Table of Contents
Advertisement
Understanding NAC
NAC Overview
NAC is part of the Cisco Self-Defending Network Initiative that helps you identify, prevent, and adapt
to security threats in your network. Because of the increased threat and impact of worms and viruses to
networked businesses, NAC allows you to check and validate the antivirus status of endpoints or clients
before granting network access.
Catalyst 6500 series switches support NAC Layer 2 IP validation. NAC Layer 2 IP validation operates
on edge switches but has different methods for validation initiation, message exchange, and policy
enforcement from the NAC Layer 2 IEEE 802.1x. LAN Port IP does not require IEEE 802.1x support on
the host PCs. For a complete list of devices that support NAC, see the Release Notes for Network
Admission Control, Release 2.1, at this URL:
http://www.cisco.com/en/US/docs/security/nac/2.1/release_notes/NAC21RN.html
NAC provides posture validation for routed traffic on Catalyst 6500 series switches. Posture validation
reduces the exposure of a virus to the network. This feature allows network access based on the antivirus
credentials of the network device that is requesting network access. These credentials may be antivirus
software, a virus definitions file, or a particular virus scan engine version. Based on the antivirus
credentials of the host, the requesting device is allowed access to the network or is restricted from
network access.
If the client host fails the credential validation, then partial access to the network can be allowed by using
the remediation feature. The remediation process redirects HTTP traffic from the client host to a web
page URL that provides access to the latest antivirus files. The URL used by the remediation process
resolves to a remediation server address defined as a part of the network access policy. The remediation
server is where the latest antivirus files are located. These antivirus files can be downloaded or upgraded
from this location.
NAC Device Roles
The devices in the network have specific roles when you use NAC as shown in
Figure 41-1
Clients running
the Cisco Trust Agent
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
41-2
Posture Validation Devices
PC
Workstation
Server
software
Chapter 41
Configuring Network Admission Control
Cisco
Secure ACS
Switch
Network
Authentication
Access
Server (RADIUS)
Device
Figure
41-1.
OL-11439-03
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
