2009 11:39 AM
    Its CISCO's own protocol

    Clean Access Agent uses a proprietary discovery protocol called SWISS. SWISS runs on UDP port 8905 for Layer 2 users and 8906 for Layer 3 users. Clean Access Agent performs discovery every 5 seconds. The NAC Appliance Server listens on UDP 8905/8906 for the SWISS packets being sent from the agents.

    So that means CISCO created this for its NAC 


  • 5.  RE: calling access control experts!

    Posted Jul 29, 2009 11:46 AM

    I wonder if the Cisco NAC can listen to or for any other agents.......... like SNAC.
    I just hate the thought of that nasty nasty Cisco clean access agent running amok on our computers again. It was not a nice experience.
    And SEP keeps itself current...............
    Figures, Cisco likes to run the show, set the rules and use proprietary protocols. I'm not a big Cisco fan at all.