NAC deployment

Unanswered Question
Jan 28th, 2008
User Badges:

Hello there!

I have 2 NAC Appliance 3310. I want to configure them both as Clean Access Servers(CAS). One will be fail over for the other. In this deployment i will have no Clean Access Manager. Is this possible? If possible how will i configure the CAS without CAM? Is it possible also to install the CAM software in a different hardware other than NAC Appliances(Like normal PCs or Server machines)


Best regards,

Stanslaus.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
pmccubbin Tue, 01/29/2008 - 13:47
User Badges:
  • Silver, 250 points or more

Hi Stanslaus,


You need one Clean Access Manager (CAM) and one Clean Access Server (CAS) at a minimum to make any In-band or Out-of-band solution work. What's more, the CAM and the CAS cannot be installed on the same server.


Here are some excellent references to consult:


http://cisconac.blogspot.com/

http://www.networkworld.com/community/heary

http://blog.tenablesecurity.com/

http://blogs.cisco.com/security

http://6200networks.com/

http://www.demolabs.co.uk/cisconac_demo.html


Cisco Security Center http://tools.cisco.com/security/center/home.x




Books:


Cisco NAC Appliance: Enforcing Host Security with Clean Access by Jamey Heary, Jerry Lin, Chad Sullivan, Alok Agrawal. (2007)



Hope this helps.


Best,

Paul

acharyr123 Wed, 01/30/2008 - 01:02
User Badges:

Hi!!!


As fas as my understanding goes, in NAC we must have to have at least one CAM.


In CAM all configuration is done & the CAS will deliver the same to NAC compliant end devices.


Without CAm how will this be done???


CAM s/ u can't install on different servers!!!

Actions

This Discussion