11-27-2008 11:04 PM - edited 02-21-2020 10:22 AM
Hi,
Whether it is possible to configure the NAC with the following settings:
I am establishing this in a campus LAN environment.
I have a Cisco 4510R Layer 3 switch as the Core switch.
I have Cisco 3550 Layer 3 switch as the distribution switch
I have some unmanaged and managed switch as the Access layer Switches. All Desktop computers are connected in this access swtich only.
Distribution Switch and core switch is connected in the Routed backbone (Trunking is not configured between Distribution and Core)
Since I have unmanaged switches at the access layer and Core to Distribution is Routed backbone (Layer 3) i have decided to configure the NAC appliance in the following setup:
Layer 3 Inband Virtual Gateway
I request you to provide solution and configuration steps to achieve the following:
1. How to configure NAC Appliance for Layer3 Inband VirtualGateway
2. Users/Desktop computers should authenticate by username/password & Mac Address/IP address to get into the network. If the Users/Desktop computers do not match the IP address with MAC Address combination configured in the NAC appliance they should be in quarantine role.
12-01-2008 02:31 AM
I understood that connectivity between core swich and distribution switch is through routed port.
am i right?
if this is the case then intervlan routing must be done by distribution switch and have one default route pointing toward the core switch.
in this situation, you have to easily configure your nac with L2, inband and Virtual Gateway mode by placing both CAS and CAM on distribution switch.
it is the easiest way to configure NAC in your enviornment.
12-02-2008 05:24 AM
Hi Hemant,
At the outset thankyou for the interest you have shown
You have correctly understood the scenario. Thanks again.
But i cannot keep the NAC at distribution layer (Edge Deployment) as i have multiple distribution switches connecting to core switch. Keeping in Distribution Switch will definitely work as you said
I want this it to be in Centralized Deployment. Then how the NAC (CAS) interfaces are configured. What VLAN / IP address it will be in.
No document is available in Cisco to configure Layer 3 Inband Virtual Gateway Mode.
Please help me
12-12-2008 10:44 PM
I don't think so it is possible to have L3 Inband virtual gateway
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide