Filter
Top Products
2-16
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Additional Topics
Figure 2-11 illustrates the architecture of a NAC/NAP network.
Figure 2-11 NAC/NAP Deployment Architecture
Additional Topics
This section describes additional topics to consider when deploying ACS. This section contains:
• Remote Access Policy, page 2-16
• Security Policy, page 2-17
• Administrative Access Policy, page 2-17
• Database Considerations, page 2-19
• Network Latency and Reliability, page 2-19
Remote Access Policy
Remote access is a broad concept. In general, it defines how the user can connect to the LAN, or from
the LAN to outside resources (that is, the Internet). Connectivity is possible in many ways: dial-in,
ISDN, wireless bridges, and secure Internet connections. Each method incurs its own advantages and
disadvantages, and provides a unique challenge to providing AAA services. In addition to the method of
270297
System Health Agents
NAP agent
EAP Host
Other
EAP
types
EAP over
UDP
Supplicant
802.1X
Supplicant
EAP-Host
NAP
Enforcement
Client
NAP client
Cisco switches and routers
Cisco ACS
(Network Access)
EAP-FAST over
802.1X or UDP
carrying the list
of SoHs or a
health certificate
Health Registration
Authority (HRA)
HCAP
RADIUS
RADIUS
Microsoft NPS
(System Health)
Policy
Servers