Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC by ACS 3.3

Hi there

Is it posible to implement (wireless) NAC by an ACS ?

Or do I need a NAC appliance ?




Re: NAC by ACS 3.3

Yes it is possible to implement NAC using ACS. You probably want to use v4.1

v3.3 was the 1st rev and not feature rich. v4.0 is buggy as hell. From my sources I hear v4.1 is only just now getting to be stable.

There's white papers and stuff on if you search for NAC and ACS. On its own ACS can implement policy to check basic facts about the state of the endpoint before granting access (eg OS version, service pack etc).

If you want much more (eg virus def state) you probably also need the posture server from your a/v supplier. ACS can "back end" onto quite a few 3rd party solutions.

New Member

Re: NAC by ACS 3.3

How does the ACS knows what the "basic facts about the state of the endpoint" are ? Is it somthing like this: If client is Windows XP and SP is less then SP1, then clients must be placed in "update" VLAN ?

Re: NAC by ACS 3.3

That comes from the Cisco Secure Agent (CSA) installed on the client. This, together with the posture configuration on the ACS defines the posture of the client (and if it's 802.1x the VLAN it goes into).

BTW, you really want ACS 4.0 as a minimum and preferably 4.1 for the reasons stated.

CreatePlease to create content