802.1x implementation: NAP vs NAP-NAC

All replies

• 

  

  0

  Sign in to vote

  Hi,

   

  Thanks for posting here.

   

  Have you read the article below which discuss the benefits of NAP-NAC implementation ?

   

  Appendix D: NAP-NAC Design

  http://technet.microsoft.com/en-us/library/dd125393(WS.10).aspx

   

  Based on my knowledge that we can implement VLAN redirection base on the domain account and belonged group with define policy on NPS server, please refer to the links below:

   

  Wireless Access Point & Server 2008 Std. NPS (Network Policy Server)

  http://social.technet.microsoft.com/Forums/en/winserverNAP/thread/c5d4515d-6e57-471a-a10b-dddf316b7c01

   

  Network Access Protection Using 802.1x VLAN’s or Port ACLs – Which is right for you?

  http://blogs.technet.com/b/wincat/archive/2008/08/19/network-access-protection-using-802-1x-vlan-s-or-port-acls-which-is-right-for-you.aspx

   

  and for more information regard to implement 802.1X with NAP ,please refer to the articles below:

   

  Network Access Protection (NAP) Deployment Planning

  http://blogs.technet.com/b/nap/archive/2007/07/28/network-access-protection-deployment-planning.aspx

   

  NAP 802.1X Configuration Walkthrough – Part 1

  http://blogs.technet.com/b/nap/archive/2008/06/19/nap-802-1x-configuration-walkthrough.aspx

   

  NAP 802.1X Configuration Walkthrough – Part 2

  http://blogs.technet.com/b/nap/archive/2008/06/20/nap-802-1x-configuration-walkthrough-part-2.aspx

   

  Thanks

   

  Tiger Li

  ---

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  Tuesday, November 23, 2010 7:31 AM
• 

  

  0

  Sign in to vote

  Hi Tiger,

  Thank you for answer. I already read these guides (Appendix D/802.1x configuration parts, etc), but may be not very carefully.

  But I don't see anywhere comparasion chart NAP vs NAP-NAC on detailed level.

  Can anyone explain, why you choose NAP or NAP-NAC implementation.

   

  As I can see:

  NAP-NAC is more comlicated solution

  NAP-NAC does not support Windows XP SP3

  NAP-NAC needs several agents and/or updates from Cisco on the client computers

  NAP-NAC, you can use single Cisco ACS server as tacacs/radius server for any type of authentication (login, dot1x, etc)

  NAP doesn't need any agents, all is out of box

  ...

   

  Thanks.

  
  

  ---

  mcse^4

  Tuesday, November 23, 2010 11:37 AM
• 

  

  0

  Sign in to vote

  Hi,

   

  Thanks for update.

   

  Generally speak, if you had already purchased windows OS and Cisco devices in your environment ,and had also implemented NAP or NAC deployment, with NAP-NAC ,it could help you to integrate these together for preserve investments.

   

  Please take time to read the article and the links in its first :

   

  Appendix A: Deploying NAP-NAC

  http://technet.microsoft.com/en-us/library/dd296894(WS.10).aspx

   

  Thanks.

   

  Tiger Li

  ---

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Marked as answer by Tiger LiMicrosoft employee Monday, November 29, 2010 11:15 AM

  Wednesday, November 24, 2010 7:00 AM