Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC-CAS vs. NAC-NM

Hi,

I have central site with 50 users, without branches. Can I deploy just NAC-NM instead of CAS and if I use NAC-NM in 2811 ISR is there any bandwidth limitation when it is compared to CAS solution? In general, what is throughput for CAS (3310) and what for NAC-NM ???

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: NAC-CAS vs. NAC-NM

Yes, the NM will work in inline mode, but as with all CAS's it can support only one mode (inline or OOB) at a time.

We're desigining our inline CAS-NM solution now in our lab, and I had similar concerns regarding throughput. I opened a TAC case and was assured that the NM CAS can do full gig throughput. Our testing showed that our router platform (an ISR 2821) can only do about 20mbps, though, even with all features turned off.

8 REPLIES
New Member

Re: NAC-CAS vs. NAC-NM

The 3310 can handle up to ~ 1 Gig in in-band deployment. OOB is handled as a licensing restriction same as the NAC-NM

The NAC-NM is licensed per user but it does OOB... It's based on simultaneous users...

All NAC products are licensed by this feature so that same licensing is required for a CAS as well.

-HTH

New Member

Re: NAC-CAS vs. NAC-NM

It's clear that number of users with NAC-NM is limited by the licence, 50 or 100 users. But is there any impact on traffic congestion when I put module in ISR? Does it affect availability of my servers for example?

New Member

Re: NAC-CAS vs. NAC-NM

By servers are you talking about servers at the local side? Normally that would not be an issue as once end stations are authenticated, the NAC is not in the way anymore. Same would apply to servers over the WAN.

New Member

Re: NAC-CAS vs. NAC-NM

I'm talking about servers at the local side, ok they aren't affected after authentication. But what's the exact throughput of NAC-NM in ISR 2811 in in-band deployment, including throughput of the router itself ???

New Member

Re: NAC-CAS vs. NAC-NM

I don't think I can answer that because I don't see anything out there that says "throughput is this".. It's all about simultaneous users. I did find something that referencecs the fact that the module does connect over HIMI feature which is a gig connection to the router from the service module.

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps8788/prod_qas0900aecd806bfe39_ps6128_Products_Q_and_A_Item.html

You can check this article on 2811 performance..

http://www.smbdesignweb.co.uk/bbt/download/CiscoISR_2811_v1.pdf

HTH

-C

New Member

Re: NAC-CAS vs. NAC-NM

If ISR works as a bridge, will NAC-NM work in in-band deployment?

Bronze

Re: NAC-CAS vs. NAC-NM

Yes, the NM will work in inline mode, but as with all CAS's it can support only one mode (inline or OOB) at a time.

We're desigining our inline CAS-NM solution now in our lab, and I had similar concerns regarding throughput. I opened a TAC case and was assured that the NM CAS can do full gig throughput. Our testing showed that our router platform (an ISR 2821) can only do about 20mbps, though, even with all features turned off.

New Member

Re: NAC-CAS vs. NAC-NM

Thanks

175
Views
0
Helpful
8
Replies
CreatePlease login to create content