Does Cisco NAC Appliance deployment require CS-ACS?

Unanswered Question
Sep 10th, 2007
User Badges:

I've gone through all the partner training on the Cisco NAC appliance and mgmt station, and CiscoSecure ACS 4.0+ is mentioned just about everywhere in the user verification steps.

If a customer does not have CSACS, or AAA for that matter (say in just a MS Exchange environment), the NAC appliances can still be used, correct?

I'm assuming they can, but that leads to if any functionality/checks would be lost in that case, and if so, what?

Anybody have any ideas on that?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pmccubbin Mon, 09/10/2007 - 12:32
User Badges:
  • Silver, 250 points or more

Yes, you could use NAC with the local database for a client demonstration. This is actually my preferred method.

Of course, you would lose the central management functionality which comes with ACS or a hook to Active Directory via KTPass (This command-line tool enables an administrator to configure a non-Windows Server 2003 Kerberos service as a security principal in the Windows Server 2003 Active Directory).

Though by all means deploy NAC, even if you are simply want to demonstrate its functionality. Configure the authentication portion last, after your customer is happy with the demonstrated results.

Hope this helps.


This Discussion