Cisco Cisco IOS Software Release 12.4(6)T

You must be running Cisco IOS Release 12.4(6)T or a later release.

You must be using a Cisco access control server (ACS) version 4.0 or a later version.

You must have a Cisco or third-party audit server setup.

To configure the Network Admission Control: Agentless Host Support feature, you should understand 
the following concepts:

The Cisco Network Admission Control functionality enables the credentials of the endpoint device to be 
checked for compliance with the security policy before the device is granted access to network resources. 
This checking requires a security application called Cisco Trust Agent (CTA) to be installed on end 
devices that gather security state information and communicate it to access servers where policy 
decisions are made and eventually enforced on Cisco network access devices (such as routers and 
switches).

End devices that do not run CTA cannot provide credentials when challenged by network access devices 
(NADs). Such hosts are termed “agentless” or “nonresponsive.” In the Phase l release of Network 
Admission Control, agentless hosts were supported by either a static configuration using exception lists 
(an identity profile) or by using “clientless” username and password authentication on an ACS. These 
methods are restrictive and do not convey any specific information about the host while making policy 
decisions.