02-24-2009 06:12 AM - edited 07-03-2021 05:13 PM
We have a centralized NAC server design with a large number of remote sites. With 4.5, I have heard you need Layer 2 adjancency for the WLC's to the NAC servers even if using OOB? Is this correct? This is a serious limitation if so. thanks
Solved! Go to Solution.
02-27-2009 02:33 PM
This is correct. You need to have layer 2 adjacency between the CAS Untrusted and WLC. Also, CAS needs to be in Virtual Gateway.
in next major release, we are looking into removing this limitation.
02-24-2009 07:20 AM
I dont have an answer, but i am also very interested in this. We currently are planning to upgrade to NAC 4.5 for the added ability to do OOB for Wireless.
02-24-2009 07:27 AM
I have found out from Cisco that L2 adjancency is required. Apparently, the un-authenticated VLAN is sent to the CAS by default. The CAS then assigns based on role after authentication, THEN goes out of band.
Wireless Out-of-band implementation of Cisco NAC Appliance requires the following to be in place:
â¢Cisco Wireless LAN Controllers must be supported models that use at least the minimum supported version of IOS (supporting SNMP traps). See Table 5-2.
â¢Cisco Wireless LAN Controllers must be Layer 2 adjacent to the Clean Access Server(s) with which they interoperate to support wireless client login.
â¢Clean Access Servers supporting wireless client login and authentication must be installed and configured in Virtual Gateway mode.
â¢Your Cisco NAC Appliance product license must enable Wireless OOB.
02-27-2009 02:33 PM
This is correct. You need to have layer 2 adjacency between the CAS Untrusted and WLC. Also, CAS needs to be in Virtual Gateway.
in next major release, we are looking into removing this limitation.
07-31-2009 02:47 PM
Is there a special license that is needed for wireless OOB?
07-31-2009 02:58 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: