Network Admission Control

Cisco's Secure Access Control products are integral to the Cisco TrustSec solution, a core component of the Secure Borderless Networks architecture. TrustSec includes the following Access Control products:

These products enforce network security policies, help secure user and host access control, and control network access based on dynamic conditions and attributes.

Business Benefits

  • Recognizes users, their devices, and their roles in the network: Authenticates, authorizes, evaluates, and remediates wired, wireless, and remote users and their machines prior to network access
  • Supports two distinct protocols for authentication, authorization, and accounting (AAA): Supports RADIUS for network access control and TACACS+ for network device access control
  • Security policy compliance: Helps ensure that endpoints conform to security policy; protects infrastructure and employee productivity; helps secure managed and unmanaged assets; supports internal environments and guest access; and, tailors policies to your risk level
  • Protects existing investments: Minimizes the need for infrastructure upgrades with flexible deployment options; compatible with third-party management applications
  • Mitigates risks from viruses, worms, and unauthorized access: Controls and reduces large-scale infrastructure disruptions and facilitates higher IT efficiency

Deployment Scenarios

The CiscoTrustSec solution offers deployment options to address various customer needs and use cases.

Deployment Option 1: ACS: 802.1X-Based Infrastructure Solution

Cisco Secure ACS is the policy server to authenticate users who connect to the wired network (see Figure 1). A network access device (switch) provides access to both the network and its resources based on user credentials and their roles in the organization.

Deployment Option 2: NAC: Appliance-Based Overlay Solution

For those requiring network authentication, role-based access control, and posture assessment, the Cisco NAC Appliance can be deployed as an overlay solution to an existing infrastructure.

In this appliance-based approach (see Figure 2), Cisco NAC Manager is the policy server that works with Cisco NAC Server to authenticate users and access their devices over LAN, wireless, or VPN connections. Access to the network and its resources is based on user credentials and their roles in the organization, as well as the policy compliance of endpoint devices.

In both scenarios, the addition of NAC Guest Server and NAC Profiler depends upon the specific functionality you may require.

Featured Content

802.1X-Based Guest Network for Wired LAN

Learn how to overcome common operational challenges associated with 802.1X.
» Read Case Study Off Site (5:33 min)

Bring 802.1X Security to Wired Networks

Reduce security risks while lowering IT capital and operational costs.
» Learn More

Additional Resources