Post on 03-Feb-2022
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
NAC Minimum Requirements
Minimum deployment includes: minimum 1 NAC Server and minimum 1 NAC Manager
NAC Managers start from NACMGR-3-K9 with maximum 3 adjacent NAC Servers
NAC Manager can manage any NAC Server, includes NME-NAC-K9 (up to 100 users)
NAC Manager can be placed remotely
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
NAC Recommendations: CO LAN
Wired: Out-of-Band Layer 2 deployment
• Easy deployment
• Existing network topology Wireless: InBand deployment (L2 or L3)
• All services (guest, QoS, etc)• Security
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
NAC Recommendations: Remote
IPSec/SSL VPN client: InBand L3 Remote office: InBand deployment
•Server locates behind central office firewall•Manager locates in CO DMZ•All traffic from remote office users bypasses NAC Server
Remote office growth: move Server to remote location (NAC 33xx or NME-NAC)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Remote Site NAC Server (Inband or OOB)R Minimal network changes (same as campus
deployment)d Remote segmentation, or port segmentation using OOB Full feature support - keep ip address (vgw), /30s etc Deploy Inband for both wired and wireless users Deploy OOB for wired only deployments (Starting 4.5
Wireless OOB could be leveraged here) NME-NAC-K9 as a NAC Server can be deployed to
save the existing topology and save money.
Optimal SolutionProvides all the functions of a campus
deployment, contrast with cost
IP Network
NAC Manager
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
NAC Growth One NAC Server can manage 100 users (3310) and
up to 3500 users (3350) One NAC Manager can serve 3 NAC Servers and up
to 40 Servers Administrator can add additional NAC Guest Server to
provide some services, like guest access and monitoring
NME-NAC modules for ISR 28xx,38xx for greater flexibility
NAC Profiler can be deployed for excellent manageability of both managed and unmanaged devices, such as IpPhones, Printers, terminals etc
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
NAC Guest Server Provisioning: Allows any internal sponsor to create
guest accounts
Notification: Provides access details to the guest by print, e-mail, or text message
Management: Makes it easy to modify and suspend accounts
Reporting: Provides full reporting on guest accounts and guest activity
Helps IT stuff to manage lots of guest accounts
Can manage guest accounts from NAC Servers and LWAPP AP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
NAC Prices (GPL)ServersNME-NAC-K9 Cisco NAC Network Module for 2800, 3800 ISRNAC3310-100-K9 NAC Appliance 3310 Server -max 100 usersNAC3310-500-K9 NAC Appliance 3310 Server -max 500 usersNAC3350-1500-K9 NAC Appliance 3350 Server -max 1500 usersNAC3350-3500-K9 NAC Appliance 3350 Server -max 3500 usersManagersNACMGR-3-K9 NAC Appliance 3310 Manager -max 3 ServersNACMGR-20-K9 NAC Appliance 3350 Manager -max 20 ServersNACMGR-40-K9 NAC Appliance 3390 Manager -max 40 ServersGuest ServerNAC3310-GUEST-K9 NAC Guest ServerProfilerNAC3350-PROF-K9 NAC 3350 Profiler -max upto 40K devices
$2 000,00 $8 990,00
$22 990,00 $41 990,00 $72 990,00
$8 990,00 $21 990,00 $38 990,00
$24 995,00
$58 990,00
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
CSA minimum deployment CSA agent works only with CSA Management Center Starter kit includes CSA MC, 10 desktop and 1 server
license CSA MC can be placed remotely Server agent can be installed at different OS:
Windows,Linux and Solaris Desktop agent can be at Windows and Linux Data Leakage Protection feature (DLP) is licensed
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
CSA Growth (version 6.0)* One MC can manage up to
•5000 desktops
•500 servers
•10000 DLP desktops
New features: DLP, signature-based antivirus
Easy deployment and implementing new features and policies
* Starting August 2008
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
CSA Prices (version 6.0)*
* Approximately. Based on v5.2 prices. Actual 6.0 prices - August 2008
Starter kitCSA-START-6.0-K9= CSA 6.0 Starter Kit [MC, 1 Server, and 10 Desktop Agents]ServerCSA-SRVR-K9= Cisco Security Agent [1 Server Agent Bundle]CSA-B500-SRVR-K9 Cisco Security Agent [500 Server Agent Bundle]DesktopCSA-B25-DTOP-K9 Cisco Security Agent [25 Desktop Agent Bundle]
$3 000,00
$1 050,00 $304 500,00
$1 625,00