7.1. Deployment Scenarios and Topologies
There are important differences between why a company would want to deploy Cisco's Framework solution versus the Cisco Clean Access solution. Likewise, the topology of the Framework solution is considerably different from that of Clean Access. Let's take a look at these differences and elements.
7.1.1. Network Admission Control Framework
The NAC Framework uses the network infrastructure and third-party vendor solutions to enforce security policy for compliance on all endpoints. The NAC Framework enables Cisco routers, concentrators, switches, and wireless access points (WAPs) to enforce access privileges when an endpoint device attempts to connect to the LAN or WAN. The access decision is based on the security posture of the endpoint as it relates to configured enterprise security rules and policies.
When people say that enterprises need to only use Cisco equipment to support Cisco NAC, this is the solution to which they are referring. It is important to note that this "Cisco network equipment only" knock (which you will undoubtedly hear often) isn't really true or necessary for implementing a Cisco NAC solution. It is certainly possible to implement Cisco NAC without having a Cisco-only network infrastructure.
The Cisco NAC Framework is suited for the following scenarios:
Deep NAC partner integration is a starting requirement
Deploying a NAC-compatible 802.1x solution is needed
Cisco Secure Access Control Server (ACS) is required as the ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
