Implementing NAC Appliance (Cisco Clean Access)


This course is designed to teach delegates how to design and implement a Cisco NAC Appliance solution to suit your network. You will learn basic configuration tasks such as NAM and NAS deployment modes, authentication (including Windows SSO), role-based access control, posture assessment and remediation.


Course Code:




Attendees should meet the following prerequisites:

  • Fundamental knowledge of implementing network security or CCSP or Cisco Security CSQ
  • Basic knowledge of the Microsoft Windows operating system
  • BCMSN or working knowledge of VLANs
  • SNRS or working knowledge of digital certificates
  • BSCI or working knowledge of HSRP

Cisco NAC Endpoint Security Solutions

  • Introducing Cisco Self-Defending Networks
  • Introducing Cisco NAC Appliance
  • Introducing In-Band and Out-of-Band Deployment Options

Cisco NAC Appliance Common Elements Configuration

  • Configuring User Roles
  • Configuring External Authentication
  • Configuring DHCP on the Cisco NAS

Cisco NAC Appliance Implementation

  • Implementing Cisco NAC Appliance In-Band Deployment
  • Implementing the Microsoft Windows SSO Feature on the Cisco NAC Appliance
  • Implementing the Cisco VPN SSO Feature on the Cisco NAC Appliance
  • Implementing Cisco NAC Appliance Out-of-Band Deployment
  • Managing Switches

Cisco NAC Appliance ImplementationOptions

  • Implementing Cisco NAC Appliance on a Network
  • Implementing Network Scanning
  • Configuring the Cisco NAM to Implement the Cisco NAA on User Devices
  • Configuring Cisco NAM High Availability
  • Configuring Cisco NAS High Availability

Cisco NAC Appliance Monitoring and Administration

  • Monitoring a Cisco NAC Appliance Deployment
  • Administering the Cisco NAM


  • Lab 1-1: Preparing the Cisco NAM to Support Web-Based Administration Console Configuration
  • Lab 2-1: Configuring User Roles
  • Lab 3-1: Adding an In-Band Virtual Gateway Cisco NAS to the Cisco NAM
  • Lab 3-2: Configuring the Microsoft Windows Active Directory SSO Feature on the Cisco NAC Appliance
  • Lab 3-3: Configuring the Cisco VPN SSO Feature on the Cisco NAC Appliance
  • Lab 4-1: Configuring Cisco NAA
  • Lab 4-2: Configuring a High Availability In-Band VPN Cisco NAC Appliance Solution
  • Lab 3-4: Adding an Out-of-Band Virtual Gateway Cisco NAS to an HA Cisco NAC Appliance Deployment
  • Lab 3-5: Configuring SNMP, Switch, and Port Profiles for an Out-of-Band Cisco NAC Appliance Deployment

After completing this course you should be able to:

  • Given client network security requirements, explain how a NAC Appliance (Cisco Clean Access) deployment scenario will meet or exceed network security requirements
  • Configure the common elements of a NAC Appliance (Cisco Clean Access) solution
  • Configure the NAC Appliance (Cisco Clean Access) in-band and out-of-band implementation options
  • Implement a highly available NAC Appliance (Cisco Clean Access) solution to mitigate network threats and facilitate network access for those users that meet corporate security requirements
  • Maintain a highly available NAC Appliance (Cisco Clean Access) deployment in medium and enterprise network environments
Target Audience

This course will be of interest for anyone responsible for the design, implementation or support of a Cisco NAC Appliance installation and Cisco Channel Partners preparing for CCSP and NAC Specialist certification.


Recommended preparation for exam(s):

  • 642-591 – CANAC – Implementing Cisco NAC Appliance

This exam is associated with the Cisco Certified Security Professional (CCSP) Certification

Follow on Courses

The following courses are recommended for further study:

  • None recommended
vendors Course Code Course Title Days Date
Cisco Certifications in Dubai, Cisco Training in UAE
CANAC Implementing NAC Appliance (Cisco Clean Access) 3 View All Dates

This public courses are pre-scheduled throughout the year at our premises

Online, live and interactive training accessible from anywhere

We can deliver standard or customised training at any time and location that suits your employees

Guaranteed courses are confirmed to run on the specific dates shown