Chapter 6. Understanding Cisco Clean Access

Technology is a funny thing. While computers objectively process 1s and 0s, we humans complicate the matter with our subjectivity. This is very clearly the case when it comes to NAC/NAP solutions. Each solution can be objectively defined and categorized by looking at exactly what the solution encompasses. These upcoming chapters will clear up this subjectivity and ambiguity. After reading this chapter and the chapters on other NAC solutions, you will have a firm understanding of each solution, the components that make up the solutions, and their purposes.

This chapter lays out Cisco's Clean Access NAC solution. This chapter will be as objective as possible and will stick to the facts as much as possible. This chapter examines Cisco NAC by doing the following:

• Discussing deployment scenarios and topologies

• Directly comparing Cisco Clean Access to the "Technical Components of NAC Solutions" defined in Chapter 2

• After defining the components, providing an analysis of the purpose of the solution and comparing it against what is being communicated by the vendor and what is understood in the marketplace

This chapter will purposely not cover the exact procedures for configuring and setting up Cisco Clean Access. Cisco created its own documentation on how to do this. This chapter focuses on providing an understanding of the solution, its components, and its purpose.

In discussing these elements of the solution, the elements will be discussed in relation to the various types of users who would be accessing the network, including the following:

• Authorized/unrestricted user

• Authorized/restricted user

• Unauthorized user

Cisco NAC can be deployed in a number of different scenarios. Let's take a look at each of these.