Yes it is possible to implement NAC using ACS. You probably want to use v4.1
v3.3 was the 1st rev and not feature rich. v4.0 is buggy as hell. From my sources I hear v4.1 is only just now getting to be stable.
There's white papers and stuff on cisco.com if you search for NAC and ACS. On its own ACS can implement policy to check basic facts about the state of the endpoint before granting access (eg OS version, service pack etc).
If you want much more (eg virus def state) you probably also need the posture server from your a/v supplier. ACS can "back end" onto quite a few 3rd party solutions.
How does the ACS knows what the "basic facts about the state of the endpoint" are ? Is it somthing like this: If client is Windows XP and SP is less then SP1, then clients must be placed in "update" VLAN ?
That comes from the Cisco Secure Agent (CSA) installed on the client. This, together with the posture configuration on the ACS defines the posture of the client (and if it's 802.1x the VLAN it goes into).
BTW, you really want ACS 4.0 as a minimum and preferably 4.1 for the reasons stated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :