Problem with NAC real IP/ layer 3/ in-band

Unanswered Question
Jan 8th, 2009
User Badges:

Hi,


I'm deploying a NAC realIP/in-band/layer3, users cannot ping untrusted interface e1 of NAC server, user has to pass core sw 6500 and FW before hitting e1 of NAC server. I have tried to set the gateway of this intterface e1 to itself (as Cisco document) and FW module, but in both cases, user still cannot ping e1.

Anyone can help me? Much appreciate your replying!

User -- Core sw 6500 -- FW module (on core sw) -- NAC server -- NAC manager

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
namnt2604 Sat, 01/10/2009 - 09:59
User Badges:

I have pinged e1 (untrusted) of NAC server already. I have set both managed subnet and static route, something different with Cisco document (Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.1(3)), this document recommends to configure static route for layer 3 deployment, not managed subnet!

Anyone has documents to deploy this scenario, pls share it to me! Thanks!

Daniel Laden Sun, 02/01/2009 - 12:35
User Badges:
  • Cisco Employee,


Managed subnets are for L2 deployments and Static routes are for L3 deployment.  Both can exist on a CAS but for a individual subnet, ti will be one or the other.


If the client and CAS can see each others broadcast, its a L2.  If not, its a L3.

Actions

This Discussion