09-24-2017 06:58 AM - edited 02-21-2020 10:34 AM
Hi All,
I am confused about NAC and 802.1x. What NAC is doing, what dot1x is doing. How they are related to each other. Totally confuded. Please shed some light
09-24-2017 08:31 AM
NAC or Network Access Control is a general term describing the concept of using technical means to control network access for wired, wireless and VPN network devices and clients.
802.1x is a specific technology used to implement the communications between a supplicant (software on the endpoint OS) and the network access device (NAD - switch or WLC/AP). It works in conjunction with RADIUS (between the NAD and the back end RADIUS server - e.g. ISE or ACS in Cisco products) to accomplish some of the tasks necessary for a full-fledged NAC solution.
09-24-2017 10:04 AM
+5 Marvin.
I was having the same confusion when I started and managed to reorder things as follow:
NAC is the umberalla made of multiple components to provide authenticated access to the network. This access can be over wired, wireless or VPN connection.
The NAC umberalla is composed of:
In each access request to the network, there are 3 communications involved:
- Communication between supplicant and authenticator (this is using dot1x protocol)
- Communication between authenticator and authentication server (this is using radius protocol)
- Communication between authetication server and identity store (the can be LDAP, Novell, ADLDS, local inside the authentication server)
09-25-2017 06:06 AM
Thanks for your rply.
Need more clarification.
So AD is actual thing that is containing the user database. Is there any possibility we can connect Authenticator directly with AD and wht is role of Authentication server (as it is just passing the info between AD and Authenticator)
Also, if you have any info/docs/knowldg about Aruba NAC solutions pls share as we are using it in our infra.
Do Aruba has different servers that authenticate users which eliminate the need of any backend database like AD.
09-25-2017 06:11 AM - edited 09-25-2017 06:12 AM
A Cisco NAD (switch, AP or remote access VPN device) can talk to an Authentication server using either RADIUS or TACACS. If your AD server has the NPS role then it can also be the RADIUS server.
If you want to know more about Aruba then you are best asking at airheads (their community) - not the Cisco community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide