header
headerhomeService AreasCourse CatalogTraining SchedulesEnrollAbout UsCareers
   

Implementing Cisco NAC Appliance (CANAC)

4-Day Hands on Cisco Authorized Course


Course Description

In this course, you'll learn how to design & implement a Cisco NAC Appliance solution to suit your network. You will learn basic configuration tasks such as NAM and NAS deployment modes, authentication (including Windows SSO), role-based access control, posture assessment, and remediation.

Cisco Systems offers two solutions for Network Admissions Control: NAC Appliance and NAC Framework. If the NAC solution you are planning includes the following elements, then this NAC Appliance course, CANAC v2.1, is right for you:

  • NAC Appliance Manager (NAM)
  • NAC Appliance Server (NAS)
  • Cisco Catalyst Switches using Out-of-Band (OOB) access
  • Cisco VPN Concentrators (without configuring NAC commands)
  • Cisco ASA/PIX Firewalls (without configuring NAC commands)

If the NAC solution you are planning includes the following elements, then the NAC Framework course, NAC (Implementing Cisco Network Admission Control) v3.0, is the better choice:

  • Cisco Secure ACS 4.0/4.1
  • Cisco Catalyst Switches as a NAC enforcement point
  • Cisco IOS Routers as a NAC enforcement point
  • Cisco VPN Concentrators as a NAC enforcement point
  • Cisco ASA/PIX Firewalls as a NAC enforcement point

 

Course Objectives

  • Given client network security requirements, explain how a NAC Appliance deployment scenario will meet or exceed those expectations
  • Configure the common elements of a NAC Appliance solution
  • Configure Active Directory Single Sign-On (AD SSO)
  • Configure VPN Single Sign-On using an ASA/PIX
  • Configure the NAC Appliance in-band and out-of-band implementation options
  • Implement the NAM and NAS High Availability to protect against downtime
  • Configure Network Scanning to audit clients and clientless hosts
  • Learn to monitor, maintain, and troubleshoot a NAC solution

 

Intended Audience

Anyone responsible for the design, implementation, or support of a Cisco NAC Appliance installation and Cisco Channel Partners preparing for CCSP and NAC Specialist certification.

 

Prerequisites

Fundamental knowledge of implementing network security or CCSP or Cisco Security Qualified Specialist Certification SNRS or working knowledge of digital certificates

  • BSCI or working knowledge of HSRP
  • SNRS - Securing Networks with Cisco Routers and Switches
  • BSCI - Building Scalable Cisco Internetworks v3.0

 

Course Outline

  • The Cisco NAC Appliance Solution
    • Cisco Self-Defending Networks
    • Cisco NAC Appliance
    • Cisco NAC Appliance Deployment Options
    • Configure User Roles
    • Configure External Authentication
    • Configure DHCP
  • NAC Appliance Implementation
    • Implement Cisco NAC Appliance In-Band Deployment
    • Implement Windows Active Directory Single Sign-On (AD SSO)
    • Implement Virtual Private Network Single Sign-On (VPN SSO)
    • Implement Cisco NAC Appliance Out-of-Band Deployment
    • Manage Switches
  • NAC Appliance Implementation Options
    • Implement Cisco NAC Appliance on a Network
    • Implement Network Scanning
    • Configure the NAM to Implement Cisco NAC Appliance Agent on User Devices
    • Configure NAM High Availability (HA)
    • Configure Cisco NAC Appliance Server (NAS) HA
  • NAC Appliance Monitoring and Administration
    • Monitor a Cisco NAC Appliance Deployment
    • Administer Cisco NAM
  • If the NAC solution you are planning includes the following elements, then the NAC Framework course, NAC - Implementing Cisco Network Admission Control v3.0, is the better choice:
    • Cisco Secure ACS 4.0/4.1
    • Cisco Catalyst Switches
    • Cisco IOS Routers
    • Cisco VPN Concentrators
    • Cisco ASA/PIX Firewalls

Course Labs

  • Lab 1: Remote Lab Environment
    • Log In to the Remote Lab Environment
    • Launch and Log In to the Remote Lab Virtual PCs
    • Set Time Zone on Remote Lab Virtual PCs
    • Log In to and Manage Remote Lab Equipment
  • Lab 2: Prepare NAM for Web-Based Administration
    • Import Appropriate License Files
    • Log into the Web Administration Environment
    • Prepare to Import a NAS
  • Lab 3: Configuring User Roles and Traffic Policies
    • Configure a Default User Page
    • Create User Roles on the NAM
    • Create Traffic Policies that Map to Each User Role
    • Configure New Users
  • Lab 4: Adding In-Band Virtual Gateway NAS to the NAM
    • Connect an In-Band NAS to the NAM
    • Configure NAS as Virtual Gateway
    • Configure VLAN Mapping
  • Lab 5: Create a High Availability NAM Cluster
    • Confirm Connectivity between Primary & Secondary NAM
    • Export the Private Key and SSL Certificate of the Primary NAM
    • Import the Private Key and SSL Certificate into the Secondary NAM
    • Configure Network and Failover Settings on Primary & Secondary NAM
    • Verify NAM Database Synchronization
    • Test Failover
  • Lab 6: Configuring Active Directory Single Sign-On (AD SSO)
    • Add AD SSO Authentication Server
    • Configure Traffic Policies for the Unauthenticated Role
    • Enable the NAS to Use AD SSO
    • Use ktpass.exe to Prepare the Domain Controller
    • Enable and Test Agent-Based AD SSO
  • Lab 7: Configuring VPN Single Sign-On (VPN SSO)
    • Configure the NAM to use an ASA 5520 as a Floating Device
    • Add VPN Authentication Server to the NAM
    • Map VPN Users to Roles for SSO
    • Add a RADIUS Accounting Server to the NAS
    • Map the ASA 5520 to the Accounting Server
    • Test VPN SSO
  • Lab 8: Configuring RADIUS for SSO VPN
    • Adding an IAS Server
    • Debugging the ASA RADIUS Authentication
    • Mapping VPN Groups to a NAC Appliance Role
  • Lab 9: Configure Switch for Out-Of-Band Operation
    • Delete the In-Band NAS from the NAM
    • Reconfigure the NAS as OOB Virtual Gateway
    • Configure VLAN Mapping
    • Verify Switch SNMP Configuration
    • Configure Group and Switch Profiles
    • Configure the NAM as an SNMP Trap Receiver
    • Add Switches and Configure Ports on the NAM
    • Test With Host
  • Lab 10: Configuring the NAC Appliance Agent (NAA) for Specific Threats
    • Configure the NAS to Require the Use of NAA
    • Configure NAA Host Policies
    • Create a Host Requirement
    • Associate the Host Requirement to Users and Roles
    • Test and Verify
  • Lab 11: Configuring LDAP Authorization to MAP AD Groups to NAC Appliance Roles
    • Configure an LDAP Lookup Server
    • Configure Authorized Groups in Active Directory
    • Associate the Lookup Server with an Authentication Provider
    • Test the Solution


TOP

 
 

Course Description

Course Objectives

Intended Audience

Prerequisites

Course Outline

Course Labs

 

 
 
 
   
 
Course Catalog Training Schedules Enroll Training Locations Cancellation Policy Contact Us Related Links Site Map
Service Areas Careers About Us Customer Quotes News & Events
 

CCIP, CCIE, CCDA, CCDP, CCNP, CCNA, VLANDirector, TrafficDirector, CiscoWorks 2000, ONS 15454 Secure PIX Firewal, Secure Virtual Private Networks, Cisco, Cisco Systems, Cisco Systems Logo, Catalyst, EtherChannel, IOS and LightStream are registered trademarks of Cisco Systems, Inc. or its affiliates in the US and certain other countries.