l2 or l3 switch with NAC appliance

Unanswered Question
Feb 27th, 2008
User Badges:


I am planning for deploying NAC appliance in OOBVG mode. For the access layer, L2 switches are selected (2960). If I change the L2 access switches with L3 (3560 or 3750) would this add more manageability to the access layer by NAC?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gojericho0 Wed, 02/27/2008 - 12:48
User Badges:
  • Bronze, 100 points or more

The L3 switch would allow you to run in Real-Gateway mode if you'd like. The benefits of that is they can act as a DHCP scope for your dirty network so you do not use another server or router.

mladentsvetkov Thu, 02/28/2008 - 00:28
User Badges:


The document "Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide" says:

"In out-of-band Real-IP or NAT gateway deployment, the client IP address has to change when the port is changed from the Auth VLAN to the Access VLAN."

So the clients will have to receive TCP/IP settings via DHCP twice, which I don't think is client satisfactory.

If the NAC is in OOBVG mode, are there any NAC features, which are not supported (IP filtering rules, access policies, and any other traffic handling mechanisms)?




This Discussion