Hi Sushill
The Cisco NAC Appliance blocks by either logical or physical means.
When deployed inline, the Cisco NAC Appliance is IP-independent and
controls admission of noncompliant wireless or wired users by restricting
them to a particular subnet and even generating a nonbroadcast, multiaccess
topology for virtual segmentation. When deployed out-of-band, the Cisco NAC
Appliance blocks noncompliant users at a port layer,preventing them from
accessing the network until they pass inspection.
The specifics may require in-band, out-of-band, or a combination of both.
In-Band Out-of-Band
Pros
⢠Switch/router platform-Independent ⢠Inline only for quarantined traffic
⢠Switch/router version-independent ⢠Full network access control for quarantined traffic
⢠Appropriate for wired and wireless networks ⢠Switch control using Simple Network Management Protocol (SNMP)
⢠Full network access control ⢠Port- or role-based VLAN assignment
⢠Bandwidth management control ⢠Appropriate for wired networks
Cons
⢠Inline dependency ⢠Switch platform and version dependencies
⢠No switch port level control ⢠Limited bandwidth management controls after remediation
Regards MJ