- RyanTAdams.com - //blog.ryantadams.com -

All About Cisco Clean Access Agent (and Circumventing It)

Cisco Clean Access (CCA), is an access control system that is becoming popular on many school networks. Originally, the system was produced by Perfigo and marketed under the name of Perfigo SmartEnforcer. After being bought out by Cisco, the system was renamed to Cisco Clean Access. Recently, Cisco has renamed its product to Cisco NAC Appliance, though “Clean Access” is still widely used.

The Cisco Clean Access system is comprised of server software and client software. The client software, called Cisco Clean Access Agent, must be installed on each computer before that computer is allowed to use the network. The Clean Access Agent performs two functions. First, it provides authentication by requiring the user of a client computer to provide a log-in name and password. Second, it checks the client computer for required updates and programs (currently Windows patches and a supported antivirus program) and prevents a computer from connecting if it does not meet the standards for the network. Currently the Clean Access Agent application is only available for Windows operating systems (Windows 98 and above), however most network administrators allow clients with non-Windows operating systems to access the network without any security checks.

The Cisco Clean Access is designed to restrict network use to those authorized and to prevent viruses or other malware from spreading over the network. However, many students and employees who are forced to use a network where Clean Access is configured become frustrated because:

Network administrators who are forced by management to configure the Clean Access system on a network are also often frustrated because they are responsible for correcting the above issues.


The good news is, there are ways around having to use the Cisco Clean Access Agent. The bad news is they may not work, or there may be penalties for being caught. Some of the proposed loop holes include:

Again, attempting to exploit any of the above loopholes may result in reprimands.

For more information on Cisco Clean Access check out the official FAQ [1]or the Wikipedia page [2].

Please leave a comment if you have any questions or suggestions.