Implementing the Cisco NAC Appliance
Course
Inhouse
Description
-
Type
Course
-
Methodology
Inhouse
-
Duration
4 Days
The NAC Appliance (Cisco Clean Access) is a "shrinkwrapped" network admission control solution that recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network. In particular, prior to allowing users onto the network, the NAC Appliance solution allows administrators to authenticate, authorize. Suitable for: This course is designed for Cisco customers, channel partners, and employees who want to learn how to implement and manage the NAC applicance.
About this course
CCSP or equivalent knowledge
BCMSN or working knowledge of VLANs.
SNRS or working knowledge of digital certificates.
BCSI or working knowledge of HSRP
Basic knowledge of Microsoft Windows
Reviews
Course programme
The NAC Appliance (Cisco Clean Access) is a "shrink-wrapped" network admission control solution that recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network. In particular, prior to allowing users onto the network, the NAC Appliance solution allows administrators to authenticate, authorize, interrogate and remediate users and their machines enforcing policy based access control on the network.
With the skills and knowledge learned in this course, the you will be able to configure a NAC Appliance to recognize users, their devices, and their roles in the network, and to evaluate and enforce machine security policy compliance.
Learning objectives
After you complete this course, you will be able to:
- Explain how a NAC Appliance deployment scenario addresses network security requirements
- Configure the common elements of a NAC Appliance solution
- Configure the NAC Appliance in-band and out-of-band implementation options
- Implement a highly available NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements
- Maintain a highly available NAC Appliance deployment in medium and enterprise network environments
Who should attend
This course is designed for Cisco customers, channel partners, and employees who want to learn how to implement and manage the NAC applicance.
Recommended prerequisites
- CCSP or equivalent knowledge
- BCMSN or working knowledge of VLANs.
- SNRS or working knowledge of digital certificates.
- BCSI or working knowledge of HSRP
- Basic knowledge of Microsoft Windows
boilerplate --> Course outline
Module 1: The NAC Appliance Solution
Lesson 1: Introducing Cisco Self-Defending Networks
- The Changing Landscape of Security
- The Cisco Host-Protection Strategy
- The Cisco SDN Initiative
- Cisco NAC Products
- Summary
- NAC Appliance Solution
- NAC Appliance Components
- NAC Appliance Platforms
- NAC Appliance Local and Remote Compliance Scenarios
- NAC Appliance Configuration Overview
- The NAC Appliance User Interface
- Cisco NAS Deployment Options
- In-Band and Out-of-Band Deployment Options
- NAC Appliance OOB Deployment
- NAC Appliance In-Band Deployment
- Cisco NAS Operating Modes
Lesson 1: Configuring User Roles
- What Is a User Role?
- Managing User Roles
- Defining Traffic Policies for User Roles
- Configuring Traffic Policies for User Roles
- Creating Local User Accounts
- Configuring User Session Timeouts
- Configuring Guest Access
- Configuring External Authentication Providers
- Authenticating Users Against Active Directory
- Mapping Users to User Roles
- Testing User Authentication
- Configuring RADIUS Accounting for Users
- Cisco NAS DHCP Modes
- Enabling the DHCP Module
- Configuring IP Ranges
- Working with Subnets
- Reserving IP Addresses
- Configuring User-Specified DHCP Options
Lesson 1: Implementing NAC Appliance In-Band Deployment
- In-Band Process Flow
- In-Band Deployment Configurations
- Configuring the Cisco NAS for In-Band Deployment
- Adding the Cisco NAS to the Managed Domain
- Configuring the Cisco NAS Interfaces
- Adding Managed Subnets
- Configuring Cisco NAS VLAN Settings
- Introducing the NAC Appliance for Cisco VPN Concentrators
- Introducing Single Sign-On Support
- Configuring the NAC Appliance for VPN Concentrator Integration
- OOB Process Flow
- OOB Deployment Considerations
- Adding an OOB Cisco NAS to the Cisco NAM
- Implementing Cisco NAS OOB Operating Modes
Prepare the Cisco NAM to Support Web-Based Administration Console Configuration
Configure User Roles
Adding an In-Band Virtual Gateway Cisco NAS to the Cisco NAM
Configure the Cisco VPN Single Sign-On Feature on the NAC Appliance
Configure Network Scanning
Configure Cisco NAA
Configure an HA In-Band VPN
Adding an OOB Virtual Gateway Cisco NAS to a HA NAC Appliance Deployment
Configure SNMP, Switch, and Port Profiles
Implementing the Cisco NAC Appliance