Which is a function of a Cisco router acting as a Network Access Device (NAD) in a NAC Framework solution?
A.
Communicates with the antivirus policy server using the HCAP protocol
B.
Maps policy decisions to a network access profile
C.
Sends and receives posture information to and from the policy server using the RADIUS protocol
D.
Acts as a Posture Credentials Provider(PCP)
Explanation:
Network Access Device (NAD) — Network devices acting as a NAC enforcement point. These can include Cisco access routers (800-7200), VPN Gateways (VPN3000 series), Catalyst Layer 2 and Layer 3 switches, and wireless access points.
Refer to the numbers in Figure 2 above for each step described in the NAC authorization process.
Step 1. Posture validation occurs when a NAC-enabled network access device detects a host attempting to connect or use its network resources.
Step 2. Upon detection of a new endpoint, the NAD sets up a communication path between the AAA server (ACS) and the posture agent. After the communication path has been established, the AAA server requests the endpoint for posture credentials from one or more posture plugins. Step 3. The host responds to the request with its posture credentials from available posture plugins from NAC-compatible software components on the host. Step 4. The AAA server either validates the posture information locally, or it can in turn delegate parts of the decision to external posture validation servers. Step 5. The AAA server aggregates the individual posture results, or posture tokens, from all of the delegate servers to determine the overall compliance of the host, or system posture token. Step 6. The identity authentication and system posture token are then mapped to a network authorization in the network access profile, which
consists of RADIUS attributes for timers, VLAN assignments, or downloadable access control lists (ACLs).
Step 7. These RADIUS attributes are sent to the NAD for enforcement on the host. Step 8. The CTA on the host is then sent its posture status for notifying the respective plugins of their individual application posture as well as the entire system posture. Step 9. A message can be optionally sent to the end-user using the CTA’s notification dialog so they know the host’s current state on the network.
