6.1. Deployment Scenarios and Topologies
When deploying Cisco NAC, companies have options as to the type of Cisco NAC solutions that they would like to deploy. The following are the two options:
Cisco Clean Access
Cisco Network Admission Control Framework
Many of the companies with which I speak are only really aware of the framework option. You'll also hear a lot of FUD about how if you want to deploy Cisco NAC you need to only use all Cisco routers and switches, and so on. That's really not the case, depending upon which type of solution you are seeking.
Cisco's own documentation clearly states that the Cisco NAC appliance is the recommended method of deployment for most customers.
6.1.1. Cisco Clean Access
Cisco Clean Access is Cisco's appliance-based NAC solution. The solution consists of appliances, and these appliances handle virtually all of the NAC functions. The following are the core components of Cisco Clean Access:
Clean Access Manager (CAM)
Clean Access Server (CAS)
Clean Access Agent (CAA)
The main brains of Cisco Clean Access are controlled by the CAM. This is where the configuration takes place, and it is the central console of the NAC solution.
CASs are deployed strategically and act as the gateway between devices entering the network. The CASs receive their instructions from the CAM and act as the intermediary.
The CAA is the software that is installed on the endpoints attempting to gain access to the network. This agent communicates directly to the CAS.
Of these ...
Get Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
