Network Analysis Module 3 (Nam-3) - Cisco Catalyst 6500-E Series Manual

Figure 3. Virtual Firewall Contexts to Support a BYOD Infrastructure
As Figure 3 demonstrates, the ASA-SM working in a virtualized mode works in conjunction with other network
elements to provide isolated domains for trusted and untrusted devices and users. If you have ever been to a
Cisco office and requested access to the wireless network, this is how it is done. The wireless infrastructure
presents different Service Set Identifiers (SSIDs) based upon user type. After the user is associated and
authenticated, that user is placed into a virtual LAN (VLAN) for that user alone, with Virtual Route Forwarding
(VRF)and firewall context to maintain isolation between the two groups.
With the addition of the identity services engine (ISE), this can now be done at the device level using Device
Sensor so that even company employees would be put into separate security domains depending on the type of
device they are using (personal owned compared to corporate issued). The scalability of the ASA-SM's virtual
context feature allows an organization to be very flexible in how to secure its network given the proliferation of
devices in the enterprise campus environment.

Network Analysis Module 3 (NAM-3)

One of the biggest challenges of BYOD in a unified access campus architecture is network analysis and
monitoring. An organization has to monitor both its traditional traffic and corporate-owned infrastructure as well as
employee-owned devices that are allowed onto the network. Network administrators need multifaceted visibility
into the network and applications to help ensure consistent delivery of service to end users. Understanding who is
using the network, knowing what applications are running on the network, assessing how the applications are
performing, and characterizing how traffic is being used are the foundation for managing and improving the
delivery of business-critical applications.
Integrated with the Cisco Catalyst 6500-E with Supervisor Engine 2T, the Network Analysis Module 3 (NAM-3)
helps enable high-performance traffic monitoring, deep packet captures, and accurate performance analytics at 10
Gbps+ traffic speeds. The NAM-3 can collect information from across the unified access campus architecture
using Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated RSPAN (ERSPAN); can act as a
™
NetFlow collector for local or remote devices; and can integrate with the Cisco Prime infrastructure, which offers
integrated network and application visibility, as shown in Figure 4.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 28