Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

NAC Appliance and NAC Framework - ambiguous quires

Posted on 2007-03-17
6
Medium Priority
?
385 Views
Last Modified: 2010-04-11
I have gone through couple of resources about Network Admission Control (NAC)
http://www.cisco.com/en/US/netsol/ns466/netqa0900aecd800fdd6f.html
http://www.ciscopress.com/articles/article.asp?p=662903&seqNum=4&rl=1
http://www.consentry.com/products_features_nac.html

I am looking for a correction to my understanding, because I got little bit confused

There are two admission control solution choices :
1 NAC Appliance (standalone box)
2 NAC Framework

NAC Framework (2) includes the following main components :
a- Endpoint security application
b- Posture agent
c- Network access devices
d- Cisco Policy server [Cisco Secure Access Control Server (CS ACS)]
e- Optional servers that operate as policy server decision points and audit servers
f- Optional management and reporting tools are highly recommended

Q1- NAC Appliance it standalone box ,,,,does that mean that NAC appliance includes (built-in) all the necessary (not optional) components , which are belong to NAC Framework (please see above) ?


Q2- The architecture of NAC Framework includes many different components from Cisco and other vendors (third party),,,,,,What about NAC appliance does it also include same components from other vendors (third party) ?


Q3- How does NAC appliance get updated ? since it is standalone box ? do we have to connect it to net to get the necessary updates ?


Q4- If I am looking to implement (install) NAC Appliance within my network do I need to use CS ACS (I guess we do not need to use CS ACS, see link below) or I have to use other components ?
http://www.cisco.com/en/US/netsol/ns466/netqa0900aecd800fdd6f.html
[quote]
Customers are recommended to consider the NAC Framework only when one of the following applies:
Cisco Secure Access Control Server (ACS) is required as the central policy server in the NAC deployment
[/quote]


Q5- The initial release of cisco NAC Framework became available June 2004 ,,,,what about NAC Appliance ? (i.e is it new technology )?




Q6- I could not get what does he mean by : words ? in-band ? and ? inline? in the above quote ?
http://www.cisco.com/en/US/netsol/ns466/netbr0900aecd80355b2f.html
[quote]
NAC Appliance must be deployed as an in-band deployment to support WLANs. In an [b]in-band[/b] deployment, the NAC Appliance server is always [b]inline[/b] with user traffic-before, during, and after authentication, posture assessment, and remediation.
[/quote]
0
Comment
Question by:zillah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 2000 total points
ID: 18743116
In general: the NAC appliance is a quick way to implement NAC without going through all the changes & investments to implement the full NAC Framework
It's an entry path.
Q1: Yes
Q2: No, only Cisco
Q3: It has a CD-rom drive. Basically they are HP Proliant with Cisco software.
Q4: No, the appliance acts as an authentication proxy, integrating with your existing authentication infrastructure & protocols (RADIOS, Ldap, Kerberos, AD ...). So it does not need CS ACS.
Q5: It was released July 2006. And it's an evolution of the earlier Cisco Clean Access which was released exactly one year earlier.
Q6: In band = physically between the monitored device and the rest of the network. Inline in the above quote is just the normal English meaning: the device is always in sync or in control. Out of band = logical seperation using other means to block network access then physically denying access. E.g. redirecting to an isolated VLAN, assigning a special subnet ...

J.
0
 

Author Comment

by:zillah
ID: 18743165
Good shot J, This is just what I wanted.

>>Q5: It was released July 2006. And it's an evolution of the earlier Cisco Clean Access which was released exactly one year earlier.<<
Could you kindly refer me to some documentation for future reference ?

Two more questions, if you look to the title (NAC Appliance) of the Figure 1 in the link below :
http://www.cisco.com/en/US/netsol/ns466/netbr0900aecd80355b2f.html

Q7- As you have answered Q4 that  NAC Appliance does not need additional components, what I have noticed in the Figure 1 (please see the link above) that there are additional components (e.g Clean Access Manager , by the way iss it different from Cisco Clean Access ? ) ? what are they ? Yes I am aware that Cisco Clean Access is another name for NAC Appliance.

Q8- Since Network Access Devices are required components for NAC Framewaork, Are they required for NAC Appliance (Cisco Clean Access) as well ?

Regards
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18744503
Q5: http://www.cisilion.com/cisco-nac-4.htm & http://www.cisilion.com/cisco-clean-access.htm

Q7: the CAM is a the server software to manage the CAS (Clean Acces Server). You need the CAM to define the rules, policies, etc ... It can be on the same machine, but can also centrally manage several CAS's.

Q8: I'm not sure what you are asking here. All networks have network access devices (routers, switches, AP's, firewalls ...).

J.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:zillah
ID: 18754627
>>Q5: http://www.cisilion.com/cisco-nac-4.htm & http://www.cisilion.com/cisco-clean-access.htm<<
These link refers to when NAC Appliance V4 was released , it does not refere to when the first version of NAC Appliance was released.

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18755642
To my knowledge version 3.5 was the first release of the appliance, half 2005.
But I have been known to be wrong, rarely, but it happens ;-)

J.
0
 

Author Comment

by:zillah
ID: 18777226
>>Q3- How does NAC appliance get updated ? since it is standalone box ? do we have to connect it to net to get the necessary updates ?<<
Just to share with you what I have been told as well.
(( The NAC Appliance gets updated as per configured schedule, in our case, once an hour, via CCO and it can
do this via a Proxy too for preconfigured checks for over 200 products. The actual update and most of the configuration is done on the Manager Appliance, which controls one or more NAC appliances ))

Regards
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question