I have gone through couple of resources about Network Admission Control (NAC)
I am looking for a correction to my understanding, because I got little bit confused
There are two admission control solution choices :
1 NAC Appliance (standalone box)
2 NAC Framework
NAC Framework (2) includes the following main components :
a- Endpoint security application
b- Posture agent
c- Network access devices
d- Cisco Policy server [Cisco Secure Access Control Server (CS ACS)]
e- Optional servers that operate as policy server decision points and audit servers
f- Optional management and reporting tools are highly recommended
Q1- NAC Appliance it standalone box ,,,,does that mean that NAC appliance includes (built-in) all the necessary (not optional) components , which are belong to NAC Framework (please see above) ?
Q2- The architecture of NAC Framework includes many different components from Cisco and other vendors (third party),,,,,,What about NAC appliance does it also include same components from other vendors (third party) ?
Q3- How does NAC appliance get updated ? since it is standalone box ? do we have to connect it to net to get the necessary updates ?
Q4- If I am looking to implement (install) NAC Appliance within my network do I need to use CS ACS (I guess we do not need to use CS ACS, see link below) or I have to use other components ?
Customers are recommended to consider the NAC Framework only when one of the following applies:
Cisco Secure Access Control Server (ACS) is required as the central policy server in the NAC deployment
Q5- The initial release of cisco NAC Framework became available June 2004 ,,,,what about NAC Appliance ? (i.e is it new technology )?
Q6- I could not get what does he mean by : words ? in-band ? and ? inline? in the above quote ?
NAC Appliance must be deployed as an in-band deployment to support WLANs. In an in-band deployment, the NAC Appliance server is always inline with user traffic-before, during, and after authentication, posture assessment, and remediation.