Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
10
Helpful
6
Replies

some questions about NAC

mylove142
Level 1
Level 1

‎03-01-2009 08:34 PM - edited ‎02-21-2020 03:19 AM

I want to deploy NAC in my company, I have some questions about NAC:

1. If I deploy 1 NAC server and 1 NAC manager with IN-BAND:

- When NAC server dies (NAC manager oprates), traffic is bypass or not? what things will happens?

- When NAC manager dies (NAC server operates), what things will happens? Traffic still connect normally ?

Please answer me early.

Thank you for your support.

Duy

0 Helpful
6 Replies 6

namnt2604
Level 1
Level 1

‎03-03-2009 01:20 AM

Hi Duy,

- When NAC server dies, traffic is not bypass, connections between clients with trusted side will be lost.

- When NAC manager dies, you can choose one of 3 cases:

+ traffic is "always bypassed"

+ traffic is "always blocked"

+ certified devices (authenticated user) can go, but not with others (I mean unauthenticated user will be blocked)

You can use this feature in Device Management > CCA Servers > Manage [CAS_IP] > Filter > Fallback.

Hope this help!

mylove142
Level 1
Level 1
In response to namnt2604

‎03-03-2009 01:23 AM

I think when NAC server dies, only new users can not authenticate, current users still can connect to Internet normally.

That is right?

0 Helpful

namnt2604
Level 1
Level 1
In response to mylove142

‎03-03-2009 01:30 AM

No, it's wrong. In IB model, when NAC server dies, sure that users can not connect to trusted side.

Just in OOB model, when NAC server dies, authenticated still can connect to trusted side.

I think you should check something like:

+ NAC server is IB or OOB

+ NAC server is Centre or Edge

+ VGW or Real IP GW

0 Helpful

mylove142
Level 1
Level 1
In response to namnt2604

‎03-03-2009 05:26 PM

ok, now I understand. I have one more question about NAC profile: when I deploy NAC that includes NAC profile more advantage than When I only deploy NAC (mean not include NAC profile)?

Thank you for your answer.

0 Helpful

Daniel Laden
Level 4
Level 4
In response to mylove142

‎03-03-2009 08:07 PM

it would be best to post this as a new question as you may get more input.

Some devices do not participate in Cisco NAC (IP Phones, printer) and have to be assigned to roles. The profile has two advantages.

1- In large orginations, it may be time consuming to implement and maintain the device filters. The profiler will populate this information for you based on what the NAC Server/Collector sees on the wire.

2-If someone tries to hijack the MAC address, the traffic pattern may reclassify the device and move it into a more appropiate role.

Thank You,

Dan Laden

mylove142
Level 1
Level 1
In response to Daniel Laden

‎03-03-2009 08:10 PM

Thank you very much.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card