Chapter 2 Deploy the Access Control Servers

Deploying ACS in a NAC/NAP Environment

Deploying ACS in a NAC/NAP Environment

You can deploy ACS in a Cisco Network Admission Control and Microsoft Network Access Protection (NAC/NAP) environment. In the NAC/NAP environment, NAP client computers authorize with ACS by using EAP over UDP (EoU) or EAP over 802.1x.

Table 2-1describes the components of a NAC/NAP deployment.

Table 2-1 Components of a NAC/NAP Deployment

Component

Description

 

 

NAP client

A computer running Windows Vista or Windows Server 2008. NAP

 

clients send their health credentials as Statements of Health (SoHs) or

 

as a health certificate.

 

 

NAP agent

A process running on a NAP client that sends SoHs or health

 

certificates to ACS.

 

 

Network access devices

Cisco devices through which you can access the network, such as

 

routers, switches, wireless access points, and VPN concentrators.

 

 

ACS

Cisco AAA server product.

 

 

Network Policy Server (NPS)

A Microsoft server that validates health certificates from NAP clients

 

and provides remediation instructions if needed.

 

 

Health Registration Authority

A Microsoft certificate server that obtains health certificates on

 

behalf of NAP clients from a public key infrastructure (PKI).

 

 

Policy Servers

Servers that provide current system health state for Microsoft NPSs.

 

 

When a NAP client connects, it uses a NAP agent to send ACS one of the following:

A list of SoHs.

A certificate that the client has received from a Microsoft Health Registration Authority (HRA). The ACS host validates the client credentials. If the NAP agent sends a:

List of SoHs, the ACS sends the list to a Microsoft NPS by using the Cisco Host Credentials Authorization Protocol (HCAP). The NPS evaluates the SoHs. The ACS then sends an appropriate NAP to the network access device (switch, router, VPN, and so on) to grant the authorized level of access to the client.

Health certificate rather than a list of SoHs, then ACS validates the certificate as the EAP-FAST session is established to determine the overall health of the client. The ACS then sends the appropriate NAP to the network to grant the authorized level of access to the client.

 

 

Configuration Guide for Cisco Secure ACS 4.2

 

 

 

 

 

 

OL-14390-02

 

 

2-15

 

 

 

 

 

Page 35
Image 35
Cisco Systems 4.2 manual Deploying ACS in a NAC/NAP Environment, Component Description, Acs, Cisco AAA server product

4.2 specifications

Cisco Systems, a global leader in IT and networking solutions, has consistently evolved to meet the demands of modern enterprises. One of its noteworthy offerings is Cisco Systems 4.2, a version that embodies a significant leap in networking technology and capability. With its rich set of features, Cisco Systems 4.2 caters to a wide range of industries, facilitating enhanced performance and security.

One of the main features of Cisco Systems 4.2 is its improved scalability. The architecture has been designed to support an ever-increasing number of devices and users, making it ideal for growing enterprises. The enhanced scalability allows organizations to expand their network capacities without compromising performance, ensuring seamless integration of new technologies and devices.

Another critical aspect of Cisco Systems 4.2 is its advanced security protocols. With cyber threats constantly evolving, Cisco prioritizes security in this version by offering robust features such as end-to-end encryption, improved firewall capabilities, and enhanced intrusion detection systems. These security enhancements provide organizations with peace of mind, knowing that their sensitive data and networks are well-protected from unauthorized access and potential threats.

Cisco Systems 4.2 also introduces intelligent automation features, which significantly streamline network management. Through the use of artificial intelligence and machine learning, Cisco enables organizations to automate routine tasks, reduce human error, and optimize performance. This automation not only enhances efficiency but also allows IT teams to focus on strategic initiatives rather than day-to-day maintenance.

Moreover, Cisco Systems 4.2 emphasizes infrastructure flexibility. The new architecture supports various deployment models, including on-premises, cloud, and hybrid environments. This flexibility enables organizations to adapt their networking strategies according to their specific needs and operational requirements, facilitating a more tailored approach to IT infrastructure.

Collaboration tools have also been enhanced in this version. Cisco Systems 4.2 integrates advanced communication solutions that empower teams to collaborate in real time, regardless of their geographical location. Features such as high-definition video conferencing, secure messaging, and file sharing enhance productivity and foster innovation across teams.

In summary, Cisco Systems 4.2 stands out as a forward-thinking networking solution with key features such as scalability, advanced security, intelligent automation, flexible infrastructure, and enhanced collaboration tools. These characteristics position Cisco Systems 4.2 as an invaluable asset for enterprises striving for digital transformation in an increasingly interconnected world. The ongoing innovation reflects Cisco's commitment to delivering cutting-edge technology solutions that drive business success and resilience.