By Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes

Cisco community Admission Control

Volume I: NAC Framework structure and Design


A advisor to endpoint compliance enforcement


Today, a number of protection demanding situations have an effect on all companies despite dimension and placement. businesses face ongoing demanding situations with the struggle opposed to malware similar to worms, viruses, and spy ware. Today’s cellular group connect quite a few units to the company community which are more durable to manage from a safety coverage standpoint. those host units are usually missing antivirus updates and working approach patches, hence exposing the whole community to an infection. accordingly, worms and viruses proceed to disrupt company, inflicting downtime and continuous patching. Noncompliant servers and pcs are some distance too universal and are tough to observe and include. finding and separating contaminated pcs is time eating and source intensive.


Network Admission regulate (NAC) makes use of the community infrastructure to implement safety coverage compliance on all units trying to entry community computing assets, thereby proscribing harm from rising defense threats. NAC permits community entry simply to compliant and relied on endpoint units (PCs, servers, and PDAs, for instance) and will limit the entry of or even remediate noncompliant devices.


Cisco community Admission Control, quantity I, describes the NAC structure and gives an in-depth technical description for every of the answer elements. This publication additionally presents layout guidance for implementing community admission guidelines and describes how one can deal with NAC agentless hosts. As a technical primer, this booklet introduces you to the NAC Framework resolution parts and addresses the structure at the back of NAC and the protocols that it follows so that you can achieve an entire knowing of its operation. pattern worksheets assist you assemble and manage standards for designing a NAC solution.


Denise Helfrich is a technical software revenues engineer that develops and helps worldwide on-line labs for the realm broad revenues strength improvement at Cisco®.


Lou Ronnau, CCIE® No. 1536, is a technical chief within the utilized Intelligence workforce of the client coverage safety perform at Cisco.


Jason Frazier is a technical chief within the expertise platforms Engineering workforce for Cisco.


Paul Forbes is a technical advertising and marketing engineer within the place of work of the CTO, in the protection expertise crew at Cisco. 


  • Understand how some of the NAC elements interact to shield your community
  • Learn how NAC operates and identifies the kinds of data the NAC answer makes use of to make its admission judgements
  • Examine how Cisco belief Agent and NAC-enabled purposes interoperate
  • Evaluate the method through which a coverage server determines and enforces a coverage
  • Understand how NAC works whilst carried out utilizing NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
  • Prepare, plan, layout, enforce, function, and optimize a community admission keep watch over solution


This protection booklet is a part of the Cisco Press® Networking expertise sequence. defense titles from Cisco Press support networking pros safe serious facts and assets, hinder and mitigate community assaults, and construct end-to-end self-defending networks.


Category: Cisco Press–Security

Covers: community Admission Control




Read Online or Download Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design PDF

Similar security & encryption books

Download e-book for iPad: ExamWise For Exam 1D0-460 CIW Internetworking Professional by Chad Bayer

A part of the ExamWise to CIW Certification sequence, this new Self aid and Interactive examination examine reduction is now on hand for candidate's getting ready to sit down the CIW 1D0-460 Internetworking specialist examination. The e-book covers the knowledge linked to all of the examination themes intimately and comprises info present in no different ebook.

Dominique Assing's Mobile Access Safety: Beyond BYOD PDF

Over contemporary years, the volume of cellular apparatus that should be attached to company networks remotely (smartphones, laptops, and so forth. ) has elevated swiftly. leading edge improvement views and new traits resembling BYOD (bring your individual gadget) are exposing enterprise details platforms greater than ever to numerous compromising threats.

Introduction to computer networks and cybersecurity - download pdf or read online

"Draft advent to desktop Networking and Cybersecurity To the coed it really is tough to overstate the significance of laptop networks and community protection in cutting-edge global. they've got turn into such an essential component of our lifestyles that just a moment's mirrored image is needed to delineate the various ways that they effect basically each point of our lives.

Official (ISC)2® Guide to the CAP® CBK®, Second Edition by Patrick D. Howard PDF

"Providing an outline of certification and accreditation, the second one version of this formally sanctioned consultant demonstrates the practicality and effectiveness of C & A as a danger administration method for IT platforms in private and non-private organisations. It allows readers to record the prestige in their defense controls and how you can safe IT structures through average, repeatable approaches.

Extra info for Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design

Example text

Figure 1-4 NAC Software Compliance Enforcement Process A simple NAC example is shown in Figure 1-4 that uses only the required NAC components. This NAC process involves enforcing a software compliance policy and has the following seven major steps: 1 A NAC-enabled host attempts network access. The NAD initiates posture validation with Cisco Trust Agent. Note What triggers the process depends on the NAD, its capabilities, and its configuration. Chapter 2, "Understanding NAC Framework," describes the different processes based on the trigger mechanism and NAD used for network access.

Another challenge is to provide the latest security updates and patches quickly to all host computers on a network. And even when these are distributed, there is no guarantee that users install the new software immediately (or at all). To provide a secure network, you need to enforce compliance uniformly among all hosts. When updates are provided, you can't assume that all users load the new software immediately or within a short period of time. As a result, malware continues to disrupt business, causing downtime and continual patching.

NAC Framework Deployment Scenarios By now, you should realize that NAC Framework is extremely flexible, providing enforcement to a connected endpoint regardless of the network access method being used. As shown in Figure 1-5, NAC operates across all access methods, including campus switching, wireless, router WAN and LAN links, IPsec connections, and remote-access links. Figure 1-5 NAC Deployment Scenarios The first NAC deployment rule is to use a NAC-enabled NAD closest to the hosts for checking compliance.

Download PDF sample

Rated 4.73 of 5 – based on 26 votes