NAC Appliance and Wireless LAN Controller

Unanswered Question
Jan 31st, 2008

I have just received a 3310 Network Access Control Appliance and a 2106 Wireless LAN Controller. Phase 1 of the NAC implementation is to setup an internal wireless network for our employees and guest which will be inspected by NAC. I have seen some older guides and chalk talks on this configuration but need some guidance. I do not have Cisco switches so the NAC is running in in-line Virtual Gateway. The NAS, NAM, and WLC are all on the same L3 Dell switch. Does anyone have any guides or suggestions in this design especially with the VLANs needed, routing, VLAN mapping, and WLC configuration? Phase 2 will be to inspect VPN connection terminating at an ASA 5510 and eventually inspecting internal LAN users.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Wed, 02/06/2008 - 14:09

The clean access solution has three deployment methods in the in-band solution:

* Virtual gateway. If you configure the CAS as a virtual gateway, it acts as a pass through device, and no routing or DHCP changes are needed in the network. This solution is the quickest and easiest deployment.

*Real-IP gateway. The CAS is the gateway for all the end users, and it handles all routing for that side of the network. The CAS can be a DHCP server and hand out 30 subnets or be a DHCP relay and keep all the same IP information. ---> This is what you have to setup and Not Virtual Gateway

*NAT gateway. The same as real-IP where the CAS is providing network address translation (NAT) on all of the addresses on the untrusted side.

itcarefree Mon, 02/11/2008 - 07:07

Thank you for your quick respone. I have been able to get the NAC Appliance working inband as the real IP gateway. Do I gain or lose anything as the real gateway vs the virtual gateway?


This Discussion