basic doubt abt in-band and out-of-band in nac

Unanswered Question
Dec 1st, 2007

hi all i am not able to figure out the in band and out of band implementation of cisco nac.


since i read both can be deployed in either L2 or L2 mode.


can someone pls guide me through.


regards


sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi Sushill


The Cisco NAC Appliance blocks by either logical or physical means.

When deployed inline, the Cisco NAC Appliance is IP-independent and

controls admission of noncompliant wireless or wired users by restricting

them to a particular subnet and even generating a nonbroadcast, multiaccess

topology for virtual segmentation. When deployed out-of-band, the Cisco NAC

Appliance blocks noncompliant users at a port layer,preventing them from

accessing the network until they pass inspection.


The specifics may require in-band, out-of-band, or a combination of both.


In-Band Out-of-Band

Pros

• Switch/router platform-Independent • Inline only for quarantined traffic

• Switch/router version-independent • Full network access control for quarantined traffic

• Appropriate for wired and wireless networks • Switch control using Simple Network Management Protocol (SNMP)

• Full network access control • Port- or role-based VLAN assignment

• Bandwidth management control • Appropriate for wired networks





Cons

• Inline dependency • Switch platform and version dependencies

• No switch port level control • Limited bandwidth management controls after remediation


Regards MJ

Actions

This Discussion