Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
4
Replies

NAC Appliance and Wireless LAN Controller

itcarefree
Level 1
Level 1

‎01-31-2008 09:33 PM - edited ‎02-21-2020 01:53 AM

I have just received a 3310 Network Access Control Appliance and a 2106 Wireless LAN Controller. Phase 1 of the NAC implementation is to setup an internal wireless network for our employees and guest which will be inspected by NAC. I have seen some older guides and chalk talks on this configuration but need some guidance. I do not have Cisco switches so the NAC is running in in-line Virtual Gateway. The NAS, NAM, and WLC are all on the same L3 Dell switch. Does anyone have any guides or suggestions in this design especially with the VLANs needed, routing, VLAN mapping, and WLC configuration? Phase 2 will be to inspect VPN connection terminating at an ASA 5510 and eventually inspecting internal LAN users.

0 Helpful
4 Replies 4

smalkeric
Level 6
Level 6

‎02-06-2008 02:09 PM

The clean access solution has three deployment methods in the in-band solution:

* Virtual gateway. If you configure the CAS as a virtual gateway, it acts as a pass through device, and no routing or DHCP changes are needed in the network. This solution is the quickest and easiest deployment.

*Real-IP gateway. The CAS is the gateway for all the end users, and it handles all routing for that side of the network. The CAS can be a DHCP server and hand out 30 subnets or be a DHCP relay and keep all the same IP information. ---> This is what you have to setup and Not Virtual Gateway

*NAT gateway. The same as real-IP where the CAS is providing network address translation (NAT) on all of the addresses on the untrusted side.

http://www.cisco.com/en/US/docs/wireless/technology/clean_access/technical/reference/cleanAN.html

0 Helpful

sathappan
Level 1
Level 1
In response to smalkeric

‎02-10-2008 01:43 AM

Hi,

NAC can be deployed in L2 Inband virtual gateway mode with the WLC, the link describes how to do this

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns337/c649/ccmigration_09186a0080871da1.pdf

HTH

sathappan

0 Helpful

itcarefree
Level 1
Level 1
In response to sathappan

‎02-11-2008 07:07 AM

Thank you for your quick respone. I have been able to get the NAC Appliance working inband as the real IP gateway. Do I gain or lose anything as the real gateway vs the virtual gateway?

0 Helpful

sathappan
Level 1
Level 1
In response to itcarefree

‎02-11-2008 08:17 AM

Just have a look at the attachment

Preview file
95 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card