Cisco NAC Collector Failover License for Cisco NAC 3350 Appliances NAC3350-CLT-FB-K9= 用户手册
产品代码
NAC3350-CLT-FB-K9=
Product Bulletin
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
Cisco NAC Profiler Ordering Guide
PB427643
Overview
This document describes the ordering guidelines for the Cisco
®
NAC Profiler and Collector
products.
The Cisco NAC Profiler enhances the deployment and administration of Cisco NAC by maintaining
a real-time list of all network-attached endpoints, such as IP phones and networked printers. This
dynamic list can be used in several ways:
●
Populating the Cisco NAC Appliance Manager (Cisco Clean Access Manager) filter list to
provision connectivity for all non-PC endpoints, such as printers, IP phones, uninterruptible
power supplies, and wireless access points
●
Providing behavior monitoring to defend against post-admission MAC address spoofing and
compromised devices that are not running the Cisco NAC Appliance Agent (Cisco Clean
Access Agent)
●
Enabling incremental deployment of Cisco NAC Appliances across the enterprise by device
type or network segment
●
Providing a set of tools that allows the real-time and historical tracking of endpoint location,
identity, behavior, and addressing
Additionally, Cisco NAC Profiler can be deployed as an independent solution to provide wired
802.1x customers a means of generating a trusted device list for MAC Authentication Bypass. In
many environments the need for administrators to understand what is connected into the network
edge is a compelling enough reason for Profiler deployment.
Cisco NAC Profiler Components
Cisco NAC Profiler contains two components: The Profiler Server and the Collector modules
(referred to as Collector).
The Cisco NAC Profiler provides the interface to create profiling rule sets. Profiler manages,
receives and correlates information from Collector modules then provides external applications
access to the profiled device list.
The Cisco NAC Collector modules collect information about clientless devices and relay that
information to the Profiler Server. There are two deployment choices for NAC Collector modules.
The Collector modules can be installed on a NAC Server (to augment existing posture/remediation
service) or as a standalone NAC Collector (no posture/remediation).
As each Cisco NAC Collector gathers information from associated endpoints, it aggregates this
data into an Extensible Markup Language (XML) format and sends it over an encrypted connection
to the Profiler Server for entry into the endpoint-profiling database. Here, the data from all the
Collector modules is combined and represented as a comprehensive list of information. This
comprehensive list can be viewed within Cisco NAC Profiler or in deployments with full Cisco NAC