“Cisco Network Admission Control, Volume I: NAC Architecture and Design” Denise Helfrich, Lou Ronnau, Jason Frazier, Paul Forbes, 2006, Cisco Press, 264 pages, $55
“Cisco Network Admission Control, Volume II: NAC Framework Deployment and Troubleshooting” Jazib Frahim, Omar Santos, David White Jr., 2006, Cisco Press, 624 pages, $60
The two volumes of “Cisco Network Admission Control” address the challenge of network security when the network must admit endpoint devices that are outside the constant control of central IT.
“Cisco Network Admission Control Volume II: NAC Framework Deployment and Troubleshooting” is full of real-world grit. This grit does Cisco Systems NAC framework a favor, however, by grounding the technology in the realm of the possible instead of letting it wander in the impossibly bright land of marketing hype.
Avoid “Cisco Network Admission Control Volume I: NAC Architecture and Design.” It is poorly written and confusing. Everything important that Cisco wanted to say about NAC is more neatly and comprehensibly detailed in Volume II.
Indeed, Volume II is an excellent introduction to the methodology and process of implementing a Cisco NAC solution.
Volume II also spends considerable time and attention on the configuration of NAC in Cisco Catalyst switches, the VPN 3000 Series Concentrators, and the ASA 5500 Series and PIX 500 Series firewall appliances. The chapters are filled with command-line examples of how to configure NAC parameters, including global settings and NAC exception lists. The book includes plenty of screen shots to illustrate where to enter configuration information, and the text consistently provides friendly advice in an almost conversational style.
Its clear from the types of examples provided in the books that the authors have spent years working with Ciscos technical support group. The pithy troubleshooting examples demonstrate familiarity with real-world implementation problems, along with practical suggestions for solving these problems.
For example, in the section in Volume II on troubleshooting the Cisco Secure Services Client, the authors describe a problem where a wireless client is immediately dissociated after 802.1x authentication. The section frankly addresses the CPU-intensive operations that are taking place that might be interfering with authentication timing.
Volume II does a great job of clearly explaining NAC terminology, as well as the required elements for implementing Ciscos NAC solution. It also provides good troubleshooting examples.
Both volumes provide multiple-choice and true-or-false questions at the end of each chapter—a good way to promote active learning while users plow through more than 600 pages of text.