Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
8
Helpful
3
Replies

Is ACS required in NAC appliance.

Sonugnair_2
Level 1
Level 1

‎01-15-2007 05:21 AM - edited ‎02-21-2020 10:17 AM

Hi,

One of our clients have decided to implement NAC. They need to know what the various options are especially the NAC appliance (3310 etc). I read that the appliance is a device like a server which has hard disks, cd roms etc. But the documents dont say much about the configuration of the server , whether ACS is required to be installed on the server etc? Can we do port based 802.1x with the help of this device (like dynamically assigning a host to a particular vlan is OS/anti virus is not update?

Thx in advance.

Sonu

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎01-15-2007 06:38 AM

ACS is not required. ACS is required for 802.1x. There are two schools here. First is the NAC appliance, the second is the NAC framework which requires certain switches, ACS, etc, but is more scalable. I suggest you contact Cisco and ask for a demo between the two and see which one fits the client better.

HTH and please rate.

Raymond Aragon
Level 1
Level 1

‎01-18-2007 09:04 PM

NAC appliance willl work with many authentication methods. NAC Framework requires ACS. Getting back to the NAC appliance.... You can use ACS/RADIUS/LDAP/etc.. to authenitcate the users.

THe Appliance will work with Patch Management (after authentication) to insure that tthe right apoplications and patch levels are met. We work with Altiris/BigFIX/Patch Link/SMS and more.

The great thing about NAC Appliace is that it works for all four major use cases:

1. VPN users

2. WIFI users

3. LAN/wired users

4. GUest/vistors

We can

1. authenticate

2. Posture assess (scan)

3. Quarantine/

4. Remediate

You don't want users to have to learn three different ways to connect to the netowrk.

802.1x is working for WIFI today and for LAN conections we use one user per port so they get the whole pipe. In the future we will support subdivision of a Access Switch port for multiple devices and users.

I hope this helps.

Kevin Xiong
Level 1
Level 1
In response to Raymond Aragon

‎01-22-2007 08:24 AM

Thanks rayarago for your answers.

I have a question on the 802.1x for Guest users:

if the customer doesn't want to do posture check for guests' machine, just want to enable 802.1x port authen for guest users VLAN with ACS, no NAC appliance here, what happen if they lost ACS WAN connectivity to the access switches located at branch offices? assume the ACS is the main office, guest users VLAN could be anywhere across the managed WAN cloud.

0 Helpful
Customers Also Viewed These Support Documents