Summary

The Cisco Network Admission Control is a framework comprising Cisco networking infrastructure along with a variety of partner products to enforce network admission policies on NAC-enabled endpoint devices, guaranteeing software compliance before granting network access.

The Cisco NAC Framework consists of the following components:

• NAC-enabled security applications such as antivirus and host intrusion protection systems such as Cisco Security Agent

• Posture agents such as Cisco Trust Agent

• Network access devices such as routers, switches, and wireless access points

• Cisco Secure ACS, which is the Cisco Policy Server

• Optional third-party validation policy servers

• Optional management and reporting tools

NAC allows the appropriate level of network access only to compliant and trusted endpoint devices such as PCs, servers, and PDAs. NAC can also identify noncompliant endpoints, deny them access, and place them in a quarantined area or give them restricted access to computing resources.

NAC agentless hosts can be identified by exception lists, whitelisting, or audit servers and can be evaluated before granting network access.

NAC Framework operates across all network access methods including campus switching, wired and wireless, router WAN and LAN links, IPSec connections, remote access, and dial-up links.