Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is ACS required in NAC appliance.

Hi,

One of our clients have decided to implement NAC. They need to know what the various options are especially the NAC appliance (3310 etc). I read that the appliance is a device like a server which has hard disks, cd roms etc. But the documents dont say much about the configuration of the server , whether ACS is required to be installed on the server etc? Can we do port based 802.1x with the help of this device (like dynamically assigning a host to a particular vlan is OS/anti virus is not update?

Thx in advance.

Sonu

3 REPLIES

Re: Is ACS required in NAC appliance.

ACS is not required. ACS is required for 802.1x. There are two schools here. First is the NAC appliance, the second is the NAC framework which requires certain switches, ACS, etc, but is more scalable. I suggest you contact Cisco and ask for a demo between the two and see which one fits the client better.

HTH and please rate.

New Member

Re: Is ACS required in NAC appliance.

NAC appliance willl work with many authentication methods. NAC Framework requires ACS. Getting back to the NAC appliance.... You can use ACS/RADIUS/LDAP/etc.. to authenitcate the users.

THe Appliance will work with Patch Management (after authentication) to insure that tthe right apoplications and patch levels are met. We work with Altiris/BigFIX/Patch Link/SMS and more.

The great thing about NAC Appliace is that it works for all four major use cases:

1. VPN users

2. WIFI users

3. LAN/wired users

4. GUest/vistors

We can

1. authenticate

2. Posture assess (scan)

3. Quarantine/

4. Remediate

You don't want users to have to learn three different ways to connect to the netowrk.

802.1x is working for WIFI today and for LAN conections we use one user per port so they get the whole pipe. In the future we will support subdivision of a Access Switch port for multiple devices and users.

I hope this helps.

New Member

Re: Is ACS required in NAC appliance.

Thanks rayarago for your answers.

I have a question on the 802.1x for Guest users:

if the customer doesn't want to do posture check for guests' machine, just want to enable 802.1x port authen for guest users VLAN with ACS, no NAC appliance here, what happen if they lost ACS WAN connectivity to the access switches located at branch offices? assume the ACS is the main office, guest users VLAN could be anywhere across the managed WAN cloud.

177
Views
8
Helpful
3
Replies
CreatePlease login to create content