Summary

NAC is the process of identifying, authorizing, and verifying the security posture to determine that the user or device does not impose a security risk and can join the network safely. NAC can be implemented as a function of Cisco router/switches as NAC Framework, or NAC, can be implemented as a turn-key NAC appliance. NAC can be deployed in-band, where all data traffic from the user goes through the server, or OOB, where the server is involved only in the authentication, scanning, and remediation process and is removed from the normal data traffic flow of the user. OOB offers higher-scalability deployments because the data throughput is not limited by the capacity of the NAC appliance server.

The NAC appliance is also marketed as CCA. The NAC appliance architecture is composed of a server, manager, and optional access agent. The NAC appliance server is managed by the NAC appliance manager because NAC appliance servers do not have an exposed command-line interface (CLI) for all functions, and there is not a device manager. The optional access agent at the time of this publication is offered as a no-cost option and is designed for Windows end stations. The presence of the agent enables advanced security posture validation on the end station, including the ability to check for specific files, services and applications, and to inspect Windows registry values for specific values or vulnerabilities.