Nac Device Roles - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 45
Configuring Network Admission Control
NAC Device Roles
The devices in the network have specific roles when you use NAC as shown in
Figure 45-1 Posture Validation Devices
Clients running
the Cisco Trust Agent
The following devices that support NAC on the network perform these roles:
•
•
•
OL-4266-08
PC
Workstation
Server
software
Endpoint system or client—This is a device (host) on the network such as a PC, workstation, or
server that is connected to a switch access port through a direct connection, an IP phone, or a
wireless access point. The host, which is running the Cisco Trust Agent software, requests access to
the LAN and switch services and responds to requests from the switch. This endpoint system is a
potential source of virus infections, and its antivirus status needs to be validated before the host is
granted network access.
The Cisco Trust Agent software is also referred to as the posture agent or the antivirus client.
Switch (edge switches)—This is the network access device that provides validation services and
policy enforcement at the network edge and controls the physical access to the network based on the
access policy of the client. The switch relays Extensible Authentication Protocol (EAP) messages
between the endpoints and the authentication server.
For Cisco 7600 series routers, the encapsulation information in the EAP messages can be based on
the User Datagram Protocol (UDP). When using UDP, the switch uses EAP over UDP (EAPoUDP)
frames, which are also referred to as EoU frames.
Authentication server—This device performs the actual validation of the client. The authentication
server validates the antivirus status of the client, determines the access policy, and notifies the switch
whether the client is authorized to access the LAN and switch services. Because the switch acts as
the proxy, the EAP message exchange between the switch and authentication server is transparent
to the switch.
In this release, the switch supports the Cisco Secure Access Control Server (ACS) Version 4.0 or
later with RADIUS, authentication, authorization, and accounting (AAA), and EAP extensions.
The authentication server is also referred to as the posture server.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Cisco
Secure ACS
Switch
Network
Authentication
Access
Server (RADIUS)
Device
Understanding NAC
Figure
45-1.
45-3
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
