basic doubt abt in-band and out-of-band in nac

sushilmenon · ‎12-01-2007

hi all i am not able to figure out the in band and out of band implementation of cisco nac.

since i read both can be deployed in either L2 or L2 mode.

can someone pls guide me through.

regards

sushil

mj11 · ‎12-01-2007

Hi Sushill

The Cisco NAC Appliance blocks by either logical or physical means.

When deployed inline, the Cisco NAC Appliance is IP-independent and

controls admission of noncompliant wireless or wired users by restricting

them to a particular subnet and even generating a nonbroadcast, multiaccess

topology for virtual segmentation. When deployed out-of-band, the Cisco NAC

Appliance blocks noncompliant users at a port layer,preventing them from

accessing the network until they pass inspection.

The specifics may require in-band, out-of-band, or a combination of both.

In-Band Out-of-Band

Pros

â€¢ Switch/router platform-Independent â€¢ Inline only for quarantined traffic

â€¢ Switch/router version-independent â€¢ Full network access control for quarantined traffic

â€¢ Appropriate for wired and wireless networks â€¢ Switch control using Simple Network Management Protocol (SNMP)

â€¢ Full network access control â€¢ Port- or role-based VLAN assignment

â€¢ Bandwidth management control â€¢ Appropriate for wired networks

Cons

â€¢ Inline dependency â€¢ Switch platform and version dependencies

â€¢ No switch port level control â€¢ Limited bandwidth management controls after remediation

Regards MJ