Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
547
Views
5
Helpful
4
Replies

NAC in Inband & Outband

hclisschennai
Level 1
Level 1

‎11-28-2008 01:52 AM - edited ‎02-21-2020 03:07 AM

Hi,

Please let me know whether anybody has configured single NAC appliance to function in both Inband and Outband simultaneously.

I Have one NAC appliance. I want this to function in inband mode for wireless users and outband for wired users.

please tell me whether it is possible and how to do?

R.B.Kumar

0 Helpful
4 Replies 4

rob.stoop
Level 1
Level 1

‎11-28-2008 07:00 AM

Hi R.B Kumar,

The Clean Access Manager can control both in-band and out-of-band CASs in its domain. However, the Clean Access Server itself must be either in-band or out-of-band.

hclisschennai
Level 1
Level 1
In response to rob.stoop

‎11-28-2008 09:38 AM

Hi Rob,

Thanks for your solution. Indeed i am aware that a NAM can control both CAS configured as in-band and out-of band.

But i want to know whether the CAS can be operated in both inband and outband simultaneously?

Hope you will give me some input on this

0 Helpful

rob.stoop
Level 1
Level 1
In response to hclisschennai

‎11-28-2008 10:53 AM

Hi R.B.Kumar,

No, isn't possible to run IB and OOB simultaneously on one CAS.

for more info:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cas/s_deploy.html

0 Helpful

hclisschennai
Level 1
Level 1
In response to rob.stoop

‎11-28-2008 10:09 PM

Thank you Rob,

I appreciate you effort in explaining the concept. I also have one setup here for which i am going to configure the NAC. Can you please explain how it works.

REQUIREMENT:

I am configuring NAC Appliance. The following is the deployment scenario.

I am establishing this in a campus LAN environment.

I have a Cisco 4510R Layer 3 switch as the Core switch.

I have Cisco 3550 Layer 3 switch as the distribution switch

I have some unmanaged and managed switch as the Access layer Switches. All Desktop computers are connected in this access swtich only.

Distribution Switch and core switch is connected in the Routed backbone (Trunking is not configured between Distribution and Core)

Since I have unmanaged switches at the access layer and Core to Distribution is Routed backbone (Layer 3) i have decided to configure the NAC appliance in the following setup:

Layer 3 Inband Virtual Gateway

I request you to provide solution and configuration steps to achieve the following:

1. What will be the VLAN the ETH0 & ETH1 of CAS will be in.

2. Users/Desktop computers should authenticate by username/password & Mac Address/IP address to get into the network. If the Users/Desktop computers do not match the IP address with MAC Address combination configured in the NAC appliance they should be in quarantine role.

regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card