Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help required for NAC deployment in existing Enterprise Environment

Dear All,

I'm completely new to NAC solution. We have an urgent requirement coming up from a customer for NAC implementation. It's an Enterprise network consists of DC, scaled down DR, Head office and various Remote offices. They have already purchased NAC manager and single NAC appliance. They want to implement this with minimum changes in the network.

Please suggest some starting points as how to integrate this NAC solution into existing network without disrupting any services. Any help would be greatly appreciated. Thanks in advance.


Help required for NAC deployment in existing Enterprise Environm


There is no easy way to turn up an install like this and there are many ways you can deploy clean access:

  • L2 Virtual Gateway In Band
  • L2 Virtual Gateway Out of Band
  • L2 Real IP Gateway In Band
  • L2 Real ip gateway out of band
  • *all of the above but with L3 mode*

Based on the remote users this almost looks like a L3 (layer 3 deployment) which will involve route maps in order to redirect the users traffic to the single CAS on the network.

It really requires extensive knowledge of the NAC product to turn this up.

My question to you is why not use a better solution like ISE which is NAC without major network design changes?


Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Help required for NAC deployment in existing Enterprise Environm

Dear Tarik,

Thanks a lot for your quick response.

I'm also looking for a Customer requirement Gathering document for NAC but not able to find any. I can think of following points to start with:

Why customer wants to deploy NAC?

Will NAC be performing authentication for user? (Only SNMP based, Dot1x not supported with current NAC it is supported with Cisco ISE.)

Should NAC be integrated with AD to validate user credentials?

Should NAC verify AV installation and do remediation if required?

Should NAC monitor any windows service, For eg if you want to disable windows firewall on the workstation that can be done using NAC.

Should NAC verify installed windows patches on the workstation? This can be done using NAC but currently it supports only WSUS and not SCCM.

Please suggest some pointer or feel free to add yours.

Thanks in advance.

CreatePlease to create content