This feature is intended to prevent users from changing identification of their client operating systems through manipulating HTTP information.Note that this is a "passive" detection technique that only inspects the TCP handshake and is not impacted by the presence of a firewall.While MAC address spoofing may be accomplished in a wireless environment by means of using a sniffer to detect and clone the MAC address of a client who has already been authorized or placed in a "clean" user role, it is not easy to do so in a wired environment, unless the Clean Access Server has been misconfigured.
Currently the Clean Access Agent application is only available for some Windows and Mac OS X operating systems (Windows 98, Windows Me, Windows 2000, Windows XP, Windows XP Media Center Edition, Windows Vista, Windows 7, Windows 8 and Mac OS X); most network administrators allow clients with non-Windows operating systems (such as Mac OS 9, Linux, and Free BSD) to access the network without any security checks (authentication is still required and is usually handled via a Web interface).
After successfully authenticating via a web interface, the Clean Access Server will direct new Windows based clients to download and install the Clean Access Agent application (at this time, non-Windows based clients need only authenticate via the web interface and agree to any network terms of service).
This segregates unauthorized users from each other and from the rest of the network, and makes wired-sniffing irrelevant and spoofing or cloning of authorized MAC addresses nearly impossible.
Proper and similar implementation in a wireless environment would in fact contribute to a more secure instance of Clean Access.
It is capable of managing wired or wireless networks in an in-band or out-of-band configuration mode, and Virtual Private networks (VPN) in an in-band only configuration mode.
The Clean Access Agent (abbreviation: CCAA, "Cisco Clean Access Agent") resides on the client's machine, authenticates the user, and scans for the required patches and software.
The system usually installs an application known as the Clean Access Agent on computers that will be connected to the network.
This application, in conjunction with both a Clean Access server and a Clean Access Manager, has become common in many universities and corporate environments today.
The checks are maintained as a series of "rules" on the Clean Access Manager side.
The Clean Access Manager (CAM) can be configured to check, install, or update anything on the user's system.
Please help to establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond its mere trivial mention.