Quick Question on NAC L3 IB VG

Unanswered Question
Apr 7th, 2009

Is vlan mapping still needed for L3 IB deployment????? the documentation is not very clear on this.

We have a lab setup, clients are connecting properly to the NAS/NAM, but they cannot access anything on the trusted side.. we DO have vlan mapping enabled but I still feel we are missing something.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 04/13/2009 - 05:22

I think you have to configure VLAN mapping for L3 IB deployment. When a Clean Access Server operates in Virtual Gateway mode, it passes network traffic from its eth0 interface to eth1 and from eth1 to eth0 without changing the VLAN tag.

For In-Band configurations, in order to pass traffic from both interfaces through the same Layer 2 switch without creating a loop, it is necessary to place incoming traffic to the Clean Access Server on a different VLAN from the outgoing traffic of the Clean Access Server.

For Virtual Gateway (In-Band or OOB), Cisco recommends connecting the untrusted interface (eth1) of the CAS to the switch only after the CAS has been added to the CAM via the web console.

•For Virtual Gateway with VLAN mapping (In-Band or OOB), the untrusted interface (eth1) of the CAS should not be connected to the switch until VLAN mapping has been configured correctly under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping



This Discussion