Đang tải dữ liệu ...
Giới thiệu Tin tức Liên hệ
Hướng dẫn mua hàng Bản đồ
Trang chủ
Sản phẩm
Cấp phép
Giới thiệu chung
Tư vấn mua hàng
Tại sao chọn Soft365
Khách Hàng Tiêu Biểu
Thông tin Liên hệ mua hàng
Thông tin Khuyến mại
Hệ Thống & Máy Chủ
Bảo Mật
Văn Phòng
Đồ Họa
Giáo Dục
Cơ Sở Dữ Liệu
Ảo Hóa
Phần mềm lập trình
Phần cứng
Giải pháp
Sản phẩm khác
Kinh Doanh Hà Nội 1
live:70ecda23a35b5e1e
Kinh Doanh Hà Nội 2
live:70ecda23a35b5e1e
Kinh Doanh HCM 1
live:70ecda23a35b5e1e
Kinh Doanh HCM 2
thu.hien968
Hỗ Trợ Kỹ Thuật 1
vinhbkhutskype
Hỗ Trợ Kỹ Thuật 2
vinhbkhutskype

Cisco NAC Layer3 OOB Using VRF Lite for Traffic Isolation

The purpose of this document is to describe a VRF-Lite based implementation of NAC in a Layer 3 Out of Band (OOB) deployment where the NAC server (CAS) is configured in Real IP Gateway (Routed) mode. Layer 3 Out of Band has rapidly become one of the most popular deployment methodologies for NAC. This shift in popularity is based on several dynamics. The first is better utilization of hardware resources. By the deployment of NAC in a Layer 3 OOB methodology, a single NAC Appliance can be made to scale to accommodate more users.
Giá: Liên hệ
Nhà sản xuất: Cisco
Khuyến mại : Hãy liên hệ với Soft365 để có giá tốt nhất
Kho hàng: Có hàng
Lượt xem: 1.161
Chia sẻ:
Tính năng
Yêu cầu hệ thống
Download
Sản phẩm liên quan

It also allows the NAC Appliances to be centrally located rather than distributed across the campus or organization. Thus, Layer 3 OOB deployments are much more cost effective both from a Capital and Operational expense standpoint. There are two widely used approaches to deploy NAC in a Layer 3 OOB architecture.

  1. Discovery-Host based approach—Uses inherent ability within the NAC Agent in order to reach the NAC Server (CAS). ACLs applied on the access switch control traffic enforcement on the Dirty network. Refer toConnecting to the NAC Server (CAS) using the SWISS Protocolfor more information.

  2. VRF based approach—Uses VRFs to route unauthenticated traffic to the CAS. Traffic policies configured on the NAC server (CAS) are used for enforcement on Dirty network. This approach has two sub-approaches. In the first approach, VRFs are pervasive throughout the infrastructure, in which case all Layer 3 devices participate in the tag switching. The second approach uses VRF-Lite and GRE tunnels to tunnel the VRFs through the Layer 3 devices that do not understand the tag switching. The benefit to the second approach is that minimal configuration changes are required to your core infrastructure.

Note:While Layer 3 OOB is one of the most common deployment methodologies, it cannot always be the optimal solution for every environment. There are other options to choose from that can be a more optimum fit for your particular requirements. Refer toPlanning Your Deploymentfor more information on these other NAC design options.

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • A basic understanding of Layer 2 and Layer 3 infrastructure operation and configuration

  • A basic understanding of the Cisco NAC appliance, and the differences between the various implementation methodologies that are associated with it

  • All NAC deployments and designs should be based on clear business requirements. These are the business requirement assumptions for this test setup:

    1. Users must be authenticated prior to being granted access to the network at large.

    2. Your access is limited based on who the users are. These privileges are mapped to Group Membership in Active Directory. The groups are Guests, Contractors, and Employees.

    3. Based on AD Group Membership, users are placed into a VLAN that has Network Access Privileges that are appropriate for each group.

    4. Guest User traffic continues to be isolated from the rest of the network even after authentication.

    5. After the user is admitted to the network, the NAC Appliance must no longer be in the traffic path. This prevents the NAC Appliance from becoming a bottleneck and allows the network to be used to its full potential by validated users.

  • NAC has many capabilities that are not covered by this document. The purpose of this guide is to explore and document the design guidelines and configuration required for a VRF-Lite based Layer 3 Out of Band NAC deployment. This guide does not focus on Posture Assessment or Remediation. More information about the NAC Appliance and its full capabilities can be found atwww.cisco.com/go/nac(registeredcustomers only) .


Chưa có hoặc chưa được cập nhật!
Hướng dẫn mua Windows 8
Các hình thức mua Windows bản quyền.
Chính sách cấp phép Microsoft
Các phiên bản của Windows 8
Mua nâng cấp Windows 8 bản quyền
Total load time (116.118.48.94) : 0.07531s