Filter
Top Products
Chapter 3. Component structure 41
The logical components are:
Network Admission Control
Compliance
Remediation
The following sections provide function and architecture details for each
component.
3.1.1 Network Admission Control
Network Admission Control (NAC) is the Cisco component of the solution that
provides enforcement by restricting traffic based on the client's posture. Cisco
NAC can be implemented via NAC Framework or NAC Appliance. NAC
Framework provides NAC functionality within the infrastructure, posturing at the
network access device, where as NAC Appliance provides posturing on an
appliance. Both NAC Framework and NAC Appliance can be integrated
simultaneously into the network. An overview introducing the concepts of NAC
Framework and NAC Appliance can be found in Appendix B, “Network Admission
Control” on page 471.
Network Admission Control Framework
The Network Admission Control Framework consists of the following
subcomponents:
Posture validation server
Policy enforcement device
Admission control client
Posture validation server
The posture validation server validates the client posture against network access
policy. In our solution the Cisco Secure Access Control Server (ACS) acts as the
posture validation server. The Cisco Secure ACS performs these functions:
It enables administrators to create polices that are used as validation criteria
for clients trying to access the network.
It validates the security posture credentials received from a client machine.
The validation process compares the client’s current posture with a
predefined desired posture.
It forwards the appropriate network access policy for the client to a network
access device, such as a switch, router, VPN concentrator, Adaptive Security
Appliance or access point, to restrict traffic flow based on the client’s posture.
The Cisco Secure ACS is an
authentication, authorization, accounting (AAA)
server that provides a centralized authentication and policy deployment platform