Overview of common clients
- Windows 7 and 8
- Intel PROSet – It can be installed if you are using Intel Wireless adapter. Its preferable when dealing with lightweight extensible Authentication Protocol (LEAP), EAP Flexible Authentication by Secure Tunneling (EAP-FAST), or Cisco Compatible Extensions (CCX) because these are not supported by Windows.
- Apple OS X
- Cisco AnyConnect. It runs on virtually most of the OS that we have so far and does not depend on the connection type. Has the following modules:
- Diagnostic and Reporting Tool (DART) – for troubleshooting
- Network Access Manager (NAM) – controls authentication
- Posture Assessment – before it builds a connection, it verifies that the necessary elements like the antivirus and firewall are installed.
- Telemetry – sends info back to the web filtering infrastructure
- Web Security – enforces security policies according to Cisco Web Security policies.
- For Anyconnect to manage wireless connections, the NAM and VPN modules should be installed.
- Policies are created on Cisco Adaptive Security Appliance (ASA) through its Adaptive Security Device Manager (ASDM) management front end and pushed to the client.
- The main AnyConnect client interface consists of VPN, network, and web security functions
Cisco Compatible Extensions (CCX)
CCX program can be used to verify that clients support wireless enhancements. There are several versions of this program v5 being the current one. v4 and v5 are interactive and the client reports information about itself to the wireless infrastructure.
Management frame protection (MFP) addresses an inherent weakness in the management frames that an AP transmits. This is supported in v5.
Features supported in CCX v1 to v5 from CCNA Wireless OCG.
CCX Lite – simplifies the compatibility process as not all features are needed in all devices. Its categories are:
- Foundation – core features common in like all devices
- Voice – supports features like CAC, voice metrics etc
- Location – for real time tracking
- Management – features like client and link management are included.
For a device to be CCX certified, it needs to be compliant with the Foundation Module. The other modules are optional
From CCNA Wireless OCG. Security features supported in CCX.
- 802.1x is in all versions
- WPA from CCXv2
- WPA2 from CCXv3 but
- PEAP-MSCHAP and EAP-TLS introduced in CCXv4
- EAP-FAST introduced in CCXv3
- MFP in v5 only