Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
2
Replies

Top things to consider when implementing a NAC solution?

carl_townshend
Spotlight
Spotlight

‎11-27-2018 01:30 AM - edited ‎03-11-2019 01:52 AM

Hi All

I am looking for some pointers and business drivers for implementing a NAC solution.

What were most people trying to achieve when looking at NAC solutions?

What process do people normally take during implementation, i.e monitor for a month or so then switch on features?

just some basic guidelines would be useful

Many thanks

Carl

 

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎11-27-2018 02:28 AM

Oh that's a great question and you will hopefully get some interesting responses.

My 2c worth

I deal mostly with wireless customers, and they want to achieve some pretty basic requirements - it's very often either

1) Get rid of PSK SSID's and replace them all with a single SSID (802.1X) - and EAP-PEAP to start with - the benefit is reduction in SSID's and better visibility because of the auth logs to see who logged in and the ability to block people based on their AD account status and AD Security Grouping

2) Get rid of EAP-PEAP (because it's being abused for BYOD purposes and gotten out of control!) with EAP-TLS for the ultimate security.  It's the ultimate goal of many of my customers.

 

I don't have wired customers (yet) but from what I hear they want to implement 802.1X on all of their visible patch points to prevent rogue devices being attached (whether it be PC's or AP's).  Even AP's now support 802.1X and that makes life somewhat simpler.

 

Visibility is the other point.  I have a customer who has 1300 NPS servers and there is no consolidated Log dashboard.  They are migrating it all to a central ISE deployment - the end result is one reporting dashboard! 

 

I have yet to come across any customers who want PxGrid, TrustSec, Threat Centric NAC, Posturing or BYOD.  Those seem much harder to sell these days.  I think the low hanging fruit is 802.1X everywhere and now iPSK is a killer app for the IOT devices.  And Profiling is becoming more prevalent for me in cases where customers have so many unknown devices but they just want to magically assign them to various VLANs without too much fuss.

0 Helpful

Nidhi
Cisco Employee
Cisco Employee

‎11-27-2018 02:47 AM

Few basic questions to ASK - 

- what are the use cases relevant for the customer. 

- how many concurrent sessions does the customer has.

- what kind of network devices are in the network. 

- what services are being used. 

 

The best place to start with would be to refer the Wired deployment guide - https://communities.cisco.com/docs/DOC-78429

 

Thanks,

Nidhi

0 Helpful
Customers Also Viewed These Support Documents