OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents

NAC PLUS - Implementing Cisco NAC Appliance 4.8 Plus Profiler (formerly CANAC) On-Site Training

This on-site training class is also available as Public Schedule Seminar.

NAC PLUS - Implementing Cisco NAC Appliance 4.8 Plus Profiler (formerly CANAC)

Course Description/Agenda

We started with Cisco's standard course material that was built on NAC version 4.0, and we completely re-wrote and re-organized it. We updated it to use NAC version 4.8 software, and we added coverage of Cisco Profiler.

We expanded our exclusive labs, adding more content and taking the standard course from just three days to a content-packed five days. You'll train for four days on the NAC Appliance, followed by a full day on the Cisco Profiler.

You won't find another NAC course with this level of enhanced content. Enhancements you'll find only in our course include:

  • Updated Student Guide material, with NAC version 4.8 screen shots and content
  • Feature-enhancement discussions, including out-of-band (OOB) logoff, Passive Re-Assessment, and external authentication for management sessions
  • Log data and configuration file locations on CLI
  • Real-world ASA SSL VPN scenarios
  • Detailed certificate discussions surrounding high availability (HA) and using a Microsoft certificate authority (CA)
  • NAC Appliance Agent (NAA) version 4.8
  • Client configuration file using XML without the older registry settings
  • NAC Profiler discussion providing an overview and covering setup and HA

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra security e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You'll Learn

  • Given client network security requirements, how a NAC Appliance deployment scenario will meet or exceed those expectations
  • Configure the common elements of a NAC Appliance solution
  • Configure Active Directory Single Sign-On (AD SSO)
  • Configure VPN Single Sign-On using an ASA with the standard IPSec client and the AnyConnect 3.0 client (SSL)
  • Configure the NAC Appliance in-band and OOB implementation options
  • Implement the NAM and NAS HA to protect against downtime
  • Configure Network Scanning to audit clients and clientless hosts
  • Configure compliance checking using manual and automated settings in version 4.8 of code
  • Learn the elements of code signing applications needed for remediation
  • Create custom web page portals based on the location of clients
  • Allow Active Directory (AD) LDAP Authorization to map AD groups to NAC Appliance Roles
  • Walk through and configure three different network topologies: in-band, VPN in-band, and OOB
  • See for yourself the privilege rights needed for installing the Cisco NAA customizing client XML settings
  • Learn to monitor, maintain, and troubleshoot a NAC solution
  • NAC Profiler overview, design, and deployment

Who Should Attend

Anyone responsible for the design, implementation, or support of a Cisco NAC Appliance installation

Course Outline

Cisco NAC Appliance Solution (NAS)

1. Cisco Self-Defending Networks

  • Changing Security Landscape
  • Cisco Host-Protection Strategy
  • Cisco SDN Initiative
  • Trust and Identity
  • Cisco NAC Products

2. Cisco NAC Appliance

  • Cisco NAC Appliance Solution
  • Features and Components
  • Compliance Scenarios
  • Deployment Options
  • Configuration Overview
  • User Interface

3. Cisco NAC Appliance Deployment Options

  • Out-of-Band (OOB) Deployment
  • In-Band Deployment
  • Deployment Options Comparison
  • NAS Operating Modes
  • Virtual vs. Real-IP Gateways
  • Layer 2 vs. Layer 3

NAC Appliance Implementation

4. Configure User Roles

  • What a User Role Is
  • Create User Roles
  • Define and Configure Traffic Policies for User Roles
  • Create Local User Accounts

5. Implement Cisco NAC Appliance In-Band Deployment

  • In-Band Process Flow
  • In-Band Deployment Configurations
  • Configure the Cisco NAS for In-Band Deployment
  • Add the Cisco NAS to the Managed Domain
  • Configure Cisco NAS Interfaces
  • Add Managed Subnets
  • Configure Cisco NAS VLAN Settings

6. Configure NAM High Availability

  • HA for Cisco NAMs
  • Establish a Serial Connection Between Managers
  • Digital Certificate Requirements
  • Configure the Primary and Standby Cisco NAMs

7. Configure Cisco NAS HA

  • HA for NAS
  • Implementation Considerations
  • Digital Certificate Requirements
  • Configure the Primary and Standby NAS
  • Complete the Standby NAS HA Configuration
  • Test the NAS HA Configuration
  • Configure DHCP Failover

8. Configure External Authentication

  • Configure External Authentication Providers
  • Authenticate Cisco NAC Appliance Users
    • Kerberos
    • RADIUS
    • LDAP
    • NT Domain
  • Map Users to User Roles
  • Test User Authentication
  • Configure RADIUS Accounting for Users
  • Add Custom RADIUS Attributes

9. Implement Windows AD SSO

  • Kerberos Ticket Exchange
  • Confirming a NAS Ticket
  • Communications Between the NAS and Active Directory
  • AD SSO Configuration Checklist
  • TCP and UDP Ports Required for AD SSO
  • Configure the NAS for AD SSO
  • Install Support Tools for Windows 2000 or 2003 Server
  • Configure the Domain Controller with ktpass.exe

10. Implement Virtual Private Network Single Sign-On (VPN SSO)

  • Configuration Checklist
  • Configure a Traffic Filter
  • Add VPN Authentication Server to NAM
  • Map VPN Users to Roles on NAM
  • Enable VPN SSO on the NAS
  • Adding a VPN Device to the NAS
  • Configure RADIUS Accounting
  • Configure the VPN Gateway as a Floating Device
  • Test VPN SSO

11. Implement Cisco NAC Appliance OOB Deployment

  • OOB Process Flow
  • OOB Deployment Considerations
  • Layer 2 Central and Edge Deployment
  • Layer 3 Virtual Gateway and Real-IP Gateway
  • Layer 2 and 3 Clientless Host Options
  • Cisco NAC Appliance OOB vs. In-Band Setup
  • Implement Cisco NAS OOB Operating Modes

12. Manage Switches

  • Implement Switch Management
  • Configure the Network for OOB Deployment
  • Configure Group, Switch, and Port Profiles
  • Configure Port Profiles Adding Switches to the Managed Domain
  • Configuring SNMP Advanced Settings
  • Configure Switch Ports to Use Port Profiles
  • Manage Switch Configuration Settings

NAC Appliance Implementation Options

13. Implement Cisco NAC Appliance on a Network

  • General Setup Tab
  • User Pages
  • Configure Cisco NAA Support
  • Manage Certified Devices
  • Device Exemption
  • Viewing User Reports

14. Implement Network


More Seminar Information

OneSource Professional Training Solutions, Inc.
OneSource Professional Training Solutions

Delivery Method

On-Site Training On-Site Training

Also Available As

Seminar Seminar


Add to favorites Add to favorites
Email Email this page

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.




City and State


Number of students:
(at least 10 for consideration)

When do you want to hold the

How long would you like for the

Additional comments to trainer:

We value your privacy!