PDF(67.5 KB) View with Adobe Reader on a variety of devices
Updated:February 24, 2011
Q. What is Cisco NAC Profiler?
A. Cisco NAC
® Profiler is a component of the Cisco Network Admission Control (NAC) solution. It identifies all endpoints attached to a network to automate the initial inventory collection process. In addition, it uses identified device information to help determine access privileges. Finally, it provides real-time monitoring services to track the location and type of all network-attached endpoints.
Q. Why should I care about Cisco NAC Profiler?
A. Cisco NAC Profiler makes it easier and more efficient to deploy and manage Cisco NAC, which enforces security policies for employees, contractors, and guests. Cisco NAC Profiler reduces much of the manual work required in a typical NAC deployment scenario to identify and record endpoint devices. Furthermore, Cisco NAC Profiler can monitor device behavior in real time so that changes can be automatically dealt with to ease operation burdens and to defeat certain malicious attempts, such as MAC address spoofing.
Q. What are Cisco NAC Profiler's business benefits?
A. Cisco NAC Profiler delivers the following business benefits:
• Simplifies NAC deployment tasks
• Reduces NAC adoption and operation costs
• Increases security by automated discovery and real-time monitoring processes
Q. What kind of customers benefit from Cisco NAC Profiler?
A. Cisco NAC Profiler is useful to any organization that plans to deploy and manage Cisco NAC efficiently. In addition, Cisco NAC Profiler provides ongoing monitoring services for device behavior. Virtually all industry segments, including financial, healthcare, government, and manufacturing, can benefit from Cisco NAC Profiler.
Q. Can you provide a specific example to show how a NAC implementation works with and without Cisco NAC Profiler?
A. Yes. Take, for example, an organization with laptops, desktops, IP phones, and networked printers. Deploying NAC without Cisco NAC Profiler would require the manual identification and inventory of device information for the IP phones and networked printers in order to apply appropriate policies for them (which typically differ from end-user devices such as laptops or desktops). In addition, if a device is moved or replaced, manual work is required again to make such changes. Cisco NAC Profiler automates these manual processes.
Q. How does Cisco NAC Profiler work?
A. Cisco NAC Profiler discovers and identifies endpoints by aggregating information from several sources, including:
• Inference-based discovery
• Network traffic analysis
• Network topology comprehension
• Network infrastructure communication
• NetFlow data analysis
Each network-attached device type is identified and correlated with the location of the device to provide a complete and accurate device description.
Q. What components does a Cisco NAC Profiler have?
A. Cisco NAC Profiler has two components: the NAC Profiler Server and the NAC Profiler Collector. The NAC Profiler Server houses the database, provides access to the administrator's user interface, and liaises with the Cisco NAC Appliance Manager. The NAC Profiler Collector resides on each NAC Appliance Server.
Q. What is Cisco NAC Profiler Collector?
A. Cisco NAC Profiler Collector performs the tasks of collecting endpoint information through a variety of methods. It is a license-enabled part of the Cisco NAC Appliance Server software.
Q. What is the difference between Cisco NAC Profiler and Cisco NAC Appliance Server?
A. Cisco NAC Profiler aggregates information from the collectors for the purposes of creating a real-time inventory of all non-PC endpoints. In contrast, the Cisco NAC Appliance Server is a component of the overall Cisco NAC solution that initiates assessments and enforces access privileges based on endpoint compliance.
Q. How does Cisco NAC Profiler Server interact with Cisco NAC Appliance Server and Cisco NAC Appliance Manager?
A. Cisco NAC Profiler Server correlates endpoint information from distributed NAC Profiler Collectors that reside on the Cisco NAC Appliance Servers. Cisco NAC Profiler Server then populates endpoint information into the Cisco NAC Appliance Manager's filter list using Cisco NAC APIs.
Q. What devices can be discovered and supported by Cisco NAC Profiler?
A. Cisco NAC Profiler can discover all endpoints attached to a network by type and location, including those that will not participate in NAC using the client or a browser. As such, network administrators can keep a real-time, contextual inventory of all LAN-attached endpoints.
Q. Is there a limit to how many devices Cisco NAC Profiler can discover and support?
A. Cisco NAC Profiler Collector will match the user limits of NAC Appliance Server in a NAC Appliance deployment (a 2500-user license for NAC Appliance Server will equate to 2500 NAC Profiler Collector endpoints). NAC Profiler Collector endpoint support will increase by 2x in a NAC Profiler deployment only (a 2500-user license for NAC Appliance Server will support 5000 NAC Profiler Collector endpoints). The NAC Profiler Server will support approximately 40,000 endpoints, depending on the NAC Appliance Server design. Additionally, there is a 1:1 ratio of NAC Profiler Servers to NAC Appliance Managers.
Q. Where can I find guidance on how to deploy Cisco NAC Profiler, especially for large networks?
A. Please contact your Cisco sales representative of Cisco partner for access to the latest design and configuration guides.
Q. Where can I obtain more information on Cisco NAC?
A. More information on Cisco NAC, including information on Cisco NAC Profiler, is available at
http://www.cisco.com/go/nac/appliance. You may also contact your local Cisco account representative.