10.3.3.30

FastEthernet0/0

EAP

Healthy

13

10.3.3.31

FastEthernet0/0

EAP

Quarantine

2

Router#

7.2 Configuring NAC Appliance components

There are various components that make up the NAC Appliance solution. They are:

￿Clean Access Manager (CAM) - The administrative server for Clean Access deployment. The secure Web console of the Clean Access Manager is the single point of management for up to 20 Clean Access Servers in a deployment. For out-of-band deployment, the Web admin console also provides Switch Management capability.

￿Clean Access Server (CAS) - Enforcement server between the untrusted (managed) network and the trusted network. The CAS enforces the policies you have defined in the CAM Web admin console, including network access privileges, authentication requirements, bandwidth restrictions, and Clean Access system requirements. It can be deployed in-band or out-of-band. The CAS can be deployed in the following ways:

In-band Virtual Gateway (L2 transparent bridging mode)

In-band Real-IP Gateway

In-band NAT Gateway (IP router/default gateway with NAT services)

Out-of-band Virtual Gateway

Out-of-band Real-IP Gateway

Out-of-band NAT Gateway

For the purposes of this book, we focus on out-of-band Virtual Gateway (OOB VG).

￿Clean Access Agent (CAA) - Optional read-only agent that resides on Windows clients. The Clean Access Agent checks applications, files, services, or registry keys to ensure that clients meet your specified network and software requirements prior to gaining access to the network.

Chapter 7. Network enforcement subsystem implementation

303

Page 321
Image 321
IBM Tivoli and Cisco manual Configuring NAC Appliance components, 303