Network gurus...

[McDuck 0]

Any of you currently use any NAC appliances, and/or have any experience running them in a large-scale environment?

Kevin - Sonic Beef #5 - OrFun #28
"I never take myself too seriously, 'cuz everybody know fat birds don't fly." - FLC
Online communities: proof that people never mature much past high school.

[PhreeZone 14]

Uggg. NAC. How much control do you want? Agent based or agentless? What framework are you looking at using the Cisco agent or something else?

There are lots of options in the market but you need to decide where you want to go not just 3 years out but 5-10 since its going to take at least 6 months to build on a medium size network of a thousand nodes with a dozen routers or so.

I work with one flavor of agent based NAC, its ok for what it does but its taking a year of planning before most people can think about standing up even part of their network with it enabled.

Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

[Armour666 0]

I've used Caymas applience with RADIUS what kind of info are you looking for ?

SO this one time at band camp.....

"Of all the things I've lost I miss my mind the most."

[McDuck 0]

I'm actually already using an appliance-based NAC, with a centralized Enterprise Manager and additional appliances at as many nodes as we could fit in the budget (currently 32 appliances and one EM, all of which we deployed in about two weeks). Each node's NAC manages the segments of the network assigned to the router at each node, to reduce the amount of traffic handled by the EM, but if a specific NAC goes off-line, the EM takes over management of those segments.

The appliances are using a modified Red Hat flavor, and I'm not entirely sure what database back end they use, but what I'm encountering is random "database corruption" that results in the appliance bouncing until I rebuild it. The engineers for the company these NACs come from have no clue as to what might be causing the database corruption, but I'm beginning to suspect it has something to do with their db back-end and compatibility with their h/w. If it was just one appliance, that's one thing. But when it's 5 out of 32, I'm guessing there's a larger issue.

I was just curious if anyone here had dealt with this type of situation with NACs, as I'm finding that more and more of my work day is becoming dedicated to ensuring these appliances stay functional.

Kevin - Sonic Beef #5 - OrFun #28
"I never take myself too seriously, 'cuz everybody know fat birds don't fly." - FLC
Online communities: proof that people never mature much past high school.

[mnealtx 0]

*not a network guy, just comms background with a fair bit of experience troubleshooting*

Any commonalities between the appliances that are breaking? Specific manufacturers, hardware/firmware/software revisions, database location, etc?

Mike
I love you, Shannon and Jim.
POPS 9708 , SCR 14706

[McDuck 0]

Quote

*not a network guy, just comms background with a fair bit of experience troubleshooting*

Any commonalities between the appliances that are breaking? Specific manufacturers, hardware/firmware/software revisions, database location, etc?

The hardware is all the same, they are all operating on the same version of Linux and the databases are all located in the same area of each appliance's hard drive. I plan on finding out what db back end these appliances use and if any of them are operating on a different version/revision of that back end. Thanks for the suggestion.

Kevin - Sonic Beef #5 - OrFun #28
"I never take myself too seriously, 'cuz everybody know fat birds don't fly." - FLC
Online communities: proof that people never mature much past high school.

[mnealtx 0]

Y/W - just trying to help you 'kickstart' something. If everything is the same between the affected and unaffected appliances, that makes it a LOT harder to track down...

Good luck!

Mike
I love you, Shannon and Jim.
POPS 9708 , SCR 14706