The following is a list of new things out there in the Cisco NAC World. The NAC Market is continuing to grow in 2009 and with the growth the products will continue to evolve, get better and have more options.
Security Options Abound: New NAC Release
My friends over at TechWiseTV are a huge multi-media machine, producing video, audio and podcasts. Well this PodCast is on NAC 4.5, Alok Agrawal of the NAC Business Unit and Myself dive into some of the cool features of 4.5. All of the podcasts can be subscribed to through iTunes.
To access the NAC podcast go to:
http://www.cisco.com/en/US/solutions/ns340/ns339/ns638/ns719/html_TW/tw_episode_198.html
And to get more information on all the great stuff coming from Techwise TV visit:
http://www.mytechwisetv.com/
or
http://cisco.com/go/interact
NAC Layer 3 Out of Band Design Guide That Uses VRF-Lite for Traffic Isolation
Cisco wrote a new configuration guide on using VRF-Lite for traffic isolation. This is a great configuration option for NAC, but with that said never re-design your network just for NAC. VRFs can become very complex and introducing new technology into the network should be carefully planned. Using VRFs in a enterprise network does make sense, but the reasons for moving to the new network design should be a combination of the added features/benefits for Security(NAC, Guest Access, Wireless, etc.) and Network managebility, throughput, and scalability.
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a3a8a7.shtml
New NAC Profiler Release
Last month a new maintenance release of Cisco NAC Profiler came out. 2.1.8-38 brings a good list of BugFixes and minor enhancements.
One Minor Enhancement that made it was Endpoint and Directory Timeout Unified Into Endpoint Timeout, which gives us more control on how to age out endpoints out of the database.
Find all the Fixes and information in the Release Notes.
The Release Notes can be found:
http://www.cisco.com/en/US/docs/security/nac/profiler/release_notes/218/218rn.html#wp101317
The new software can be download at:
http://www.cisco.com/cgi-bin/tablebuild.pl/nacprofiler-2.1.8 (Requires Valid Smartnet Contract)
Showing posts with label Configuration Guide. Show all posts
Showing posts with label Configuration Guide. Show all posts
Thursday, January 22, 2009
Tuesday, November 18, 2008
NAC Support Logs in 4.5
Many people might be wondering what happen to the handy dandy support logs that used to be located in the "/perfigo/logs/" directory in previous NAC versions. Well in version 4.5 there were some enhancements to the logging and with those enhancements came new placement of the logs.
These logs are most commonly used to troubleshoot NAC during deployments. Please do not turn on advanced logging without reading the documentation fully or with the assistance of Cisco TAC.
The CAM log can be found at:
/perfigo/control/tomcat/logs/nac_manager.log
The CAS log can be found at:
/perfigo/access/tomcat/logs/nac_server.log
For those of you not familiar with what the logs contain, please feel free to reference the CAM and CAS Configuration Guides:
CAM Admin Guide - Support Logs
CAS Admin Guide - Support Logs
These logs are most commonly used to troubleshoot NAC during deployments. Please do not turn on advanced logging without reading the documentation fully or with the assistance of Cisco TAC.
The CAM log can be found at:
/perfigo/control/tomcat/logs/nac_manager.log
The CAS log can be found at:
/perfigo/access/tomcat/logs/nac_server.log
For those of you not familiar with what the logs contain, please feel free to reference the CAM and CAS Configuration Guides:
CAM Admin Guide - Support Logs
CAS Admin Guide - Support Logs
Tuesday, October 21, 2008
Cisco NAC Appliance 4.5 Released
The time has come.... 4.5 is here
It can be downloaded here! (Require Valid Smartnet Contract)
As with all NAC releases, be sure to read the RELEASE NOTES before upgrading!
CAM/CAS Configuration Guides:
Looks for future posts on new features and benefits!
CAM/CAS Configuration Guides:
- Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5 New!
- Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5 New!
Looks for future posts on new features and benefits!
Monday, October 20, 2008
Configuration Example - Wireless Out Of Band - New NAC 4.5 Feature
The following is a configuration guide that was posted to explain how to configure NAC 4.5 with Wireless LAN Controller 5.1 for NAC Wireless OOB support.
Wireless OOB is a feature we all have been waiting for. Some of the great benefits that I see are:
- No need for a second Clean Access Server(CAS) just for wireless. If you are a smaller organization wireless and wired can be performed on a single CAS.
- Bandwidth benefits for larger wireless infrastructures. With 10Gbps network backbones and large central wireless deployments(lots of clients), having a OOB wireless deployment is a no brainer.
This is one of a few great features coming out with NAC release 4.5.
NAC Out-Of-Band (OOB) Wireless Configuration Example
Wireless OOB is a feature we all have been waiting for. Some of the great benefits that I see are:
- No need for a second Clean Access Server(CAS) just for wireless. If you are a smaller organization wireless and wired can be performed on a single CAS.
- Bandwidth benefits for larger wireless infrastructures. With 10Gbps network backbones and large central wireless deployments(lots of clients), having a OOB wireless deployment is a no brainer.
This is one of a few great features coming out with NAC release 4.5.
Tuesday, September 30, 2008
NAC Updates
Windows Clean Access Agent Version 4.1.7 Released - Sept 30th
In this release their are a few minor resolved caveats:
- Symantec AntiVirus 10.x not fully compatible with CCA Agent
- Vista Agent does not detect MAC Address of Wireless NIC
- AVG Anti-Virus Free 8.x support for Virus Definition check
As with all upgrades, it is highly recommended to read the release notes before upgrading. Also, on a side note, remember that upgrades should be done for a purpose, either to fix a caveat or to gain new features.
Download 4.1.7 Windows Agent
Release Notes
3 NEW Configuration Examples posted to CCO
- NAC Appliance (CCA): Configure High Availability (HA) for the Clean Access Manager (CAM)
29/Sep/2008
- Deploy NAC Profiler in an Existing Out-of-Band NAC
02/Sep/2008
- Importing SSL Certificates to NAC Profiler
02/Sep/2008
To see all the previous Configuration Examples and TechNotes
How to Block Operating Systems with CCA
A friend of mine, Rob Chee, writes a blog on network security and had a great post on how to block operating systems using User Pages with CCA.
Make sure you check out his Post.
In this release their are a few minor resolved caveats:
- Symantec AntiVirus 10.x not fully compatible with CCA Agent
- Vista Agent does not detect MAC Address of Wireless NIC
- AVG Anti-Virus Free 8.x support for Virus Definition check
As with all upgrades, it is highly recommended to read the release notes before upgrading. Also, on a side note, remember that upgrades should be done for a purpose, either to fix a caveat or to gain new features.
Download 4.1.7 Windows Agent
Release Notes
3 NEW Configuration Examples posted to CCO
- NAC Appliance (CCA): Configure High Availability (HA) for the Clean Access Manager (CAM)
29/Sep/2008
- Deploy NAC Profiler in an Existing Out-of-Band NAC
02/Sep/2008
- Importing SSL Certificates to NAC Profiler
02/Sep/2008
To see all the previous Configuration Examples and TechNotes
How to Block Operating Systems with CCA
A friend of mine, Rob Chee, writes a blog on network security and had a great post on how to block operating systems using User Pages with CCA.
Make sure you check out his Post.
Thursday, July 31, 2008
New Configuration Example: Configure Guest Access
Cisco posted a new Configuration Guide:
NAC: Configure Guest Access
This example will walk you through how to configure the various types of guest access on the Cisco Clean Access or NAC appliance.
To see all the previous Configuration Examples and TechNotes
NAC: Configure Guest Access
This example will walk you through how to configure the various types of guest access on the Cisco Clean Access or NAC appliance.
To see all the previous Configuration Examples and TechNotes
Tuesday, June 10, 2008
New Configuration Examples
Cisco posted two new Configuration Guides:
NAC: LDAP over SSL on the Clean Access Manager (CAM)
This example will walk you through using SSL with your LDAP Auth Server.
NAC: LDAP Integration with ACS Configuration Example
This example will explain how to use Cisco NAC Profiler for MAC Auth Bypass(MAB) for 802.1X deployments.
To see all the previous Configuration Examples and TechNotes
NAC: LDAP over SSL on the Clean Access Manager (CAM)
This example will walk you through using SSL with your LDAP Auth Server.
NAC: LDAP Integration with ACS Configuration Example
This example will explain how to use Cisco NAC Profiler for MAC Auth Bypass(MAB) for 802.1X deployments.
To see all the previous Configuration Examples and TechNotes
Friday, September 7, 2007
Configure And Troubleshoot the Antivirus Definition Updates
Cisco posted a new Configuration Guide on how to configure and troubleshoot Antivirus Definition Updates. This is relevant for any deployment using Cisco Preconfigure AV definition rules.
NAC Appliance (Cisco Clean Access): Configure And Troubleshoot the Antivirus Definition Updates
Thursday, September 6, 2007
Cisco NAC Profiler Documentation
If you are interested in NAC Profiler services or consulting, please contact me jsanbower
Cisco NAC Profiler Data Sheet
http://www.cisco.com/en/US/products/ps6128/products_data_sheet0900aecd806b7d4e.html
Cisco NAC Profiler Brochure
http://www.cisco.com/en/US/products/ps6128/prod_brochure0900aecd806b7e8c.html
Cisco NAC Profiler Q & A
http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd806b5d40.shtml
Cisco NAC Profiler Ordering Guide
http://www.cisco.com/en/US/products/ps6128/prod_bulletin0900aecd806b7d69.html
Configuration Guide 2.1.7
http://www.cisco.com/en/US/docs/security/nac/profiler/configuration_guide/217/nac_profiler_cg.html
Saturday, July 21, 2007
Configure and Troubleshoot the Active Directory Windows Single Sign On (SSO)
Cisco posted a new Configuration Guide on how to configure and troubleshoot ADSSO. This is relevant for any deployment using ADSSO and also has some great text on the common error messages and associated resolutions.
NAC Appliance (CCA): Configure and Troubleshoot the Active Directory Windows Single Sign On (SSO)
Wednesday, June 6, 2007
Mapping Users to Roles using LDAP
Cisco Posted a new Configuration Guide on how to use LDAP to map users to roles. This is relevant for any deployment integrating with LDAP as an auth server (e.g. Active Directory) or performing LDAP lookup with AD SSO.
NAC(CCA) 4.x: Map Users to Certain Roles Using LDAP Configuration Example
Make sure you check it out before your next LDAP auth server deployment.
NAC(CCA) 4.x: Map Users to Certain Roles Using LDAP Configuration Example
Make sure you check it out before your next LDAP auth server deployment.
Subscribe to:
Posts (Atom)
