Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
3
Replies

NAC Question

jackrivituso
Level 1
Level 1

‎05-07-2008 06:26 AM - edited ‎02-21-2020 02:00 AM

We are currently looking into the features of a NAC appliance. From the reading I have done thus far, it seems like an edge architecture is the best architecture to go with. That being said, my question is this:

How many NAC appliances would I need to have for my entire LAN? I suspect the answer is only one, but I am unsure at this point. Thanks

0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎05-07-2008 08:53 AM

Good question, I began into looking at NAC myself, you can deploy NAC in your edge network or core network perimeters, what it comes down to is what devices throughout your network will be enforcement points, such as wireless, vpn devices, switches , routers , firewalls etc.. to my understanding you need one NAC applience along with its required componets ACS etc.. but I am quite positive a redundant NAC solution can be deployed as well.

Here are some good links, NAC is a monster so bear with me as I am like you looking into this product.

NAC Deployment guide

http://www.cisco.com/en/US/solutions/ns340/ns394/ns171/ns466/ns617/net_design_guidance0900aecd80417226.pdf

Architecture overview

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns466/ns617/net_implementation_white_paper0900aecd80217e26.pdf

You may find some good info on ASK the EXPERTS on NAC.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Expert%20Archive&topic=Security&topicID=.ee7f99a&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe35c8

HTH

-Jorge

Jorge Rodriguez
0 Helpful

jesrobbie
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-08-2008 12:49 AM

The real answer is "it depends".

The number of appliances, and here I'm referring to the servers that will enforce your policies or CAS's as they're known, is driven largely by the access method of your users (wireless, vpn, remote site etc), as well as your current infrastructure. VPN and wireless access for example requires an appliance to be inline whereas regular LAN access users (often lots of them) would usually be addressed by an out of band appliance. Both of these may be deployed centrally.

What I'm getting at here is that you may have some in band appliances AND some out of band appliances - it's all dependent upon YOUR particular infrastructure. I would add that with an edge deployment you would likely require many more CAS's than with a central deployment, but that may just work fine in your infrastructure.

0 Helpful

gojericho0
Level 1
Level 1

‎05-07-2008 08:53 AM

You will probably only need 1 CAS for each LAN or 2 if you want HA. How many remote sites do you have. You can also have the CAM and CAS centrally located and use route-maps to direct the traffic back to the core office

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card