05-07-2008 06:26 AM - edited 02-21-2020 02:00 AM
We are currently looking into the features of a NAC appliance. From the reading I have done thus far, it seems like an edge architecture is the best architecture to go with. That being said, my question is this:
How many NAC appliances would I need to have for my entire LAN? I suspect the answer is only one, but I am unsure at this point. Thanks
05-07-2008 08:53 AM
Good question, I began into looking at NAC myself, you can deploy NAC in your edge network or core network perimeters, what it comes down to is what devices throughout your network will be enforcement points, such as wireless, vpn devices, switches , routers , firewalls etc.. to my understanding you need one NAC applience along with its required componets ACS etc.. but I am quite positive a redundant NAC solution can be deployed as well.
Here are some good links, NAC is a monster so bear with me as I am like you looking into this product.
NAC Deployment guide
Architecture overview
You may find some good info on ASK the EXPERTS on NAC.
HTH
-Jorge
05-08-2008 12:49 AM
The real answer is "it depends".
The number of appliances, and here I'm referring to the servers that will enforce your policies or CAS's as they're known, is driven largely by the access method of your users (wireless, vpn, remote site etc), as well as your current infrastructure. VPN and wireless access for example requires an appliance to be inline whereas regular LAN access users (often lots of them) would usually be addressed by an out of band appliance. Both of these may be deployed centrally.
What I'm getting at here is that you may have some in band appliances AND some out of band appliances - it's all dependent upon YOUR particular infrastructure. I would add that with an edge deployment you would likely require many more CAS's than with a central deployment, but that may just work fine in your infrastructure.
05-07-2008 08:53 AM
You will probably only need 1 CAS for each LAN or 2 if you want HA. How many remote sites do you have. You can also have the CAM and CAS centrally located and use route-maps to direct the traffic back to the core office
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide