Cisco Cisco NAC Appliance 4.8.0 Technical Manual
NetWatch (SPAN)NetWatch module can listen on a SPAN port of a switch and send the ingested traffic
information back to the Profiler. A NAC Server requires an additional interface on each NAC SERVER to
collect data. This is essential because Profiler is based primarily on DHCP information passed by devices and
some other application traffic matching.
information back to the Profiler. A NAC Server requires an additional interface on each NAC SERVER to
collect data. This is essential because Profiler is based primarily on DHCP information passed by devices and
some other application traffic matching.
Optional Collector Modules
You can use SPAN or Netflow. It is up to the deployment and customer requirements but one is only
recommended on a NAC Server due to the amount of traffic that is sent to the Collector Modules and the other
NAC functionalities that the NAC Server has to perform. You also lose more vital informational pieces about
devices with Netflow like DHCP vendor information, URL destinations, Web client info, Web server info and
so forth.
recommended on a NAC Server due to the amount of traffic that is sent to the Collector Modules and the other
NAC functionalities that the NAC Server has to perform. You also lose more vital informational pieces about
devices with Netflow like DHCP vendor information, URL destinations, Web client info, Web server info and
so forth.
NetRelay(Netflow) is configured on each router on a per interface basis and the destination is the
management IP address of the NAC SERVER. A Netflow agent sits on the NAC SERVER and parses the
Netflow information based on your traffic rules and networks configured on the Profiler.
management IP address of the NAC SERVER. A Netflow agent sits on the NAC SERVER and parses the
Netflow information based on your traffic rules and networks configured on the Profiler.
NetInquiryThis is a passive and active mechanism based on your things like TCP Open ports. For example
the NAC SERVER does a SYN/ACK and then drops the connection in order to poll a particular subnet range
or ranges for open TCP ports. If there is a response, it sends the information to the Profiler with the IP address
and TCP port polled.
the NAC SERVER does a SYN/ACK and then drops the connection in order to poll a particular subnet range
or ranges for open TCP ports. If there is a response, it sends the information to the Profiler with the IP address
and TCP port polled.
Note: For NetInquiry, only add specific subnets or hosts that can not be reached or seen with Netflow or
NetWatch. NetInquiry can overload your NAC Server with extra processing and hardware resources like
memory and CPU utilization if not configured properly. Use this feature as a last resort.
NetWatch. NetInquiry can overload your NAC Server with extra processing and hardware resources like
memory and CPU utilization if not configured properly. Use this feature as a last resort.
Note: If you have a stand−alone Collector you can enable both Netflow and SPAN on the same device but
make sure not to oversubscribe the Collector.
make sure not to oversubscribe the Collector.
Figure 1