HP BladeSystem bc2000 Cisco Network Access Control for HP Thin Clients and CCI - Page 4

Cisco Clean Access NAC appliance can function in Real-IP Gateway mode or Virtual-IP Gateway mode. This reference implementation uses the Virtual-IP Gateway mode of operation. A full description of all the possible choices is beyond the scope of this white paper. For detailed information on implementation choices, refer to detailed Clean Access documentation on the CISCO web site: http://www.cisco.com/en/US/netsol/ns466/networking_solutions_package.html Implementation Prerequisites For the purpose of this white paper, we assume a basic network infrastructure is already in place. The reference implementation consists of HP BladeSystem bc1500, bc2000 and bc2500 Blade PCs running Windows XP. HP Compaq t5720 Thin Clients (t5720) running Windows XPe are used as access devices. The network topology for this reference implementation consists of a flat Class-A network setup with topology: 10.xxx.yyy.zzz/24, see Table 1 below. Component Operating Host Name System IP Address CAM Server HP Proliant DL140 Linux cam.cisco.com 10.3.3.3 CAS Server HP Proliant DL360 Linux cas.cisco.com 10.4.4.4 Thin Client (t5720) Windows XPe hptc1.cisco.com 10.6.6.x Blade PC (bc1500, Windows XP hpbpc1.cisco.com 10.6.6.x bc2000, & bc2500) Table 1 -- Procurve NAC Reference Solution -- Network Topology A CISCO 3560 layer-3 network switch is used so that 10.6.6.x addresses can be initially configured to a quarantined VLAN and then switched via SNMP upon successfully validating platform to CAS. The Implementation NAC Installation This section covers use of a CISCO CAM and CAS appliances in conjunction with a CISCO layer 3 switch to ensure that thin clients and blade PCs meet configuration policy prior to connection with the trusted network segment. The network topology used in this reference implementation is found in Figure 1 below. 4