Cisco Cisco NAC Appliance 4.8.3 White Paper
Cisco NAC Layer 3 OOB with ACLs
Document ID: 112168
Contents
Introduction
Solution Overview
Solution Description
Solution Architecture
Access Layer
Distribution Layer
Core Layer
Data Center Services Layer
Solution Components
Cisco NAC Manager
Cisco NAC Server
Cisco NAC Agent
Solution Overview
Solution Description
Solution Architecture
Access Layer
Distribution Layer
Core Layer
Data Center Services Layer
Solution Components
Cisco NAC Manager
Cisco NAC Server
Cisco NAC Agent
Out−of−Band (OOB) Mode
Design Considerations
End−point Classification
Endpoint Roles
Role Isolation
Traffic Flow
Cisco NAC Server Mode
Scalability
Discovery Host
User Experience (with Cisco NAC Agent)
User Experience (without Cisco NAC Agent)
Cisco NAC Process Flows
Cisco NAC Solution Implementation
Role Isolation
Access List Technique
Endpoint to Cisco NAC Server Communication
NAC Layer 3 OOB ACL Configuration Example
Verify VLAN Assignment
NAC Layer 3 OOB ACL Solution for Wireless
Appendix
High Availability
Active Directory SingleSignOn (Active Directory SSO)
Windows Domain Environment Considerations
Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Related Information
Design Considerations
End−point Classification
Endpoint Roles
Role Isolation
Traffic Flow
Cisco NAC Server Mode
Scalability
Discovery Host
User Experience (with Cisco NAC Agent)
User Experience (without Cisco NAC Agent)
Cisco NAC Process Flows
Cisco NAC Solution Implementation
Role Isolation
Access List Technique
Endpoint to Cisco NAC Server Communication
NAC Layer 3 OOB ACL Configuration Example
Verify VLAN Assignment
NAC Layer 3 OOB ACL Solution for Wireless
Appendix
High Availability
Active Directory SingleSignOn (Active Directory SSO)
Windows Domain Environment Considerations
Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Related Information
Introduction
Cisco Network Admission Control (NAC) enforces an organization's network security policies on all devices
seeking network access. Cisco NAC allows only compliant and trusted endpoint devices, such as PCs, servers,
and PDAs, onto the network. Access is restricted for non−compliant devices, which limits the potential
damage from emerging security threats and risks. Cisco NAC gives organizations a powerful, roles−based
method to preventing unauthorized access and improve network resiliency.
seeking network access. Cisco NAC allows only compliant and trusted endpoint devices, such as PCs, servers,
and PDAs, onto the network. Access is restricted for non−compliant devices, which limits the potential
damage from emerging security threats and risks. Cisco NAC gives organizations a powerful, roles−based
method to preventing unauthorized access and improve network resiliency.