ebook img

Cisco Systems. Implementing Cisco NAC Appliance. Volume 1. Student Guide PDF

444 Pages·16.373 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cisco Systems. Implementing Cisco NAC Appliance. Volume 1. Student Guide

CANAC Implementing Cisco NAC Appliance Volume 1 Version 2.1 Student Guide Editorial, Production, and Web Services: 02.26.07 The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS.” CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above. The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Students, this letter describes important course evaluation access information! Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program, Cisco Systems is committed to bringing you the highest-quality training in the industry. Cisco learning products are designed to advance your professional goals and give you the expertise you need to build and maintain strategic networks. Cisco relies on customer feedback to guide business decisions; therefore, your valuable input will help shape future Cisco course curricula, products, and training offerings. We would appreciate a few minutes of your time to complete a brief Cisco online course evaluation of your instructor and the course materials in this student kit. On the final day of class, your instructor will provide you with a URL directing you to a short post-course evaluation. If there is no Internet access in the classroom, please complete the evaluation within the next 48 hours or as soon as you can access the web. On behalf of Cisco, thank you for choosing Cisco Learning Partners for your Internet technology training. Sincerely, Cisco Systems Learning The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Table of Contents Volume 1 Course Introduction 1 Overview 1 Learner Skills and Knowledge 1 Course Goal and Objectives 2 Course Flow 3 Additional References 4 Cisco Glossary of Terms 4 Cisco NAC Endpoint Security Solutions 1-1 Overview 1-1 Module Objectives 1-1 Introducing Cisco Self-Defending Networks 1-3 Overview 1-3 Objectives 1-3 Changing Landscape of Security 1-4 Cisco Host-Protection Strategy 1-7 The Cisco SDN Initiative 1-8 Cisco NAC Products 1-14 Summary 1-18 Introducing Cisco NAC Appliance 1-19 Overview 1-19 Objectives 1-19 Cisco NAC Appliance Solution 1-20 Cisco NAC Appliance Components 1-24 Cisco NAC Appliance Platforms 1-29 Cisco NAC Appliance Local and Remote Compliance Scenarios 1-30 Cisco NAC Appliance Configuration Overview 1-33 Cisco NAC Appliance User Interface 1-35 Summary 1-37 Introducing In-Band and Out-of-Band Deployment Options 1-39 Overview 1-39 Objectives 1-39 Cisco NAS Deployment Options 1-40 In-Band and Out-of-Band Deployment Options 1-44 Cisco NAC Appliance Out-of-Band Deployment 1-46 Cisco NAC Appliance In-Band Deployment 1-49 Cisco NAS Operating Modes 1-51 Summary 1-56 Module Summary 1-57 References 1-57 Module Self-Check 1-58 Module Self-Check Answer Key 1-62 Cisco NAC Appliance Common Elements Configuration 2-1 Overview 2-1 Module Objectives 2-1 The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Configuring User Roles 2-3 Overview 2-3 Objectives 2-3 What Is a User Role? 2-4 Managing User Roles 2-8 Defining Traffic Policies for User Roles 2-13 Configuring Traffic Policies for User Roles 2-16 Creating Local User Accounts 2-23 Configuring User Session Timeouts 2-25 Configuring Guest Access 2-30 Summary 2-34 Configuring External Authentication 2-35 Overview 2-35 Objectives 2-35 Configuring External Authentication Providers 2-36 Mapping Users to User Roles 2-44 Testing User Authentication 2-48 Configuring RADIUS Accounting for Users 2-49 Summary 2-54 Configuring DHCP on the Cisco NAS 2-55 Overview 2-55 Objectives 2-55 Cisco NAS DHCP Modes 2-56 Enabling the DHCP Module 2-58 Configuring IP Ranges 2-60 Working with Subnets 2-71 Reserving IP Addresses 2-75 Configuring User-Specified DHCP Options 2-78 Summary 2-82 Module Summary 2-83 References 2-83 Module Self-Check 2-84 Module Self-Check Answer Key 2-86 Cisco NAC Appliance Implementation 3-1 Overview 3-1 Module Objectives 3-1 Implementing Cisco NAC Appliance In-Band Deployment 3-3 Overview 3-3 Objectives 3-3 In-Band Process Flow 3-4 In-Band Deployment Configurations 3-8 Configuring the Cisco NAS for In-Band Deployment 3-14 Adding the Cisco NAS to the Managed Domain 3-16 Configuring the Cisco NAS Interfaces 3-18 Adding Managed Subnets 3-20 Configuring Cisco NAS VLAN Settings 3-22 Summary 3-27 ii Implementing Cisco NAC Appliance (CANAC) v2.1 © 2007 Cisco Systems, Inc. The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance 3-29 Overview 3-29 Objectives 3-29 Cisco NAC Appliance SSO for Microsoft Windows 3-30 Kerberos Ticket Exchange 3-32 Communicating Between Cisco NAS and a Microsoft Windows Active Directory Server 3-34 Configuring Active Directory SSO for the Cisco NAM, Cisco NAS, and Microsoft Windows Active Directory Server 3-35 Summary 3-50 Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance 3-51 Overview 3-51 Objectives 3-51 Introducing Cisco NAC Appliance VPN SSO 3-52 Introducing VPN SSO Support 3-54 Configuring Cisco NAC Appliance for VPN Concentrator or ASA Integration 3-55 Summary 3-71 Implementing Cisco NAC Appliance Out-of-Band Deployment 3-73 Overview 3-73 Objectives 3-73 Out-of-Band Process Flow 3-74 Out-of-Band Deployment Considerations 3-78 Adding an Out-of-Band Cisco NAS to the Cisco NAM 3-83 Implementing Cisco NAS Out-of-Band Operating Modes 3-87 Summary 3-97 Managing Switches 3-99 Overview 3-99 Objectives 3-99 Implementing Switch Management 3-100 Configuring the Network for Out-of-Band Deployment 3-101 Configuring Group Profiles 3-106 Configuring Switch Profiles 3-110 Configuring Port Profiles 3-113 Configuring the SNMP Receiver 3-119 Adding Switches to the Managed Domain 3-123 Configuring Switch Ports to Use Port Profiles 3-129 Managing Switch Configuration Settings 3-134 Summary 3-138 Module Summary 3-139 References 3-140 Module Self-Check 3-141 Module Self-Check Answer Key 3-145 Cisco NAC Appliance Implementation Options 4-1 Overview 4-1 Module Objectives 4-1 Implementing Cisco NAC Appliance on a Network 4-3 Overview 4-3 Objectives 4-3 Implementing Cisco NAC Appliance 4-4 Introducing the General Setup Tab 4-11 Introducing User Pages 4-14 Managing Certified Devices 4-17 Summary 4-29 © 2007 Cisco Systems, Inc. Implementing Cisco NAC Appliance (CANAC) v2.1 iii The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Implementing Network Scanning 4-31 Overview 4-31 Objectives 4-31 Introducing Network Scanning 4-32 Configuring the Quarantine Role 4-34 Implementing Nessus Plug-Ins 4-40 Testing a Scanning Configuration 4-48 Customizing the User Agreement Page 4-49 Viewing Scan Reports 4-52 Summary 4-54 Configuring the Cisco NAM to Implement the Cisco NAA on User Devices 4-55 Overview 4-55 Objectives 4-55 Configuring the Cisco NAM to Implement the Cisco NAA 4-56 Retrieving Updates 4-57 Requiring the Use of the Cisco NAA 4-59 Configuring the Cisco NAA Temporary Role 4-62 Introducing Cisco NAA Checks, Rules, and Requirements 4-65 Creating a Check 4-74 Creating Rules 4-75 Creating Requirements 4-80 Mapping Requirements to Rules and Roles 4-85 Summary 4-88 Configuring Cisco NAM High Availability 4-89 Overview 4-89 Objectives 4-89 Introducing High Availability for Cisco NAMs 4-90 Establishing a Serial Connection Between Cisco NAMs 4-95 Configuring the Primary Cisco NAM 4-98 Configuring the Secondary Cisco NAM 4-102 Summary 4-105 Configuring Cisco NAS High Availability 4-107 Overview 4-107 Objectives 4-107 Introducing High Availability for Cisco NASs 4-108 Configuring the Primary Cisco NAS 4-112 Configuring the Secondary Cisco NAS 4-117 Testing the Cisco NAS High-Availability Configuration 4-123 Configuring DHCP Failover 4-124 Summary 4-130 Module Summary 4-131 References 4-131 Module Self-Check 4-132 Module Self-Check Answer Key 4-138 iv Implementing Cisco NAC Appliance (CANAC) v2.1 © 2007 Cisco Systems, Inc. The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. CANAC Course Introduction Overview The Cisco Self-Defending Network (SDN) strategy addresses the need for Network Admission Control (NAC). The Cisco NAC Appliance is an easily deployed software NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. The Implementing Cisco NAC Appliance (CANAC) v2.1 course will provide learners with the skills and knowledge to be able to implement the Cisco NAC Appliance solution as a part of a Cisco SDN security strategy. Learner Skills and Knowledge This subtopic lists the skills and knowledge that learners must possess to benefit fully from the course. The subtopic also includes recommended Cisco learning offerings that learners should first complete to benefit fully from this course. Learner Skills and Knowledge (cid:131) Working knowledge of routing and switching or CCNA (cid:131) Working knowledge of VLANs or BCMSN (cid:131) Working knowledge of digital certificates or SNRS (cid:131) Working knowledge of HSRP or BCSI (cid:131) Fundamental knowledge of implementing network security or SND or CCSP or Cisco Security CQS ©2007 Cisco Systems, Inc. All rights reserved. CANAC v2.1—3 The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study. Course Goal and Objectives This topic describes the course goal and objectives. Course Goal “Upon completion of this course, you will have the skills and knowledge to implement a Cisco NAC Appliance solution into a network equipped with Cisco products.” Implementing NAC Appliance ©2007 Cisco Systems, Inc. All rights reserved. CANAC v2.1—4 Upon completing this course, you will be able to meet these objectives: (cid:132) Given network security requirements, select the appropriate NAC endpoint security deployment scenario that will meet or exceed network security requirements (cid:132) Configure the elements of a NAC Appliance solution (cid:132) Configure the NAC Appliance in-band and out-of-band implementation options (cid:132) Implement a highly available NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements (cid:132) Maintain a highly available NAC Appliance deployment in medium-sized and enterprise- sized network environments 2 Implementing Cisco NAC Appliance (CANAC) v2.1 © 2007 Cisco Systems, Inc. The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.