basic doubt abt in-band and out-of-band in nac

Unanswered Question
Dec 1st, 2007

hi all i am not able to figure out the in band and out of band implementation of cisco nac.

since i read both can be deployed in either L2 or L2 mode.

can someone pls guide me through.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Hi Sushill

The Cisco NAC Appliance blocks by either logical or physical means.

When deployed inline, the Cisco NAC Appliance is IP-independent and

controls admission of noncompliant wireless or wired users by restricting

them to a particular subnet and even generating a nonbroadcast, multiaccess

topology for virtual segmentation. When deployed out-of-band, the Cisco NAC

Appliance blocks noncompliant users at a port layer,preventing them from

accessing the network until they pass inspection.

The specifics may require in-band, out-of-band, or a combination of both.

In-Band Out-of-Band


• Switch/router platform-Independent • Inline only for quarantined traffic

• Switch/router version-independent • Full network access control for quarantined traffic

• Appropriate for wired and wireless networks • Switch control using Simple Network Management Protocol (SNMP)

• Full network access control • Port- or role-based VLAN assignment

• Bandwidth management control • Appropriate for wired networks


• Inline dependency • Switch platform and version dependencies

• No switch port level control • Limited bandwidth management controls after remediation

Regards MJ


This Discussion