cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2617
Views
6
Helpful
4
Replies

NAC and DOT1X

gauravpundir231
Level 1
Level 1

Hi All,

 

I am confused about NAC and 802.1x. What NAC is doing, what dot1x is doing. How they are related to each other. Totally confuded. Please shed some light

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

NAC or Network Access Control is a general term describing the concept of using technical means to control network access for wired, wireless and VPN network devices and clients.

 

802.1x is a specific technology used to implement the communications between a supplicant (software on the endpoint OS) and the network access device (NAD - switch or WLC/AP). It works in conjunction with RADIUS (between the NAD and the back end RADIUS server - e.g. ISE or ACS in Cisco products) to accomplish some of the tasks necessary for a full-fledged NAC solution.

 

https://en.wikipedia.org/wiki/IEEE_802.1X

+5 Marvin.

 

I was having the same confusion when I started and managed to reorder things as follow:

 

NAC is the umberalla made of multiple components to provide authenticated access to the network. This access can be over wired, wireless or VPN connection.

 

The NAC umberalla is composed of:

 

  • Supplicant - This is the actual client connecting to the network (windows, MACOSX, AnyConnect)
  • Authenticator - This is the network device (NAD)
  • Authentication Server - ISE Server, Microsoft NPM, Cisco ACS, etc
  • Identity Store - AD, RSA Token Server

 

In each access request to the network, there are 3 communications involved:

 

- Communication between supplicant and authenticator (this is using dot1x protocol)

- Communication between authenticator and authentication server (this is using radius protocol)

- Communication between authetication server and identity store (the can be LDAP, Novell, ADLDS, local inside the authentication server)

Thanks for your rply.

Need more clarification.

So AD is actual thing that is containing the user database. Is there any possibility we can connect Authenticator directly with AD and wht is role of Authentication server (as it is just passing the info between AD and Authenticator) 

 

Also, if you have any info/docs/knowldg about Aruba NAC solutions pls share as we are using it in our infra.

Do Aruba has different servers that authenticate users which eliminate the need of any backend database like AD.

 

A Cisco NAD (switch, AP or remote access VPN device) can talk to an Authentication server using either RADIUS or TACACS. If your AD server has the NPS role then it can also be the RADIUS server.

 

If you want to know more about Aruba then you are best asking at airheads (their community) - not the Cisco community.