I m planning to implement NAC INBand virtual mode,as if i have HP and cisco switches in my network,I have read the installation guide and cisco press book for NAC,as if now i want confirmation from you'll experts the step by step procedure to setup NAC,
As i thought to post because many of you'll have implemented NAC for several times so the general steps to start,as i m going to do antivirus update and windows update for the host posture assessment,
NAC in Inband L2 Virtual mode
About my thinking for Implementation is :
- create authentication vlan on access switches,(no SVI for authentication vlan)
- Do authentication mapping and actual user vlan mapping in NAC,
- create a rule such as windows update and antivirus update and then requirement is to access the antivirus server and windows update server,
- allow Access-list for all the user vlan to go these antivirus and windows update server BUT these ip's will be the actual vlan IP subnet because we will not have any authentication subnet in DHCP ??????? Correct me if i m wrong.
- Shift the users from actual vlan to authentication vlan,
- Configure managed subnet for the reply of DHCP request
- Enable L3 and setup static routes
- Manually go on each and every PC to open a browser so that it will be redirected to install NAC agent, IS THERE any other way TO INSTALL NAC AGENT IN 1000 WINDOWS MACHINE, MINE SYSTEM ADMINISTRATOR ARE NOT VERY SMART,SO PLEASE ANY SOLUTION WITHOUT ANY HELP OF SYSTEM ADMINISTRATOR?????? IT WILL BE HIGHLY APPRECIABLE.
The point above i have worte,, that is what i think NAC is any other point's if i m missing please plese please advice me.or give proper guidance.