cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
824
Views
0
Helpful
8
Replies

NAC-CAS vs. NAC-NM

kostica
Level 1
Level 1

Hi,

I have central site with 50 users, without branches. Can I deploy just NAC-NM instead of CAS and if I use NAC-NM in 2811 ISR is there any bandwidth limitation when it is compared to CAS solution? In general, what is throughput for CAS (3310) and what for NAC-NM ???

1 Accepted Solution

Accepted Solutions

Yes, the NM will work in inline mode, but as with all CAS's it can support only one mode (inline or OOB) at a time.

We're desigining our inline CAS-NM solution now in our lab, and I had similar concerns regarding throughput. I opened a TAC case and was assured that the NM CAS can do full gig throughput. Our testing showed that our router platform (an ISR 2821) can only do about 20mbps, though, even with all features turned off.

View solution in original post

8 Replies 8

cdusio
Level 4
Level 4

The 3310 can handle up to ~ 1 Gig in in-band deployment. OOB is handled as a licensing restriction same as the NAC-NM

The NAC-NM is licensed per user but it does OOB... It's based on simultaneous users...

All NAC products are licensed by this feature so that same licensing is required for a CAS as well.

-HTH

It's clear that number of users with NAC-NM is limited by the licence, 50 or 100 users. But is there any impact on traffic congestion when I put module in ISR? Does it affect availability of my servers for example?

By servers are you talking about servers at the local side? Normally that would not be an issue as once end stations are authenticated, the NAC is not in the way anymore. Same would apply to servers over the WAN.

I'm talking about servers at the local side, ok they aren't affected after authentication. But what's the exact throughput of NAC-NM in ISR 2811 in in-band deployment, including throughput of the router itself ???

I don't think I can answer that because I don't see anything out there that says "throughput is this".. It's all about simultaneous users. I did find something that referencecs the fact that the module does connect over HIMI feature which is a gig connection to the router from the service module.

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps8788/prod_qas0900aecd806bfe39_ps6128_Products_Q_and_A_Item.html

You can check this article on 2811 performance..

http://www.smbdesignweb.co.uk/bbt/download/CiscoISR_2811_v1.pdf

HTH

-C

If ISR works as a bridge, will NAC-NM work in in-band deployment?

Yes, the NM will work in inline mode, but as with all CAS's it can support only one mode (inline or OOB) at a time.

We're desigining our inline CAS-NM solution now in our lab, and I had similar concerns regarding throughput. I opened a TAC case and was assured that the NM CAS can do full gig throughput. Our testing showed that our router platform (an ISR 2821) can only do about 20mbps, though, even with all features turned off.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: