CANAC Implementing Network Admissions Control (Cisco Clean Agent)

3 Day Course
Hands On
Official Curriculum
Code CANAC

This course has been retired. Please view currently available Cisco Security Training Courses.

Modules

Hide all

Cisco Self-Defending Networks (5 topics)

  • The Changing Landscape of Security
  • The Cisco Host-Protection Strategy
  • The Cisco SDN Initiative
  • Trust & Identity
  • Cisco NAC Products

Cisco NAC Appliance (7 topics)

  • Cisco NAC Appliance Solution
  • Cisco NAC Appliance Features
  • Cisco NAC Appliance Components
  • Compliance Scenarios
  • Deployment Options
  • Configuration Overview
  • User Interface

Cisco NAC Appliance Deployment Options (6 topics)

  • Cisco NAC Appliance Out-of-Band (OOB) Deployment
  • Cisco NAC Appliance In-Band Deployment
  • Compare Cisco NAC Appliance Deployment Options
  • Cisco NAS Operating Modes
  • Virtual Gateway vs. Real-IP Gateway
  • Layer 2 vs. Layer 3

Configure User Roles (5 topics)

  • What is a User Role?
  • Create User Roles
  • Define Traffic Policies for User Roles
  • Configure Traffic Policies for User Roles
  • Create Local User Accounts

Configure External Authentication (9 topics)

  • Configure External Authentication Providers
  • Authenticate Cisco NAC Appliance Users with Kerberos
  • Authenticate Cisco NAC Appliance Users with RADIUS
  • Authenticate Cisco NAC Appliance Users with LDAP
  • Authenticate Cisco NAC Appliance Users with NT Domain
  • Map Users to User Roles
  • Test User Authentication
  • Configure RADIUS Accounting for Users
  • Adding Custom RADIUS Attributes

Configure DHCP (6 topics)

  • Cisco NAS DHCP Modes
  • Enable the DHCP Module
  • Configure IP Ranges (IP Address Pools)
  • Work with Subnets
  • Reserve IP Addresses
  • Configure User-Specified DHCP Options

NAC Appliance Implementation;Implement Cisco NAC Appliance In-Band Deployment (6 topics)

  • In-Band Process Flow
  • In-Band Deployment Configurations
  • Configure the Cisco NAS for In-Band Deployment
  • Add the Cisco NAS to the Managed Domain
  • Configure the Cisco NAS Interfaces
  • Add Managed Subnets andConfigure Cisco NAS VLAN Settings

Implement Windows Active Directory Single Sign-On (AD SSO) (8 topics)

  • Kerberos Ticket Exchange
  • Confirming a NAS Ticket
  • Communications between the NAS and Active Directory
  • AD SSO Configuration Checklist
  • TCP & UPD Ports Required for AD SSO
  • Configure the NAS for AD SSO
  • Install Support Tools for Windows 2000 or 2003 Server
  • Configure the Domain Controller with ktpass.exe

Implement Virtual Private Network Single Sign-On (VPN SSO) (9 topics)

  • Configuration Checklist
  • Configure a Traffic Filter
  • Add VPN Authentication Server to NAM
  • Map VPN Users to Roles on NAM
  • Enable VPN SSO on the NAS
  • Adding a VPN Device to the NAS
  • Configure RADIUS Accounting
  • Configure the VPN Gateway as a Floating Device
  • Test VPN SSO

Implement Cisco NAC Appliance Out-of-Band Deployment (7 topics)

  • OOB Process Flow
  • OOB Deployment Considerations
  • Layer 2 Central & Edge Deployment
  • Layer 3 Virtual Gateway & Real-IP Gateway
  • Layer 2 & 3 Clientless Host Options
  • Differences between Cisco NAC Appliance OOB Setup and In-Band Setup
  • Implement Cisco NAS OOB Operating Modes

Manage Switches (7 topics)

  • Implement Switch Management
  • Configure the Network for OOB Deployment
  • Configure Group, Switch, and Port Profiles
  • Configure Port Profiles Adding Switches to the Managed Domain
  • Configuring SNMP Advanced Settings
  • Configure Switch Ports to Use Port Profiles
  • Manage Switch Configuration Settings

NAC Appliance Implementation Options Implement Cisco NAC Appliance on a Network (6 topics)

  • Implement Cisco NAC Appliance
  • General Setup Tab
  • User Pages
  • Manage Certified Devices
  • Device Exemption
  • Viewing User Reports

Implement Network Scanning (5 topics)

  • Configure the Quarantine Role
  • Implement Nessus Plug-Ins
  • Test a Scanning Configuration
  • Customize the User Agreement Page
  • View Scan Reports

Configure the NAM to Implement Cisco NAC Appliance Agent on User Devices (7 topics)

  • Configure the Cisco NAM to Implement the Cisco NAC Appliance Agent (NAA)
  • Retrieve Updates
  • Require the Use of the Cisco NAA
  • Configure the Cisco NAA Temporary Role
  • Introduce Checks, Rules, and Requirements
  • Create a Check, Rules, and Requirements
  • Map Requirements to Rules and Roles

Configure NAM High Availability (HA) (5 topics)

  • Introduce HA for Cisco NAMs
  • Establish a Serial Connection Between Managers
  • Digital Certificate Requirements
  • Configure the Primary Cisco NAM
  • Configure the Standby Cisco NAM

Configure Cisco NAC Appliance Server (NAS) HA (7 topics)

  • Introduce HA for NASs
  • Implementation Considerations
  • Digital Certificate Requirements
  • Configure the Primary and Standby NAS
  • Complete the Standby NAS HA Configuration
  • Test the NAS HA Configuration
  • Configure DHCP Failover

NAC Appliance Monitoring and Administration Monitor a Cisco NAC Appliance Deployment (5 topics)

  • Cisco NAC Appliance Monitoring
  • Monitor Online Users
  • Monitor NAS Health Event Logs
  • Configure Basic SNMP Support
  • Configure Syslog Support

Administer Cisco NAM (9 topics)

  • Define the Cisco NAM Administration Module
  • Set Network and Failover Parameters
  • Manage Administration Groups
  • Manage Administration Users
  • Manage User Passwords
  • Administer the System Time
  • Manage SSL Certificates
  • Manage the Cisco NAC Appliance Software
  • Protect Your NAM Configuration

Prerequisites

Fundamental knowledge of implementing network security or CCSP or Cisco Security CSQ SNRS or working knowledge of digital certificates BCSI or working knowledge of HSRP

Sections