Cisco Clean Access Frequently Asked Questions

How Does the Cisco Clean Access Network Registration System Work?

Clean Access Agent does the following:

• Limits Network access to members of the LC Community
• Ensures systems connecting to the network meet minimum security standards and provides complete network access for these computers.
• Quarantines systems until they meet minimum security standards & provides access to web sites necessary for downloading necessary security software and patches
• Offers an easy way for you to update your operating system and get AntiVirus software.

The system does NOT do the following:

• Network Registration and Clean Access do not monitor traffic
• Network Registration and Clean Access cannot access your user names and passwords
• Network Registration and Clean Access do not block specific applications
• Network Registration and Clean Access cannot read or access files on your hard drive

How does the Windows Clean Access Agent Client work?

After the first successful login, Windows users will be directed to download and install a validation client called Clean Access. Once launched, Clean Access will download current validation rules, (required critical OS updates, anti-virus software, etc.), and check to see if the computer complies with these rules. If the computer fails the validation test, limited Internet access is granted for 90 minutes to enable the user to download and install required software, updates and patches.

The connection remains intact until the timer expires; at that time, the connection is reset and the user must re-validate by launching Clean Access and logging in once more.

Can I update Windows before I login?

Yes, you should be able to go to http://windowsupdate.microsoft.com.

Can I update Norton or antivirus before I login?

Yes, you can do so by clicking on Update from the antivirus software system icon in your system tray.

When I run Windows Update, I get a message stating that the product key used to install windows is invalid?

Windows Update will fail if your Windows OS is not properly licensed.  You must have a legal copy of the operating system to connect to the network.

Do staff and faculty need to register and validation?

Registration and validation is required for everyone who connects to the LC Network in the Residence Halls, wired ports in the Watzek and Boley Libraries as well as our wireless network, LC Wireless. Registration and validation is not required for college managed equipment in departmental offices.

What is Cisco Clean Access?

Clean Access is an application that can check certain security settings on any computer running Microsoft Windows. Clean Access can check to make sure the Windows OS is up-to-date with required security patches and report back to our validation server. No information about the user or content of user files is sent to the server!

What validation checks are being performed?

• Nessus scans for known vulnerabilities
• Check for current release of Symantec AntiVirus or McAfee Virus Scan software and current virus definitions
• Check for current Windows OS critical security updates and patches

How long do the validation checks take?

A check can take between 15 seconds to a few minutes.

How does Network Registration work for Macintosh users?

Macintosh users must register by logging in on a web page. The only validation check performed is the Nessus scan. There is no client to download at this time. The registration timer is reset once the Macintosh has been disconnected from the network for 12 hours.

How does Network Registration work for Linux users?

Linux users must register by logging in on a web page. The only validation check performed is the Nessus scan. There is no client to download at this time. The registration timer is reset once the computer has been disconnected from the network for 12 hours.

What do I do when Clean Access validation checks fail?

• Microsoft Windows Patch Failure: You will be directed to the Microsoft Windows update site to download updates and patches. Follow the instructions on the Windows Update site. Note - you may need to download multiple updates and restart your computer a few times.
• Antivirus Failure: Law students will be directed to the download site for McAfee Virus Scan. All others will be directed to the download site for Symantec AntiVirus. If you do not qualify for a free download for Symantec AntiVirus or McAfee, you must purchase and install one of these programs before you can connect to our public network. These programs can be purchased at an academic discount from the Computer Showroom (x7250 or cpp@lclark.edu)

Why are we requiring network authentication and validation?

At this point in time there are over 31 worms rated as medium or higher threats on the Internet. We had no way to ensure or check that systems were clean of viruses before they connected. Many unprotected systems became infected with viruses as soon as they plugged into the network. The best way to prevent this from happening in the future is to insure that all computers that connect to our network have current and maintained viruses software and that all OS critical updates and patches are installed.

Clean Access

Do I have to use the Clean Access client?

All Windows PCs are required to use the Clean Access for network access.

I cannot install the Clean Access client, it warns me about administrative rights.

You must be logged onto your computer as a user with administrative rights or as the administrator. Contact Helpdesk if do not have administrative rights.

How do I know Clean Access is installed successfully?

Look in the System Tray in the lower right corner near the time display. You may need to select “<<“ to expand and show the Clean Access icon.

What happens if I uninstall the Clean Access client?

You will be required to reinstall the client to re-register when your login expires.

I keep trying to install the Clean Access but it tells me that I can either Modify/Repair or Remove the program.  

Clean Access is currently installed on your machine.  You do not need to install it again.

I do not see the Clean Access icon in my system tray; what do I do?

• Check to see if Clean Access is hidden in the System Tray by clicking on the "<<" to expand the System Tray to show all current tasks.
• Check to see if Clean Access is installed, but not running.
  1. Go to the Start Menu and select Programs or All Programs
  2. Select Cisco -> Clean Access from the list of programs
• Clean Access may not be installed. Install the program.