Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
2
Replies

Cisco NAC basic install

Go to solution
ohareka70
Level 3
Level 3

‎02-17-2011 06:56 AM - edited ‎02-21-2020 04:15 AM

Hello,

I have bought a Cisco NAC server and a Cisco NAC manager.  I have it in the test lab at the moment but would like to roll it out to around 200 users eventually on the campus lan.  I just want it to check a user is valid on active directory.  Maybe the best way i can do this is by doing a discovery on the nac server for valid mac addresses.

Whats the best way to do this? I.e

user logs into a port on the campus lan

active directory checks they are a valid user on the domain

they get their usual dhcp address after they are authenticated

if they are not a valid user on the domain they will not be authenticated

I am not worried about checking for anti-virus, pc builds etc for now

At the moment i have installed both the nac server and nac manager and can access them both via a Layer 3 switch.

thanks

Kevin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stevek
Level 1
Level 1

‎02-18-2011 06:58 AM

Kevin,

Essentially you are asking for step-by-step guidance on how to do this. As I've just rolled out 1000 user NAC L2 VG OOB (which sounds like is what you want to do) and a 3000user NAC L3 RIP OOB as well as OOB wirless and Looking at IB VPN at the moment. My best advice would be to buy the follwoing book.

Cisco NAC Appliance "Enforcing Host Security with Clean Access" by James Heary for about $60. (available on Amazon)

This covers ALL deployment scenarios and was invaluable to me when I set the NAC up. What it does is put in the steps needed and is easier than flitting back and forth between the CAM manual and CAS manual.

Hope that helps

View solution in original post

0 Helpful
2 Replies 2

Go to solution
stevek
Level 1
Level 1

‎02-18-2011 06:58 AM

Kevin,

Essentially you are asking for step-by-step guidance on how to do this. As I've just rolled out 1000 user NAC L2 VG OOB (which sounds like is what you want to do) and a 3000user NAC L3 RIP OOB as well as OOB wirless and Looking at IB VPN at the moment. My best advice would be to buy the follwoing book.

Cisco NAC Appliance "Enforcing Host Security with Clean Access" by James Heary for about $60. (available on Amazon)

This covers ALL deployment scenarios and was invaluable to me when I set the NAC up. What it does is put in the steps needed and is easier than flitting back and forth between the CAM manual and CAS manual.

Hope that helps

0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to stevek

‎02-21-2011 05:52 AM

Steve,

Thanks for the advice on this.  I have got a copy of the book you recommended just today and it looks quite good.  I have both the nac manager and server plugged into a layer 3 switch in the meantime just for test purposes.  I have attahced a config of what i have put in so far.  I can at least see the manager and the server on a webpage.  But i'll start looking at the book now because it will need to roll it out over Layer 2 like you did.  And if it goes well over the first 100 users we intend to roll it out to around 1500 users over the wan to replace port security.

regards,

Kevin

81896-NAC_SW.txt.zip
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card