Network Authentication Chapter 6 Part 2

• endpoints
• non-endpoint LAN devices
• LAN infrastructure

1.Authentication and authorization

2.Posture assessment

3.Quarantining of noncompliant systems

4.Remediation of noncompliant systems

–NAC Framework

• –Cisco
• NAC Appliance

• Cisco NAC Appliance Server (NAS)
• Cisco NAC Appliance Manager (NAM)
• Cisco NAC Appliance Agent (NAA)
• Rule-set updates

Provides schedules automatic updates

Device that provides in-band or out-of-band access control.

A web-based interface for creating security policies and managing online users.

It can determine whether a device has the required anti-virus dat file, security patch, or critical Windows hotfix.

(config-if)# switchport protected

Prevents data from being sent between protected ports at Layer 2 (it must be Layer 3)

–Fiber Channel

–Fiber Channel over IP (FCIP)

• –Internet Small Computer Systems Interface
• (iSCSI)

–Gigabit Ethernet

–Optical network

• –The primary SAN transport for host-to-SAN
• connectivity.

• –Fiber Channel networks provide a serial
• transport for the SCSI protocol.

• –Maps SCSI over TCP/IP and is typically
• used in the LAN.

• –Leverages existing IP networks to
• build and extend SANs by using TCP/IP to transport SCSI commands, data, and
• status between hosts or initiators and storage devices or targets, such as
• storage subsystems and tape devices.

• –Popular SAN-to-SAN connectivity model
• that is used over the WAN or MAN.

• –SAN designers can use the open-standard
• FCIP protocol to break the distance barrier of current Fiber Channel solutions
• and enable interconnection of SAN islands over extended distances.

Partitioning the Fiber Channel fabric into smaller subsets

• –Zone
• members see only other members of the zone.

• –Zones
• can be configured dynamically based on WWN.

• –Devices
• can be members of more than one zone.

A virtual storage area network (VSAN) is a collection of ports from a set of connected Fiber Channel switches that form a virtual fabric.