NAC in-band & out-of-band CAS - Same VLAN?

Unanswered Question
Nov 18th, 2008
User Badges:

Hello, I've been trying to find the answer before posting but I haven't been able to yet. I am deploying an out-of-band CAS for our Wired Network, and in-band CAS for our Wireless Network. My question is, can the CAS' be on the same VLAN for the Mgmt port? Also, can I use the same dummy 'black hole' VLAN's for both servers or will that cause a problem somehow?

It seems I should be able to use the same Mgmt VLAN for both, as the allowed VLAN's on the ports will be different, and the untrusted VLANs will also be different, but I wanted to know for sure.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Daniel Laden Tue, 11/18/2008 - 15:55
User Badges:
  • Cisco Employee,

The two can be in the same vlan if you are using Real IP. If using virtual gateway, it would be best to use separate vlans. This has to do with the VGW arping features.

You should be able to use the same 'black hole' vlan.

creggerd Wed, 11/19/2008 - 08:12
User Badges:

Thanks for the response! That makes sense, something in the back of my head was telling me to use different VLAN's, but nothing that I read was pointing it out. I am using Virtual Gateway for these, not Real IP.


This Discussion