CANAC Implementing Network Admissions Control (Cisco Clean Agent)

3 Day Course
Hands On
Official Curriculum

This course has been retired. Please view currently available Cisco Security Training Courses.


Collapse all

Cisco Self-Defending Networks (5 topics)

  • The Changing Landscape of Security
  • The Cisco Host-Protection Strategy
  • The Cisco SDN Initiative
  • Trust & Identity
  • Cisco NAC Products

Cisco NAC Appliance (7 topics)

  • Cisco NAC Appliance Solution
  • Cisco NAC Appliance Features
  • Cisco NAC Appliance Components
  • Compliance Scenarios
  • Deployment Options
  • Configuration Overview
  • User Interface

Cisco NAC Appliance Deployment Options (6 topics)

  • Cisco NAC Appliance Out-of-Band (OOB) Deployment
  • Cisco NAC Appliance In-Band Deployment
  • Compare Cisco NAC Appliance Deployment Options
  • Cisco NAS Operating Modes
  • Virtual Gateway vs. Real-IP Gateway
  • Layer 2 vs. Layer 3

Configure User Roles (5 topics)

  • What is a User Role?
  • Create User Roles
  • Define Traffic Policies for User Roles
  • Configure Traffic Policies for User Roles
  • Create Local User Accounts

Configure External Authentication (9 topics)

  • Configure External Authentication Providers
  • Authenticate Cisco NAC Appliance Users with Kerberos
  • Authenticate Cisco NAC Appliance Users with RADIUS
  • Authenticate Cisco NAC Appliance Users with LDAP
  • Authenticate Cisco NAC Appliance Users with NT Domain
  • Map Users to User Roles
  • Test User Authentication
  • Configure RADIUS Accounting for Users
  • Adding Custom RADIUS Attributes

Configure DHCP (6 topics)

  • Cisco NAS DHCP Modes
  • Enable the DHCP Module
  • Configure IP Ranges (IP Address Pools)
  • Work with Subnets
  • Reserve IP Addresses
  • Configure User-Specified DHCP Options

NAC Appliance Implementation;Implement Cisco NAC Appliance In-Band Deployment (6 topics)

  • In-Band Process Flow
  • In-Band Deployment Configurations
  • Configure the Cisco NAS for In-Band Deployment
  • Add the Cisco NAS to the Managed Domain
  • Configure the Cisco NAS Interfaces
  • Add Managed Subnets andConfigure Cisco NAS VLAN Settings

Implement Windows Active Directory Single Sign-On (AD SSO) (8 topics)

  • Kerberos Ticket Exchange
  • Confirming a NAS Ticket
  • Communications between the NAS and Active Directory
  • AD SSO Configuration Checklist
  • TCP & UPD Ports Required for AD SSO
  • Configure the NAS for AD SSO
  • Install Support Tools for Windows 2000 or 2003 Server
  • Configure the Domain Controller with ktpass.exe

Implement Virtual Private Network Single Sign-On (VPN SSO) (9 topics)

  • Configuration Checklist
  • Configure a Traffic Filter
  • Add VPN Authentication Server to NAM
  • Map VPN Users to Roles on NAM
  • Enable VPN SSO on the NAS
  • Adding a VPN Device to the NAS
  • Configure RADIUS Accounting
  • Configure the VPN Gateway as a Floating Device
  • Test VPN SSO

Implement Cisco NAC Appliance Out-of-Band Deployment (7 topics)

  • OOB Process Flow
  • OOB Deployment Considerations
  • Layer 2 Central & Edge Deployment
  • Layer 3 Virtual Gateway & Real-IP Gateway
  • Layer 2 & 3 Clientless Host Options
  • Differences between Cisco NAC Appliance OOB Setup and In-Band Setup
  • Implement Cisco NAS OOB Operating Modes

Manage Switches (7 topics)

  • Implement Switch Management
  • Configure the Network for OOB Deployment
  • Configure Group, Switch, and Port Profiles
  • Configure Port Profiles Adding Switches to the Managed Domain
  • Configuring SNMP Advanced Settings
  • Configure Switch Ports to Use Port Profiles
  • Manage Switch Configuration Settings

NAC Appliance Implementation Options Implement Cisco NAC Appliance on a Network (6 topics)

  • Implement Cisco NAC Appliance
  • General Setup Tab
  • User Pages
  • Manage Certified Devices
  • Device Exemption
  • Viewing User Reports

Implement Network Scanning (5 topics)

  • Configure the Quarantine Role
  • Implement Nessus Plug-Ins
  • Test a Scanning Configuration
  • Customize the User Agreement Page
  • View Scan Reports

Configure the NAM to Implement Cisco NAC Appliance Agent on User Devices (7 topics)

  • Configure the Cisco NAM to Implement the Cisco NAC Appliance Agent (NAA)
  • Retrieve Updates
  • Require the Use of the Cisco NAA
  • Configure the Cisco NAA Temporary Role
  • Introduce Checks, Rules, and Requirements
  • Create a Check, Rules, and Requirements
  • Map Requirements to Rules and Roles

Configure NAM High Availability (HA) (5 topics)

  • Introduce HA for Cisco NAMs
  • Establish a Serial Connection Between Managers
  • Digital Certificate Requirements
  • Configure the Primary Cisco NAM
  • Configure the Standby Cisco NAM

Configure Cisco NAC Appliance Server (NAS) HA (7 topics)

  • Introduce HA for NASs
  • Implementation Considerations
  • Digital Certificate Requirements
  • Configure the Primary and Standby NAS
  • Complete the Standby NAS HA Configuration
  • Test the NAS HA Configuration
  • Configure DHCP Failover

NAC Appliance Monitoring and Administration Monitor a Cisco NAC Appliance Deployment (5 topics)

  • Cisco NAC Appliance Monitoring
  • Monitor Online Users
  • Monitor NAS Health Event Logs
  • Configure Basic SNMP Support
  • Configure Syslog Support

Administer Cisco NAM (9 topics)

  • Define the Cisco NAM Administration Module
  • Set Network and Failover Parameters
  • Manage Administration Groups
  • Manage Administration Users
  • Manage User Passwords
  • Administer the System Time
  • Manage SSL Certificates
  • Manage the Cisco NAC Appliance Software
  • Protect Your NAM Configuration


Fundamental knowledge of implementing network security or CCSP or Cisco Security CSQ SNRS or working knowledge of digital certificates BCSI or working knowledge of HSRP