Skip to main content

Posts

Showing posts from June, 2007

Managed Subnets

Background: The most misunderstood topic of the configuration of NACA is Managed Subnets. Every time I get a call about a LAN deployment, which is not working, the first thing I say is "Managed Subnets!". Hopefully, by reading this you will start to understand the taboo term and know when/where to configure Managed Subnets. Managed Subnets Theory: "For all CAS modes in L2 deployments (Real-IP/Virtual Gateway) when configuring additional subnets, you must configure Managed Subnets in the CAS so that the CAS can send ARP queries with appropriate VLAN IDs for client machines on the untrusted interface." The first question you must ask during deployment is "are there more than one VLAN on the untrusted side of the CAS?" If so, you need to give the CAS "logical interfaces" so that the CAS can "manage" those vlans/subnets. The best way to think about managed subnets is to think about a "router on a stick" deployment; A single interf...
Post a Comment
Read more

Mapping Users to Roles using LDAP

Cisco Posted a new Configuration Guide on how to use LDAP to map users to roles. This is relevant for any deployment integrating with LDAP as an auth server (e.g. Active Directory) or performing LDAP lookup with AD SSO. NAC(CCA) 4.x: Map Users to Certain Roles Using LDAP Configuration Example Make sure you check it out before your next LDAP auth server deployment.
Post a Comment
Read more

Cisco NAC Appliance Book

Finally after many years the first Cisco NAC Appliance book will be released in this coming August! A lot of very good engineers have contributed to this book, including the NACA TMEs! It is definately going to be something worth picking up and reading! Cisco NAC Appliance: Enforcing Host Security with Clean Access Book Description: The ultimate reference guide for the Cisco NAC (Network Access Control) Appliance with easy-to-follow guides to major security applications - Learn how Network Admission Control can make your network more secure - Prevent security breaches by checking for and enforcing a host security policy at the network edge - Master the design, configuration, deployment, and troubleshooting of the NAC Appliance solution Cisco NAC Appliance from Cisco Press presents an overview of real world Cisco NAC Appliance (formerly known as Clean Access) deployment scenarios. The book provides best practices for communicating to the user community before deploying the NAC Appliance...
Post a Comment
Read more