Filter
Top Products
Chapter 7. Network enforcement subsystem implementation 303
10.3.3.30 FastEthernet0/0 EAP Healthy 13
10.3.3.31 FastEthernet0/0 EAP Quarantine 2
Router#
7.2 Configuring NAC Appliance components
There are various components that make up the NAC Appliance solution. They
are:
Clean Access Manager (CAM) - The administrative server for Clean Access
deployment. The secure Web console of the Clean Access Manager is the
single point of management for up to 20 Clean Access Servers in a
deployment. For out-of-band deployment, the Web admin console also
provides Switch Management capability.
Clean Access Server (CAS) - Enforcement server between the untrusted
(managed) network and the trusted network. The CAS enforces the policies
you have defined in the CAM Web admin console, including network access
privileges, authentication requirements, bandwidth restrictions, and Clean
Access system requirements. It can be deployed in-band or out-of-band. The
CAS can be deployed in the following ways:
– In-band Virtual Gateway (L2 transparent bridging mode)
– In-band Real-IP Gateway
– In-band NAT Gateway (IP router/default gateway with NAT services)
– Out-of-band Virtual Gateway
– Out-of-band Real-IP Gateway
– Out-of-band NAT Gateway
For the purposes of this book, we focus on out-of-band Virtual Gateway (OOB
VG).
Clean Access Agent (CAA) - Optional read-only agent that resides on
Windows clients. The Clean Access Agent checks applications, files,
services, or registry keys to ensure that clients meet your specified network
and software requirements prior to gaining access to the network.