One of our clients have decided to implement NAC. They need to know what the various options are especially the NAC appliance (3310 etc). I read that the appliance is a device like a server which has hard disks, cd roms etc. But the documents dont say much about the configuration of the server , whether ACS is required to be installed on the server etc? Can we do port based 802.1x with the help of this device (like dynamically assigning a host to a particular vlan is OS/anti virus is not update?
ACS is not required. ACS is required for 802.1x. There are two schools here. First is the NAC appliance, the second is the NAC framework which requires certain switches, ACS, etc, but is more scalable. I suggest you contact Cisco and ask for a demo between the two and see which one fits the client better.
NAC appliance willl work with many authentication methods. NAC Framework requires ACS. Getting back to the NAC appliance.... You can use ACS/RADIUS/LDAP/etc.. to authenitcate the users.
THe Appliance will work with Patch Management (after authentication) to insure that tthe right apoplications and patch levels are met. We work with Altiris/BigFIX/Patch Link/SMS and more.
The great thing about NAC Appliace is that it works for all four major use cases:
1. VPN users
2. WIFI users
3. LAN/wired users
2. Posture assess (scan)
You don't want users to have to learn three different ways to connect to the netowrk.
802.1x is working for WIFI today and for LAN conections we use one user per port so they get the whole pipe. In the future we will support subdivision of a Access Switch port for multiple devices and users.
if the customer doesn't want to do posture check for guests' machine, just want to enable 802.1x port authen for guest users VLAN with ACS, no NAC appliance here, what happen if they lost ACS WAN connectivity to the access switches located at branch offices? assume the ACS is the main office, guest users VLAN could be anywhere across the managed WAN cloud.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :