Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
5
Helpful
4
Replies

NAC and firewall in wireless

Go to solution
Leftz
Level 4
Level 4

‎08-18-2021 08:03 AM

Hi, Network access control, NAC, is solutions to support network visibility and access management through policy enforcement on devices and users of corporate networks.

I can get some of info of NAC as below. Firewall can also do that. what is difference between NAC and general firewall? Thanks

 

 

NAC for guests/contractors
Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees.

NAC for BYOD
The exponential growth in mobile devices has liberated the workforce from their desks and given employees freedom to work remotely from their mobile devices. NAC for BYOD ensures compliance for all employee owned devices before accessing the network.

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Leftz

‎08-19-2021 11:47 AM

NAC will authenticate the Wireless client against an identity source (AD, LDAP etc.) before given access to the network, you can research on DOT1X, EAP-TLS,EAP-PEAP,EAP-TEAP etc. Also NAC can scan your PC to check for certain parameters like updates, AV, certificates before given access to the network and if you do the right integrations you can even have scenarios such as if a virus,cnc or malware found on ur pc to take your wireless client to a quarantine VLAN or deny access to the network (research on COA). Most importantly correctly configured Wireless and NAC will make sure that your wireless traffic is less vulnerable for snooping. Also you can have the NAC dynamically assign VLAN's based on the posturing state, User group or Identity source (research on dynamic vlan assignment using radius)

https://medium.com/tech-jobs-academy/radius-server-access-control-12e6c9381183

 

 

Most of the above listed cannot be done by Firewall alone.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-18-2021 11:02 AM

To simply say Firewall can see only traffic passing through it or hitting one of it's interfaces, it cannot control what device is physically connected to the network and given access to the Internal resources. NAC will make sure that the user is authenticated and Authorized as per the defined policies before access is granted to the network at Access Layer. Same theory applies to NAC in Wireless as well.

 

Summary - Firewall is for perimeter and NAC is for you can say Access Layer.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
Leftz
Level 4
Level 4
In response to Arshad Safrulla

‎08-18-2021 12:48 PM

Thank you very much for your reply. Can you give an example to simply explain how NAC work in wireless? 

0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Leftz

‎08-19-2021 11:47 AM

NAC will authenticate the Wireless client against an identity source (AD, LDAP etc.) before given access to the network, you can research on DOT1X, EAP-TLS,EAP-PEAP,EAP-TEAP etc. Also NAC can scan your PC to check for certain parameters like updates, AV, certificates before given access to the network and if you do the right integrations you can even have scenarios such as if a virus,cnc or malware found on ur pc to take your wireless client to a quarantine VLAN or deny access to the network (research on COA). Most importantly correctly configured Wireless and NAC will make sure that your wireless traffic is less vulnerable for snooping. Also you can have the NAC dynamically assign VLAN's based on the posturing state, User group or Identity source (research on dynamic vlan assignment using radius)

https://medium.com/tech-jobs-academy/radius-server-access-control-12e6c9381183

 

 

Most of the above listed cannot be done by Firewall alone.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
Leftz
Level 4
Level 4
In response to Arshad Safrulla

‎08-20-2021 01:29 PM

Thank you very much!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card