topic NAC quick question in Network Security

NAC quick question

Daniela Herrera — Fri, 21 Feb 2020 11:27:20 GMT

Hi, just trying to confirm the behavior of a NAC solution without High Availability.

I belive that if there's no High availability configured:

1. IF the CAM fails (CAS and CAM are no longer able to communicate) all new connections will be denied, but users already certified will be allowed into the network.

2. If the CAS fails in In-band mode: All user traffic will be dropped as well as new connections

3. If the CAS fails in out-of-band mode: new connections will not be possible, but certified users will still have access.

Can someone tell me if this is correct?

Thanks and regards,

Re: NAC quick question

pcomeaux — Fri, 15 May 2009 14:08:13 GMT

Hi there -

Let me see if I can help you:

1 - In general, yes.

2 - Yes - the CAS in-band is a network device that all traffic flows through.

3 - Yes - in Out-of-band mode, the CAM and CAS change the vlans as users enter/leave the network. If the CAM/CAS is unavailable, no vlan changes can occur. So ports remain on the vlan they are currently on.

Please let me know if you have follow up questions.

peter

Re: NAC quick question

halim.abouzeid — Fri, 22 May 2009 08:32:46 GMT

1- this depends on your fallback configuration. You have 3 modes:

*Ignore: already trusted users still have access to the network, new users are blocked. (this is the default behavior, if you don't change this setting, new users will be blocked)

*Allow All: already trusted users and new users are all allowed to access the network

*Block All: All users (trusted and non-trusted) are blocked (i believe this applies only in inband mode, in out of band it should behave like the ignore mode)

To change this setting go to Device Management --> CCA Servers --> Manage --> Filter --> Fallback