Client devices are responsible for actively retrieving (and/or passively receiving) the latest IP-to-user-identity mappings from the Cisco CDA. A consumer device is responsible for:
• Retrieving the IP-to-user-identity mappings from the Cisco CDA.
• Receiving notifications of IP-to-user-identity mappings from the Cisco CDA.
• Enforcing identity based firewall policy.
• Basic monitoring of the Active Directory connectivity via the Cisco CDA.
• Retrieving group information directly from the Active Directory.
• Web-auth fallback for IPs that the Cisco CDA did not map to identity.
• Forwarding of new mappings revealed by consumer devices via the web-auth to the Cisco CDA.
• Forwarding IP-to-user-identity mapping for VPN sessions.
• Running NetBIOS probing and forwarding disconnect notification to the Cisco CDA.
These updates are sent as RADIUS Accounting-Request messages.