Guest

Cisco NAC Appliance (Clean Access)

Cisco Secure Network Server/NAC Ordering Guide

  • Viewing Options

  • PDF (162.7 KB)
  • Feedback

This document describes the NAC ordering guidelines utilizing the Cisco Secure Network Server effective July 5, 2013.

What's New in This Guide?

This version of the guide incorporates the Cisco Secure Network Server into the Cisco NAC Manager and NAC Server configurations.

Next-Generation Appliances

Customers can utilize the Cisco Secure Network Server in combination with the existing, appliance-based Cisco NAC Servers and NAC Managers. Table 1 outlines additional options customers have.

Table 1. Cisco NAC Manager and NAC Server Options

Cisco NAC Manager

Cisco NAC Server

Manager for 3 NAC Servers (servers supporting 500 or fewer endpoints)

• 100 endpoints
• 250 endpoints
• 500 endpoints

Manager for 20 NAC Servers (servers supporting any number of endpoints)

• 100 endpoints
• 250 endpoints
• 500 endpoints
• 1500 endpoints
• 2500 endpoints
• 3500 endpoints
• 5000 endpoints

Manager for 40 NAC Servers (servers supporting any number of endpoints)

• 100 endpoints
• 250 endpoints
• 500 endpoints
• 1500 endpoints
• 2500 endpoints
• 3500 endpoints
• 5000 endpoints

Cisco NAC Hardware Platforms

Cisco NAC Server and NAC Manager run on either the Cisco Secure Network Server 3415 or the Cisco Secure Network Server 3495. Each hardware platform in the series supports several license requirements. Table 2 maps the licenses to the corresponding hardware.

Table 2. Mapping Cisco Secure Network Servers to Licenses

 

Cisco Secure Network Server 3415

Cisco Secure Network Server 3495

Cisco NAC Servers

• License for 100 endpoints
• License for 250 endpoints
• License for 500 endpoints
• License for 1500 endpoints
• License for 2500 endpoints
• License for 3500 endpoints
• License for 5000 endpoints

Cisco NAC Managers

Supports up to 3 NAC Servers as listed in Table 1.

Supports up to 40 NAC Servers (or a maximum of 50,000 endpoints) as listed in Table 1.

Sizing the Deployment

Licensing is based upon the number of concurrent endpoints that are connected to the network. Each server is licensed to support a specified number of endpoints, indicated by the server description (e.g., Cisco NAC Server for 250 endpoints).
The NAC Manager is used to configure and manage the NAC Servers in the network. Each NAC Manager can support a maximum number of NAC Servers or maximum number of endpoints by adding the user count per server.
For details on the NAC Manager sizing, please see Table 2.

Ordering NAC Server

When ordering a NAC Server, select one item from each of the hardware, software, and licensing steps. For a failover (redundant) pair, order both a NAC Server and a standby NAC Server. Details on how to order the standby NAC Server are outlined in a separate section below.

Step 1 - Hardware

Select one of the following appliances from Table 3:

Table 3. Cisco Secure Network Servers

Product Part Number

Description

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

SNS-3495-K9

Cisco Secure Network Server 3495 (for greater than 500 endpoints)

Step 2 - Software

Select the following software packages in Table 4:

Table 4. Cisco NAC Server Software

Product Part Number

Description

SNS-NACS-K9

Cisco NAC Server Software

Step 3 - Licensing

Choose one of the following licenses in Table 5 that corresponds to the hardware selected in Table 3:

Table 5. Cisco NAC Server Licenses

Product Part Number

Description

Hardware Required

NAC-100-K9

Cisco NAC Server License for up to 100 endpoints

SNS-3415-K9

NAC-250-K9

Cisco NAC Server License for up to 250 endpoints

SNS-3415-K9

NAC-500-K9

Cisco NAC Server License for up to 500 endpoints

SNS-3415-K9

NAC-1500-K9

Cisco NAC Server License for up to 1500 endpoints

SNS-3495-K9

NAC-2500-K9

Cisco NAC Server License for up to 2500 endpoints

SNS-3495-K9

NAC-3500-K9

Cisco NAC Server License for up to 3500 endpoints

SNS-3495-K9

NAC-5000-K9

Cisco NAC Server License for up to 5000 endpoints

SNS-3495-K9

Ordering NAC Server Failover Configurations

Customers who desire availability in the event of a server hardware failure must order a separate standby NAC Server configuration in addition to the primary NAC Server. The combination of the primary and the standby configurations creates a redundant pair. In the event of a failure in the primary NAC Server, the primary server will fail over to the standby server. The standby configuration must be ordered with the same license as the primary configuration.
Select one item from each of the hardware, software, and licensing steps.

Step 1 - Hardware

Select one of the following appliances from Table 6:

Table 6. Cisco Secure Network Servers

Product Part Number

Description

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

SNS-3495-K9

Cisco Secure Network Server 3495 (for greater than 500 endpoints)

Step 2 - Software

Select the following software packages in Table 6:

Table 7. Cisco NAC Server Software

Product Part Number

Description

SNS-NACS-K9

Cisco NAC Server Software

Step 3 - Licensing

Select one of the following licenses from Table 8 that corresponds to the hardware from Table 6:

Table 8. Cisco NAC Server Standby Licenses

Product Part Number

Description

Hardware Required

NAC-100SB-K9

Cisco NAC Server Standby License for up to 100 endpoints

SNS-3415-K9

NAC-250SB-K9

Cisco NAC Server Standby License for up to 250 endpoints

SNS-3415-K9

NAC-500SB-K9

Cisco NAC Server Standby License for up to 500 endpoints

SNS-3415-K9

NAC-1500SB-K9

Cisco NAC Server Standby License for up to 1500 endpoints

SNS-3495-K9

NAC-2500SB-K9

Cisco NAC Server Standby License for up to 2500 endpoints

SNS-3495-K9

NAC-3500SB-K9

Cisco NAC Server Standby License for up to 3500 endpoints

SNS-3495-K9

NAC-5000SB-K9

Cisco NAC Server Standby License for up to 5000 endpoints

SNS-3495-K9

For customers ordering NAC Server failover configurations, it is useful to note that one Cisco NAC Server failover pair (primary and standby) counts as one server toward the capacity of the Cisco NAC Manager.

Ordering NAC Manager

When ordering a NAC Manager, select one item from each of the hardware, software, and licensing steps. For a failover (redundant) pair, order both a NAC Manager and a NAC Standby Manager. Details on how to order the standby NAC Manager are outlined in a separate section below.

Step 1 - Hardware

Select one of the following appliances from Table 9:

Table 9. Cisco Secure Network Servers

Product Part Number

Description

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

SNS-3495-K9

Cisco Secure Network Server 3495 (for up to 40 NAC Servers supporting any number of endpoints per server)

Step 2 - Software

Select the following software package from Table 10:

Table 10. Cisco NAC Manager Software

Product Part Number

Description

SNS-NACM-K9

Cisco NAC Manager

Step 3 - Licensing

Select one of the following licenses from Table 11 that corresponds to the hardware from Table 9:

Table 11. Cisco NAC Manager Licenses

Product Part Number

Description

Hardware Required

NACMGR-SNSLTE-K9

Cisco NAC Manager License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

SNS-3415-K9

NACMGR-SNSSTD-K9

Cisco NAC Manager License for up to 20 NAC Servers supporting any number of endpoints per server

SNS-3495-K9

NACMGR-SNSSPR-K9

Cisco NAC Manager License for up to 40 NAC Servers supporting any number of endpoints per server

SNS-3495-K9

Ordering NAC Manager Failover Configurations

Customers who desire availability in the event of a server hardware failure must order a separate standby NAC Manager configuration in addition to the primary NAC Manager. The combination of the primary and the standby configurations creates a redundant pair. In the event of a failure in the primary, the NAC Manager will fail over to the standby. The standby configuration must be ordered with the same license as the primary configuration.

Step 1 - Hardware

Select one of the following appliances from Table 12:

Table 12. Cisco Secure Network Servers

Product Part Number

Description

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

SNS-3495-K9

Cisco Secure Network Server 3495 (for up to 40 NAC Servers supporting any number of endpoints per server)

Step 2 - Software

Select the following software package from Table 13:

Table 13. Cisco NAC Manager Software

Product Part Number

Description

SNS-NACM-K9

Cisco NAC Manager

Step 3 - Licensing

Select one of the following licenses from Table 14 that corresponds to the hardware from Table 12:

Table 14. Cisco NAC Manager Standby Licenses

Product Part Number

Description

Hardware Required

NACMGR-SNSLTESB-K9

Cisco NAC Manager Standby License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

SNS-3415-K9

NACMGR-SNSSTDSB-K9

Cisco NAC Manager Standby License for up to 20 NAC Servers supporting any number of endpoints per server

SNS-3495-K9

NACMGR-SNSSPRSB-K9

Cisco NAC Manager Standby License for up to 40 NAC Servers supporting any number of endpoints per server

SNS-3495-K9

Customer Scenarios

The following scenarios illustrate some Cisco Secure Network Server NAC deployments.

Scenario 1

Customer has one headquarters location with 300 endpoints and two remote sites with fewer than 50 endpoints at each site. Customer prefers a redundant central deployment, using Layer 3 in-band capability to consolidate the remote sites.

Management

1 Cisco NAC Lite Manager with failover

Headquarters

1 Cisco NAC Server with failover for 500 endpoints

The customer would order the following Manager configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

2

SNS-NACM-K9

Cisco NAC Manager

1

NACMGR-SNSLTE-K9

Cisco NAC Manager License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

1

NACMGR-SNSLTESB-K9

Cisco NAC Manager Standby License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

The customer would also need to order the following Server configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

2

SNS-NACS-K9

Cisco NAC Server version 4.9.2

1

NAC-500-K9

Cisco NAC Server License for up to 500 endpoints

1

NAC-500SB-K9

Cisco NAC Server Standby License for up to 500 endpoints

Scenario 2

Customer has one headquarters location with 300 endpoints and two remote sites with fewer than 50 endpoints at each site. Customer prefers a redundant central deployment, using Layer 3 in-band capability to consolidate the remote sites. However, the customer has decided not to have redundancy on the Manager.

Management

1 Cisco NAC Lite Manager

Headquarters

1 Cisco NAC Server with failover for 500 endpoints

The customer would order the following non-redundant Manager configuration:

Quantity

Product Part Number

Description

1

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

1

SNS-NACM-K9

Cisco NAC Manager

1

NACMGR-SNSLTE-K9

Cisco NAC Manager License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

The customer would also need to order the following redundant Server configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

2

SNS-NACS-K9

Cisco NAC Server Software

1

NAC-500-K9

Cisco NAC Server License for up to 500 endpoints

1

NAC-500SB-K9

Cisco NAC Server Standby License for up to 500 endpoints

Scenario 3

Customer has one headquarters location with 500 endpoints. Customer would like to provide wireless guest access for its conference rooms (estimated number of endpoints as high as 200) and enforce security policies on employee wired access in an out-of-band deployment. Based on these requirements, a central deployment is recommended, with one Cisco NAC Server with failover for wireless endpoints, and another for wired endpoints.

Management

1 Cisco NAC Lite Manager with failover

Wireless Guest Access

1 Cisco NAC Server with failover for 250 endpoints

Wired Employee Access

1 Cisco NAC Server with failover for 500 endpoints

The customer would order the following Manager configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

2

SNS-NACM-K9

Cisco NAC Manager

1

NACMGR-SNSLTE-K9

Cisco NAC Manager License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

1

NACMGR-SNSLTESB-K9

Cisco NAC Manager Standby License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

The customer would also need to order the following Server configuration:

Quantity

Product Part Number

Description

4

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

4

SNS-NACS-K9

Cisco NAC Server Software

1

NAC-250-K9

Cisco NAC Server License for up to 250 endpoints

1

NAC-250SB-K9

Cisco NAC Server Standby License for up to 250 endpoints

1

NAC-500-K9

Cisco NAC Server License for up to 500 endpoints

1

NAC-500SB-K9

Cisco NAC Server Standby License for up to 500 endpoints

Upgrade Licenses

Customer who would like to upgrade the number of endpoints supported on existing Cisco 3400 Series NAC Server(s) may order one or more of the following upgrades per server as shown in Table 15:

Table 15. Cisco 3400 Series NAC Server Upgrade License Part Numbers

Product Part Number

Description

NAC Server electronic delivery licenses

L-NAC-100SBUL=

Cisco Secure Network Server 3415 NAC Server Standby License Upgrade for 100 to 250 endpoints

L-NAC-100UL=

Cisco Secure Network Server 3415 NAC Server License Upgrade for 100 to 250 endpoints

L-NAC-250SBUL=

Cisco Secure Network Server 3415 NAC Server Standby License Upgrade for 250 to 500 endpoints

L-NAC-250UL=

Cisco Secure Network Server 3415 NAC Server License Upgrade for 250 to 500 endpoints

L-NAC-1500SBUL=

Cisco Secure Network Server 3495 NAC Server Standby License Upgrade for 1500 to 2500 endpoints

L-NAC-1500UL=

Cisco Secure Network Server 3495 NAC Server License Upgrade for 1500 to 2500 endpoints

L-NAC-2500SBUL=

Cisco Secure Network Server 3495 NAC Server Standby License Upgrade for 2500 to 3500 endpoints

L-NAC-2500UL=

Cisco Secure Network Server 3495 NAC Server License Upgrade for 2500 to 3500 endpoints

L-NAC-3500SBUL=

Cisco Secure Network Server 3495 NAC Server Standby License Upgrade for 3500 to 5000 endpoints

L-NAC-3500UL=

Cisco Secure Network Server 3495 NAC Server License Upgrade for 3500 to 5000 endpoints

Customer Upgrade Licensing Scenarios

The following scenarios illustrate potential Cisco NAC Server license upgrades:

Scenario 1

Customer has a Cisco 3415 NAC Server licensed for 100 endpoints and would like to increase the server to support 500 endpoints. The customer would order the following upgrade licenses:

Quantity

Product Part Number

Description

1

L-NAC-100UL=

Cisco Secure Network Server 3415 NAC Server License Upgrade for 100 to 250 endpoints

1

L-NAC-250UL=

Cisco Secure Network Server 3415 NAC Server License Upgrade for 250 to 500 endpoints

Scenario 2

Customer has a Cisco 3495 NAC Server and a standby Cisco 3495 NAC Server, creating a redundant pair. The customer would order the following to increase the number of endpoint supported from 2500 to 3500:

Quantity

Product Part Number

Description

1

L-NAC-2500UL=

Cisco Secure Network Server 3495 NAC Server License Upgrade for 2500 to 3500 endpoints

1

L-NAC-250SBUL=

Cisco Secure Network Server 3495 NAC Server Standby License Upgrade for 2500 to 3500 endpoints

Cisco SMARTnet® Support

Table 16 lists the part numbers of the service options available for Cisco Secure Network Servers.

Table 16. Cisco Secure Network Server Support Part Numbers

Product Part Number

SMARTnet Part Number

Description

SNS-3415-K9

CON-SNT-SNS-3415

Cisco SMARTnet support for SNS-3415-K9 - 8x5 Next Business Day

SNS-3495-K9

CON-SNT-SNS-3495

Cisco SMARTnet support for SNS-3495-K9 - 8x5 Next Business Day

Other levels of SMARTnet support are available. Support for Cisco NAC Servers and Cisco NAC Managers is sold separately. All support licenses will be in effect for one year from the purchase date. Service contract and licensing support information is available at http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html.

Customer Support Scenario

A customer is purchasing a Cisco NAC Manager Lite with a standby Manager for redundancy and a NAC Server for 500 endpoints with a standby Server for redundancy as well.
As a result the customer would order the following Manager configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 3 NAC Servers supporting 500 or fewer endpoints per server)

2

SNS-NACM-K9

Cisco NAC Manager

1

NACMGR-SNSLTE-K9

Cisco NAC Manager License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

1

NACMGR-SNSLTESB-K9

Cisco NAC Manager Standby License for up to 3 NAC Servers supporting 500 or fewer endpoints per server

The customer would also be ordering the following Server configuration:

Quantity

Product Part Number

Description

2

SNS-3415-K9

Cisco Secure Network Server 3415 (for up to 500 endpoints)

2

SNS-NACS-K9

Cisco NAC Server Software

1

NAC-500-K9

Cisco NAC Server License for up to 500 endpoints

1

NAC-500SB-K9

Cisco NAC Server Standby License for up to 500 endpoints

To support this order with Cisco SMARTnet, the customer would order:

Quantity

SMARTnet Part Number

Description

4

CON-SNT-SNS-3415

Cisco SMARTnet support for SNS-3415-K9 - 8x5 Next Business Day

Q&A

Q. Do the software features vary between the different Cisco Secure Network Server models (e.g., 3415 or 3495)?
A. No. The only difference is the number of endpoints or the server count allowed by the license.
Q. Can I deploy Cisco NAC Servers either in band or out of band?
A. Yes. All Cisco NAC Servers can be deployed either in band or out of band; however, one server cannot do both simultaneously. A Cisco NAC Manager can manage any combination of in-band and out-of-band servers.
Q. What is the difference between the various Cisco Secure Network Server models?
A. The Cisco Secure Network Server 3415 and Cisco Secure Network Server 3495 differ in their hardware specifications. For more information, please refer to the Cisco Secure Network Server data sheet at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/data_sheet_c78-726524.html.
Q. Is a starter kit still available for pilot deployments?
A. Partners may inquire about a starter kit. At this time, we do not have a starter kit for customer pilot deployment.

For More Information

For more information about Cisco NAC, visit http://www.cisco.com/go/nacappliance or contact your local account representative. Inquiries on ordering or deployment sizing can also be emailed to
cca-questions@external.cisco.com.