his credentials, the Cisco Secure ACS checks its local user database and assigns the user to the respective group. The user is then mapped to the Healthy or Quarantine VLAN of that group, depending on the state of posture compliance provided by the CTA on the user’s machine. All access to the network is based on access control lists (ACLs) bound to the Layer 3 Switched Virtual Interfaces (SVIs) on the switch, which in this example is also the access switch.

NAC Appliance

NAC Appliance is based on the Cisco Clean Access products. It comprises a Clean Access Manager (CAM), a Clean Access Server (CAS), and a Clean Access Agent (CAA). It is not based on an architecture approach, and can

provide NAC functionality on non-Cisco based networks. NAC Appliance can be deployed in a variety of ways. In this example, it has been deployed as a virtual out-of-bandgateway.

82Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 99 Page 101
Page 100
Image 100
IBM Tivoli and Cisco manual NAC Appliance
Page 99 Page 101
Top Page Image Contents