The Cisco Network Admission Control (NAC) Appliance (also known as Cisco Clean Access) is a
powerful, easy-to-use admission control and compliance enforcement solution. With comprehensive
security features, in-band or out-of-band deployment options, user authentication tools, and bandwidth
and traffic filtering controls, Cisco NAC Appliance is a complete solution for controlling and securing
networks. As the central access management point for your network, Cisco NAC Appliance lets you
implement security, access, and compliance policies in one place instead of having to propagate the
policies throughout the network on many devices.

The security features in Cisco NAC Appliance include user authentication, policy-based traffic filtering,
and Clean Access vulnerability assessment and remediation (also referred to as posture assessment).
Clean Access stops viruses and worms at the edge of the network. With remote or local system checking,
Clean Access lets you block user devices from accessing your network unless they meet the requirements
you establish.

Cisco NAC Appliance is a network-centric integrated solution administered from the web console of the
Clean Access Manager (CAM) administration server and enforced through the Clean Access Server
(CAS) and (optionally) the Clean Access Agent. You can deploy the Cisco NAC Appliance in the
configuration that best meets the needs of your network. The Clean Access Server can be deployed as
the first-hop gateway for your edge devices providing simple routing functionality, advanced DHCP
services, and other services. Alternatively, if elements in your network already provide these services,
the CAS can work alongside those elements without requiring changes to your existing network by being
deployed as a “bump-in-the-wire.”

Other key features of Cisco NAC Appliance include: