NAC deployment

Unanswered Question
Jan 28th, 2008

Hello there!

I have 2 NAC Appliance 3310. I want to configure them both as Clean Access Servers(CAS). One will be fail over for the other. In this deployment i will have no Clean Access Manager. Is this possible? If possible how will i configure the CAS without CAM? Is it possible also to install the CAM software in a different hardware other than NAC Appliances(Like normal PCs or Server machines)

Best regards,

Stanslaus.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
pmccubbin Tue, 01/29/2008 - 13:47

Hi Stanslaus,

You need one Clean Access Manager (CAM) and one Clean Access Server (CAS) at a minimum to make any In-band or Out-of-band solution work. What's more, the CAM and the CAS cannot be installed on the same server.

Here are some excellent references to consult:

http://cisconac.blogspot.com/

http://www.networkworld.com/community/heary

http://blog.tenablesecurity.com/

http://blogs.cisco.com/security

http://6200networks.com/

http://www.demolabs.co.uk/cisconac_demo.html

Cisco Security Center http://tools.cisco.com/security/center/home.x

Books:

Cisco NAC Appliance: Enforcing Host Security with Clean Access by Jamey Heary, Jerry Lin, Chad Sullivan, Alok Agrawal. (2007)

Hope this helps.

Best,

Paul

acharyr123 Wed, 01/30/2008 - 01:02

Hi!!!

As fas as my understanding goes, in NAC we must have to have at least one CAM.

In CAM all configuration is done & the CAS will deliver the same to NAC compliant end devices.

Without CAm how will this be done???

CAM s/ u can't install on different servers!!!

Actions

This Discussion