Solve Problems with Cisco router NAC

The Cisco router NAC solves the problem. The so-called NAC is an architecture that allows multiple hardware and software components to work together to protect the user's network from adverse client attacks. 1. It is not easy to fully implement NAC, because the entire architecture contains too many different components from other vendors. For example, the architecture contains the NAC Policy Manager and multiple network systems, authentication servers, patch and patch servers, and third-party security software verification servers.

However, Cisco's NAC architecture has been supported by most mainstream terminal security companies, security access gateways, and patch repair servers.
Ii. running process 1. If a computer tries to access the network, it must first be verified and its policy is checked for compliance with the regulations; 2. the Computer Host runs a Cisco trusted proxy; 3. An Ethernet switch attempts to establish a connection to a computer. 4. The Extended Authentication Protocol (EAP) is enabled, and the creden; on the computer are sent to the Cisco ACS on the Cisco Secure Access Control Server; 5. After the entire process is completed, the Computer Host only sends the creden from the trusted proxy Cisco Trust Agent to the network, and the computer itself cannot communicate with the network; www.2cto.com 6. The trusted Agent Cisco Trust Agent communicates creden through a secure channel, so they are not visible to the client. 7. The Secure Access Control Server ACS Server can pass creden to other servers. For example, most of these creden are sent to Windows AD servers. 8. Based on the feedback from one or more verification servers, the ACS server can allow, reject, or isolate the computers requesting access to the network, the ACS server can set different networks. Access level; 9. In terms of security policy consistency verification, Cisco NAC adopts Network and proxy-based scanning methods; 10. Cisco NAC can implement consistency detection for various devices; 11. Cisco NAC can notify the user of the connection status. If any problem occurs, it can correct the problem by upgrading the computer patch, firewall or other settings.

In most cases, the 802.1X network authentication protocol is used to verify the devices that attempt to access the network. Therefore, the switch connected to the ads must support 802.1X. Otherwise, the device cannot be truly isolated before verification and scanning.
This article is from