Network Admission Control Switching Solutions

Advanced Threat Prevention Capabilities

Network Admission Control (NAC) is a component of the Cisco Self-Defending Network strategy that improves the network's ability to automatically identify, prevent, and respond to security threats.

NAC technology allows Cisco Catalyst switches to collaborate with third-party security software products for policy compliance and enforcement, before a host is given network access.

Deploying NAC can help your business to:

  • Dramatically improve security: NAC makes sure that endpoints (such as laptops, PCs, PDAs, and servers) comply with security policies, to proactively protect against worms, viruses, spyware, and malware.
  • Improve operational efficiency: NAC helps shift your operational focus from reaction to prevention. It also reduces operating expenses (OpEx) related to identifying and repairing noncompliant, rogue, and infected systems.
  • Extend its existing investments: NAC provides broad integration with multivendor security and management software, and enhances existing investments in network infrastructure and vendor software.
  • Increase resilience: NAC provides comprehensive admission control across the LAN, to prevent noncompliant and rogue endpoints from affecting network availability

NAC performs posture validation at the Layer 2 network edge for hosts with or without 802.1x-enabled systems. Vulnerable and noncompliant hosts can be isolated, given reduced network access, or directed to remediation servers, based on organizational policy.

By making sure that every host complies with security policy, organizations can significantly reduce any infection damage.

NAC Framework capabilities on Cisco Catalyst switches are available through standard software upgrades with Cisco SMARTnet contracts.

Cisco Catalyst Switch NAC2 Framework Support
Platform—Supervisor OS NAC L2 802.1x NAC L2 IP NAC L3 IP NAC Agentless Host
6500—Sup32, 720 Native IOS Future Yes Future NAC L2 IP
6500—Sup2 Native IOS No No No No
6500—Sup32, 720 Hybrid Yes Yes No NAC L2 IP
6500—Sup2 Hybrid Yes Yes No NAC L2 IP
6500—Sup2, 32, 720 Catalyst OS Yes Yes No NAC L2 IP
4500 Series—SupII+, II+TS, IV, V, V-10GE IOS Yes Yes Future NAC L2 IP
4900 IOS Yes Yes Future NAC L2 IP
3550, 3560, 3750 IOS Yes Yes No NAC L2 IP
2950, 2940, 2955, 2960, 2970 IOS Yes No No No
6500—Sup1A All No No No No
5000 All No No No No
4000—Sup I, II, III (IOS) Catalyst OS No No No No
3500XL, 2900XM, 1900 All No No No No
More Resources