https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642049#M736107 <P><SPAN style="font-family: courier new, courier;">Hello,</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">I have bought a Cisco NAC server and a Cisco NAC manager.&nbsp; I have it in the test lab at the moment but would like to roll it out to around 200 users eventually on the campus lan.&nbsp; I just want it to check a user is valid on active directory.&nbsp; Maybe the best way i can do this is by doing a discovery on the nac server for valid mac addresses.</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">Whats the best way to do this? I.e</SPAN></P><P></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">user logs into a port on the campus lan</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">active directory checks they are a valid user on the domain</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">they get their usual dhcp address after they are authenticated</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">if they are not a valid user on the domain they will not be authenticated</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">I am not worried about checking for anti-virus, pc builds etc for now</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">At the moment i have installed both the nac server and nac manager and can access them both via a Layer 3 switch.</SPAN></P><P></P><P>thanks</P><P>Kevin</P> Fri, 21 Feb 2020 12:15:24 GMT ohareka70 2020-02-21T12:15:24Z https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642049#M736107 <P><SPAN style="font-family: courier new, courier;">Hello,</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">I have bought a Cisco NAC server and a Cisco NAC manager.&nbsp; I have it in the test lab at the moment but would like to roll it out to around 200 users eventually on the campus lan.&nbsp; I just want it to check a user is valid on active directory.&nbsp; Maybe the best way i can do this is by doing a discovery on the nac server for valid mac addresses.</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">Whats the best way to do this? I.e</SPAN></P><P></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">user logs into a port on the campus lan</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">active directory checks they are a valid user on the domain</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">they get their usual dhcp address after they are authenticated</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">if they are not a valid user on the domain they will not be authenticated</SPAN></P><P class="MsoNormal" style="margin: 0cm 0cm 0pt;"><SPAN style="font-family: courier new, courier; color: #000000; font-size: 10pt; mso-ansi-language: EN;">I am not worried about checking for anti-virus, pc builds etc for now</SPAN></P><P></P><P><SPAN style="font-family: courier new, courier;">At the moment i have installed both the nac server and nac manager and can access them both via a Layer 3 switch.</SPAN></P><P></P><P>thanks</P><P>Kevin</P> Fri, 21 Feb 2020 12:15:24 GMT https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642049#M736107 ohareka70 2020-02-21T12:15:24Z https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642050#M736131 <HTML><HEAD></HEAD><BODY><P>Kevin,</P><P></P><P>Essentially you are asking for step-by-step guidance on how to do this. As I've just rolled out 1000 user NAC L2 VG OOB (which sounds like is what you want to do) and a 3000user NAC L3 RIP OOB as well as OOB wirless and Looking at IB VPN at the moment. My best advice would be to buy the follwoing book.</P><P></P><P>Cisco NAC Appliance "Enforcing Host Security with Clean Access" by James Heary for about $60. (available on Amazon)</P><P></P><P>This covers ALL deployment scenarios and was invaluable to me when I set the NAC up. What it does is put in the steps needed and is easier than flitting back and forth between the CAM manual and CAS manual.</P><P></P><P>Hope that helps</P></BODY></HTML> Fri, 18 Feb 2011 14:58:27 GMT https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642050#M736131 stevek 2011-02-18T14:58:27Z https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642051#M736150 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Thanks for the advice on this.&nbsp; I have got a copy of the book you recommended just today and it looks quite good.&nbsp; I have both the nac manager and server plugged into a layer 3 switch in the meantime just for test purposes.&nbsp; I have attahced a config of what i have put in so far.&nbsp; I can at least see the manager and the server on a webpage.&nbsp; But i'll start looking at the book now because it will need to roll it out over Layer 2 like you did.&nbsp; And if it goes well over the first 100 users we intend to roll it out to around 1500 users over the wan to replace port security.</P><P></P><P>regards,</P><P>Kevin</P></BODY></HTML> Mon, 21 Feb 2011 13:52:42 GMT https://community.cisco.com/t5/network-security/cisco-nac-basic-install/m-p/1642051#M736150 ohareka70 2011-02-21T13:52:42Z