Implementing Cisco Network Admission Control v3.0 (NAC) — A 3-day course

Synopsis

Network Access Devices (NADs) enforce admission control policy on switches. These devices demand host security credentials and relay this information to policy servers, where network admission control decisions are made. Based on customer-defined policy, the network will enforce the appropriate admission control decision.

This 3-day, lab-intensive course will teach you how to implement network-based access control using Cisco routers, switches, and wireless APs.

Course Objectives:

After completing this course, the student will be able to:

Understand how Cisco NAC operates
Configure Cisco Secure ACS to operate as a Cisco NAC AAA policy server
Configure Cisco IOS routers, switches, and access points to act as Cisco NAC NADs
Configure Cisco agents to act as Cisco NAC clients
Configure a Trend Micro policy server to operate as an external Cisco NAC policy server

Intended Audience

This course may be of interest to the following people:

Engineers who support sales of Cisco security product solutions
Cisco channel partners and customers who sell, implement, and maintain secure networks.

Prerequisites

Delegates who are looking to attend this course must have the following pre-requistes:

Certification as a CCSP or the equivalent knowledge
Basic knowledge of the Microsoft Windows operating system
Familiarity with networking and security terminology and concepts

Publicly scheduled dates, locations, and prices

A schedule of dates for this course is not currently available. Please call 0800 651 0338 or use our contact form to enquire about places and availability.

Introduction to Cisco Network Admission Control
Cisco NAC Components
NAC Deployment Comparisons
Understanding the Cisco NAC Posture Validation Process
Understanding the Cisco NAC Status Query Process
EAP-FAST
Protected Access Credential
Understanding Access Restrictions for Postured Clients
Understanding Cisco NAC Deployment Scenarios

Configuring Cisco Secure ACS for Cisco NAC

Using Cisco Secure ACS as a Cisco NAC AAA Policy Server
NAC Features
Task 1: Install the Cisco Secure ACS Server
Task 2: Import Vendor AVPs
Task 3: Add a NAD AAA Client
Task 4: Configure the Administrator Interface and Admininstrator Access
Task 5: Install and Configure the Cisco Secure ACS Certificate
Task 6: Configure Global Authentication
Task 7: Configure Service Logs
Task 8: Configure Shared Profile Components
Task 9: Configure Posture Validation
Task 10: Configure Group and Vendor Attributes
Task 11: Create Network Access Profiles
Task 12: Configure a Clientless User, NRH, or NAH

Configuring Cisco Routers for Cisco NAC

Using Cisco Routers as Cisco NAC Network Access Devices
Task 1: Configure AAA
Task 2: Configure a RADIUS Server
Task 3: Configure an Interface ACL
Task 4: Configure an Intercept ACL
Task 5: Configure a Cisco NAC Global Policy
Task 6: Configure the Cisco NAC Interface
Task 7: Configure Clientless Host (NAH or NRH) Support
Task 8: Set EAPoUDP Timers
Task 9: Enable a Cisco IOS HTTP Server
Task 10: Enable EAPoUDP Logging
Using Cisco IOS NAD Troubleshooting Commands

Configuring Cisco Switches for Cisco NAC

Using Cisco Switches as Cisco NAC Network Access Devices
Common Switch Configurations
Configure AAA
Configure a RADIUS Server
Configure an Interface ACL
Configure a Cisco NAC Global Policy
Configure the Cisco NAC Interface
Configure Clientless Host Support (NAH or NRH)
Set EAPoUDP Timers
Enable a Cisco IOS HTTP Server
Enable EAPoUDP Logging
NAC L2 IP Commands
NAC L2 802.1x Commands
Using Cisco IOS Switch NAD Troubleshooting Commands

Configuring Cisco NAC Agents

Using Cisco Agents as Cisco NAC Clients
Configuring Cisco Trust Agent for Cisco NAC
Using Cisco Security Agent with Cisco NAC

Configuring Cisco Wireless Access Points for Cisco NAC

EAP-FAST
RADIUS-Based VLAN Access Control
RADIUS Attributes
Wireless Configuration Tasks
Configuring AAA
Configuring RADIUS
Configuring VLAN Support
Using Cisco IOS Access Point NAD Troubleshooting Commands

Course labs

Lab 1-1: Configure Cisco Secure ACS for Cisco NAC
Lab 1-2: Configure a Cisco Router as a NAD
Lab 1-3: Verify a Clientless Host (NAH or NRH)
Lab 1-4: Install Cisco Trust Agent 2.0
Lab 1-5: Configure a Cisco Switch for NAC L2 IP
Lab 1-6: Configure a Trend Micro Policy Server for Cisco NAC
Lab 1-7: Configure a Cisco Switch for NAC L2 802.1x
Lab 1-8: Configure a Cisco Wireless Access Point for Cisco NAC

Printer-friendly version

Cisco training UK enquiries

UK Training enquiries and feedback form.

Cisco training UK prices

For publicly scheduled training (individual places), see our UK training schedule.

For current special offers on courses, see our Special Offers section.

In-house training for company groups is charged at a daily rate per group — see our In-House UK Training Guidelines.

Publicly Scheduled Training Locations

We currently run public training courses across the UK including following locations:

London, UK
Leeds, West Yorkshire, UK
Aberdeen, Scotland, UK
Bradford, West Yorkshire, UK
Birmingham, West Midlands, UK
Bournemouth, Dorset, UK
Bristol, South West
Carshalton, Surrey, UK
Chester, North West, UK
Cheshire, North West, UK
Coventry, West Midlands, UK
Crawley, West Sussex, UK
Derby, East Midlands, UK
Dublin, Ireland
Edinburgh, Scotland, UK
Exeter, South West, UK
Glasgow, Scotland, UK
Harrogate, North Yorkshire, UK
Harwell, Oxfordshire, UK
Hinckley, Leicestershire, UK
Lancashire, North West, UK
Liverpool, North west, UK
Maidenhead, Berkshire, UK
Manchester, North West, UK
Milton Keynes, Buckinghamshire, UK
Nottinghamshire, East Midlands, UK
Reading, Berkshire, UK
Sheffield, South Yorkshire, UK
Slough, Berkshire, UK
Stevenage, Hertfordshire, UK
Swindon, South West, UK
Tyne and Wear, North East, UK
Wakefield, West Yorkshire, UK
Wokingham, Berkshire, UK
Wiltshire, South West, UK
Wirral, North West, UK

Most UK public training courses are available on a monthly basis.

Please see the individual course outlines or our public training schedule for details.

In-house (on-site) training locations

We deliver in-house courses at client premises and/or training facilities in any part of the world which is practically and commercially accessible.

Our In-house training guidelines outline our basic requirements and our UK pricing structure. To estimate costs for training in other countries, simply convert to your local currency and then make a rough calculation of our tutor's costs for travelling to and staying at your location.