NAC L2/L3 in Datacenter

Unanswered Question
Nov 21st, 2007

We have 2 NAC appliance. customer wants to cover both L2 and L3 devices for posture validation. Can we have 2 NAC appliance in DC one operating in L2 mode covering L2 segments and other running in L3 mode covering branch sites?

Are there any issues in this design. NAC appliance will be placed in DMZ zone on collapsed core 6500 switch.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sathappan Wed, 11/21/2007 - 00:13

Hi Vinod,

If you have only 2 appliance , you need to use one as a manager and one as server.

if you have a separate manager and 2 appliance as servers , then you can deploy one NAC appliance as L2 server and another in L3 mode.

with regards


vinod.rathi Wed, 11/21/2007 - 00:35

Hello There,

Yes we have 2 NAC managers(CAM) and 2 NAC appliance (CAS) for our datacenter.

gojericho0 Wed, 11/21/2007 - 05:21

You can have one CAS use both L2/L3 enforcement. I would have the the other CAS enforced in L2 on the DMZ segment just so all that traffic does not have to come to the data center for authentication and posture assessment

sathappan Wed, 11/21/2007 - 08:08


Basically 2 CAM and 2 CAS come as a failover bundle. The 2 CAS will be a failover bundle licensed to the number of users you have brought.

If you want to deploy the NAC for Wired users, you can have the failover bundle to manage the l2 users along with l3 support.




This Discussion