12.1. Cisco Network Admission Control (Cisco NAC)
Announced by Cisco in 2004, Network Admission Control (NAC) is one of the graybeards of network access control. Cisco NAC was a pioneer in NAC architectures. Although other companies had been circling the NAC flame for a couple of years, Cisco was one of the first to pull together a framework for NAC. It was also one of the points at the end of the spear for LAN security management.
At a high level, the goal of Cisco NAC — and, really, any other NAC framework — is to prevent unauthorized or compromised endpoint devices from gaining network access. Among other things that Cisco NAC does and can do, it assesses the security state of an endpoint device prior to allowing that device to access a network, much like other NAC architectures, frameworks, and solutions.
Cisco has stated in promotional materials that the Cisco NAC framework is suited for various use cases or scenarios, including protecting a network from infected endpoint devices, whether the infection was unintentional or intentional; securing access to networks for business partners; and enabling and managing network access for guests.
The Cisco NAC framework empowers different types of devices used in a typical network — including switches, routers, and even wireless access points — to collect user authentication and device security state data from endpoint devices. The system can use the information gathered by these network devices to decide the access fate for a particular ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
