cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1465
Views
0
Helpful
4
Replies

NAC appliance purchase question

kmigmar805
Level 1
Level 1

Dear Experts,

This summer we have purchased a Cisco NAC3315-500-K9 Appliance Server - NAC3315-500-K9.

And we are about to start its deployment. But to our surprise, we have learned that in order to manage the NAC there is a separate hardware server and license for NAC Manager is required.

Unfortunately, we bought the NAC appliance with (rather hasty) assumption that management (CAM) and the access server (CAS) are integrated in one box. But, after checking a configuration guide it tells that the either one of CAM or CAS can be installed on the appliance. 

So is there any way to integrate the both on one machine? Or do we absolutely have to purchase that CAM server which would cost another fortune?

Or alternatively, can the CAM be installed as virtual machine?

Looking forward for your reply,

Thank you very much!

2 Accepted Solutions

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

You can not run the CAM and CAS on a single piece of hardware (when you install the software you have to pick Manager or Server before proceeding to the install scripts), you have to run them on seperate appliances. However you can get a trade in for ISE (licenses) which is the latest product that can take advantage of all the features of NAC in a single appliance. However based on your network (amount of endpoints) this can easily require more hardware.

ISE will run on the appliances you purchased, you will have to reach out to your cisco account rep or your cisco partner in order to have them with the discount and get you up to speed on ISE (by providing demo or Proof of concept).

I have supported NAC and ISE and your best approach is not to move forward with the NAC product now that ISE is out, its a much better design in the way it integrates with your network, it also uses not only the manager and server, but it includes profiling, and guest management services, which are all seperate products within the NAC line.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

You will have to purchase the appropriate licenses for endpoints and features, have the proper access switches and wireless deployment to support the latest identity features.

If you have wlc that can run 7.2 code and switches that can support 12.2(55)se and up or 12.2(33)sxj then that will cover you.

The 3315 will support up to 2000 concurrent endpoints:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_ovr.html#wp1103032

Please go to www.cisco.com/go/ise and check the release notes for network device compatibility for you current infrastructure.

Thanks,

Sent from Cisco Technical Support iPad App

View solution in original post

4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

You can not run the CAM and CAS on a single piece of hardware (when you install the software you have to pick Manager or Server before proceeding to the install scripts), you have to run them on seperate appliances. However you can get a trade in for ISE (licenses) which is the latest product that can take advantage of all the features of NAC in a single appliance. However based on your network (amount of endpoints) this can easily require more hardware.

ISE will run on the appliances you purchased, you will have to reach out to your cisco account rep or your cisco partner in order to have them with the discount and get you up to speed on ISE (by providing demo or Proof of concept).

I have supported NAC and ISE and your best approach is not to move forward with the NAC product now that ISE is out, its a much better design in the way it integrates with your network, it also uses not only the manager and server, but it includes profiling, and guest management services, which are all seperate products within the NAC line.

Thanks,

Tarik Admani
*Please rate helpful posts*

Hello Mr. Admani,

Thank you so much for the super fast response! Really appreciate it!

We have about 250+ computers and 150 iPADs at this point. Over the next two year course probably the number of computers will increase to 300 + and tablets to 200 +.

Would one ISE installed on NAC3315 be able to handle this number of endpoints (500+)?

And also no extra hardware needs to be purchased so that ISE can run one single hardware server with the all above mentioned modules (manager, server, guest access etc) integrated?

Thank you very much!

You will have to purchase the appropriate licenses for endpoints and features, have the proper access switches and wireless deployment to support the latest identity features.

If you have wlc that can run 7.2 code and switches that can support 12.2(55)se and up or 12.2(33)sxj then that will cover you.

The 3315 will support up to 2000 concurrent endpoints:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_ovr.html#wp1103032

Please go to www.cisco.com/go/ise and check the release notes for network device compatibility for you current infrastructure.

Thanks,

Sent from Cisco Technical Support iPad App

BIG THANKS!

You've helped us a LOT!