Implementing Cisco NAC Appliance v2.1

The Implementing Cisco NAC Appliance (CANAC) course provides learners with the skills and knowledge needed to implement the Cisco Network Admission Control (NAC) Appliance solution as a part of a Cisco Self-Defending Network (SDN) security strategy. The course teaches the features of the NAC solution that can automatically detect, isolate, and clean infected or vulnerable devices attempting to access the network. The solution recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network.


Upon finishing this course, you will be able to:
Explain how a Cisco NAC Appliance deployment scenario will meet or exceed network security requirements

  • Configure the common elements of a Cisco NAC Appliance solution
  • Configure the Cisco NAC Appliance in-band and out-of-band implementation options
  • Implement a highly available Cisco NAC Appliance solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements
  • Maintain a highly available Cisco NAC Appliance deployment in medium and enterprise network environments


This course is highly recommended to all network security administrators responsible for deploying and maintaining the NAC Appliance (Cisco Clean Access) solution.


The primary audience comprises Network Administrators and Network Engineers. The secondary audience involves Network Designers, Network Managers and System Engineers.

Prerequisite Knowledge

Basic knowledge of the Microsoft Windows operating system

  • Familiarity with networking and security terminology and concepts
  • Fundamental knowledge of implementing network security or any VPN and Security certification from the Specialist certifications
  • BCMSN or working knowledge of VLANs
  • SNRS or working knowledge of digital certificates
  • BSCI or working knowledge of HSRP

Course Outline

Cisco NAC Endpoint Security Solutions

  • Introducing Cisco Self-Defending Networks
  • Introducing Cisco NAC Appliance
  • Introducing In-Band and Out-of-Band Deployment Options

  • Cisco NAC Appliance Common Elements Configuration
    • Configuring User Roles
    • Configuring External Authentication
    • Configuring DHCP on the Cisco NAS

    Cisco NAC Appliance Implementation
    • Implementing Cisco NAC Appliance In-Band Deployment
    • Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance
    • Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance
    • Implementing Cisco NAC Appliance Out-of-Band Deployment
    • Managing Switches

    Cisco NAC Appliance Implementation Options
    • Implementing Cisco NAC Appliance on a Network
    • Implementing Network Scanning
    • Configuring the Cisco NAM to Implement the Cisco NAA on User Devices
    • Configuring Cisco NAM High Availability
    • Configuring Cisco NAS High Availability

    Cisco NAC Appliance Monitoring and Administration
    • Monitoring a Cisco NAC Appliance Deployment
    • Administering the Cisco NAM
    The Implementing Cisco NAC Appliance course is offered as 3-day course with hands-on exercises.