Filter
Top Products
16 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
devices seeking to access network computing resources, thereby limiting
damage from viruses and worms.
Using NAC, organizations can provide network access to endpoint devices such
as PCs, PDAs, and servers that are verified to be fully compliant with an
established security policy. NAC can also identify noncompliant devices and
deny them access, place them in a quarantined area, or give them only restricted
access to computing resources.
NAC is part of the
Cisco Self-Defending Network, an initiative to increase
network intelligence in order to enable the network to automatically identify,
prevent, and adapt to security threats.
Network Admission Control offers the following benefits:
Comprehensive span of control – All of the access methods that hosts use to
connect to the network are covered, including campus switching, wireless
access, router WAN links, IP Security (IPSec) remote access, and dialup.
Extension of existing technologies and standards – NAC extends the use of
existing communications protocols and security technologies, such as
Extensible Authentication Protocol (EAP), 802.1x, and RADIUS services.
Extension of existing network and security software investments – NAC
combines existing investments in network infrastructure and security
technology to provide a secure admission-control solution.
Network Admission Control is a strategic program in which Cisco shares
technology features with approved program participants. Participants design and
sell third-party client and server applications that incorporate these features that
are compatible with the Network Admission Control (NAC) infrastructure.
Network Admission Control can operate at Layer 3 or Layer 2. In Cisco terms,
Layer 3 NAC uses EAP transported on UDP packets and is called EAPoverUDP,
or EOU. In
Layer 2 NAC the Extensible Authentication Protocol (EAP) is
transported on 802.1x frames and is called EAPoverLAN or EAPOL.