a customer wants to implement dynamic vlan assignment with 802.1x. The customer has the following equipment, Cisco ACS 4.1 for Windows, Cisco ASA 5540, CSA 5.2 with CSA MC, many Cisco Switches and Routers.
Now the questations are, can we implement dynamic vlan assignment without a nac appliance and the customer also wants to decide between clients with actual antivirus signatures and clients with old signatures. Older clients should only have access to the antivirus server and update the signature and if everything is ok, than have access to the internal network.
How could we implement this without any new hardware or software ???
Any ideas?? Thanks for help.
You might want to take a look at the NAC Framework system. If you only want to posture validate wired clients then there are no additional components to buy. If you want to go wireless you will probably need to buy a Cisco client that supports wireless. You can get the configuration guide from here:
I suggest you prototype it and see what you think, the nice thing is that you can deploy it on a per switchport basis so you can do all the setup on ACS without disturbing what's there already and apply it by configuring the switch.