Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

basic doubt abt in-band and out-of-band in nac

hi all i am not able to figure out the in band and out of band implementation of cisco nac.

since i read both can be deployed in either L2 or L2 mode.

can someone pls guide me through.

regards

sushil

1 REPLY
New Member

Re: basic doubt abt in-band and out-of-band in nac

Hi Sushill

The Cisco NAC Appliance blocks by either logical or physical means.

When deployed inline, the Cisco NAC Appliance is IP-independent and

controls admission of noncompliant wireless or wired users by restricting

them to a particular subnet and even generating a nonbroadcast, multiaccess

topology for virtual segmentation. When deployed out-of-band, the Cisco NAC

Appliance blocks noncompliant users at a port layer,preventing them from

accessing the network until they pass inspection.

The specifics may require in-band, out-of-band, or a combination of both.

In-Band Out-of-Band

Pros

• Switch/router platform-Independent • Inline only for quarantined traffic

• Switch/router version-independent • Full network access control for quarantined traffic

• Appropriate for wired and wireless networks • Switch control using Simple Network Management Protocol (SNMP)

• Full network access control • Port- or role-based VLAN assignment

• Bandwidth management control • Appropriate for wired networks

Cons

• Inline dependency • Switch platform and version dependencies

• No switch port level control • Limited bandwidth management controls after remediation

Regards MJ

99
Views
0
Helpful
1
Replies