Which NAC design model matches the following definitions?

Which NAC design model matches the following definitions?

– NAS is deployed centrally in the core or distribution layer.

– Users are multiple hops away from the Cisco NAS.

– After authentication and posture assessment, the client traffic no longer passes through the Cisco NAS.

– PBR is needed to direct the user traffic appropriately.
A . Layer 3 in-band virtual gateway
B . Layer 3 out-of-band with addressing
C . Layer 2 in-band virtual gateway
D . Layer 2 out-of-band virtual gateway

View Answer

Answer: B

Explanation:

https://www.cisco.com/c/en/us/products/collateral/security/nac-appliance-clean-access/product_data_sheet0900aecd802da1b5.html

Passing traffic mode

– Virtual gateway (bridged mode)

– Real IP gateway (routed mode)

Client access mode

– Layer 2 (client is adjacent to the Cisco NAC Server)

– Layer 3 (client is multiple hops from the Cisco NAC Server)

Traffic flow model

– In-band (Cisco NAC Server is always in-line with user traffic)

– Out-of-band (Cisco NAC Server is in-line only during authentication, posture assessment, and remediation)