NAC Solution Components
1-6 Overview
ofsupportingauthenticationand/orauthorization.TheNACControllerisalsorequiredinIPSec
andSSLVPNdeployments.
TheNACControllerprovidesintegratedvulnerabilityassessmentserverfunctionalityand
supportsbothagent‐less(network‐based)andagent‐basedassessment.(Aseparatelicenseis
requiredforintegratedassessment.)Italsosupportstheabilityto
connecttomultipleexternal
assessmentserversincludingNessusandLockdownEnforcer.
TheNACControllercanbeconfiguredinoneoftwomodesofoperation:Layer2orLayer3.The
modeofoperationcontrolshowconnectingend‐systemsaredetectedbytheNACControlleron
thenetworkandisselectedbased
onwheretheNACControllerispositionedinthenetworkin
relationtotheseend‐systems.IftheNACControllerispositionedbeforethefirstroutedboundary
forconnectingend‐systems,closertotheaccessedgeofthenetwork,theLayer2NACController
modeisutilized.Inthismode
ofoperation,theNACControllerdetectsconnectingend‐systems
onthenetworkbyreceivingtrafficfromanewMACaddress.IftheNACControllerispositioned
afterthefirstroutedboundarydeeperinsidethenetwork,theLayer3NACControllermodeis
utilized.Inthismodeofoperation,theNACController
detectsconnectingend‐systemsonthe
networkbyreceivingtrafficfromanewIPaddress.WiththeNACControllersupportingboth
Layer2andLayer3modesofoperation,theNACControllercanbestrategicallypositionedinthe
networktopologytoachievethedesiredlevelofscalabilityandsecurity.
TheNAC
Controllerisavailableintwomodels:
•2S4082‐25‐SYS‐24‐Port10/100/1000NACControllersupportsupto2000concurrentend‐
systems.
• 7S4280‐19‐SYS‐18‐PortSFPNACControllersupportsupto2000concurrentend‐systems.