Cisco NAC Layer3 OOB with ACLs

Cisco NAC is used in the network infrastructure to enforce security policy compliance on all devices that seek access to network resources. Cisco NAC allows network administrators to authenticate and authorize users and to evaluate and remediate their associated machines before they are granted network access. There are several configuration methods you can use to accomplish this task, but Layer 3 out-of-band (OOB) has rapidly become one of the most popular deployment methodologies for NAC. This shift in popularity is based on several dynamics, including better utilization of hardware resources.

By deploying Cisco NAC in a Layer 3 OOB methodology, a single Cisco NAC Appliance (Cisco NAC Manager or Cisco NAC Server) can scale to accommodate more users. It also allows NAC Appliances to be centrally located rather than distributed across the campus or organization. Thus, Layer 3 OOB deployments are much more cost-effective both from a capital and operational expense standpoint.

This guide describes an ACL-based implementation of Cisco NAC in a Layer 3 OOB deployment.