09-18-2021 08:23 PM
Hi two terms is same? Network Admission Control (NAC) vs Network Access Control (NAC)
Thanks
09-19-2021 03:47 AM
The first one is generally used with a now-end-of-sales Cisco product. Reference:
https://en.wikipedia.org/wiki/Network_Admission_Control
Network Access Control is the much more commonly used term these days and includes products such as Cisco Identity Services Engine (ISE). (Although Cisco would contend it is much more than that, one could argue that's a marketing distinction.)
09-19-2021 08:37 AM
Thank you for your reply. Can I say, NAC is not a specific device. Instead NAC is a combination of several kinds of device. ISE is one of its conponents? If we want to configure NAC, where to configure it?
09-19-2021 09:30 PM
Network Access Control is not a precisely defined term such as we would see from a standards body. Rather it is a loosely defined term that describes any set of methods that combine to control access to the network.
For instance, one could argue that the very basic port-security command is a form of network access control since we can use it to limit the devices that can connect to a given switch port.
Cisco ISE provides NAC in a much broader context, allowing us to incorporate context such as what device, which user, what location, what is the posture status of the device, time of day etc. all in the process of authorizing network access and also including fine-grained control over what type of access in the authorization result.
How to configure NAC in the case of ISE is the subject of numerous how-to guides and far to lengthy to describe here. You can have a look at the extensive prescriptive deployment guides posted elsewhere in the community. Start here:
https://community.cisco.com/t5/security-documents/tkb-p/4561-docs-security
and search for "descriptive deployment guide".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide