NAC OOB L3 and many untrusted vlans

Unanswered Question
Sep 15th, 2009

Hello

I am planning OOB L3 real IP deployment and have few questions:

1. After CAM decides to which vlan user will be redirected what protocol does it use to tell switch to set this vlan ? For this deployment i found only: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cas/s_L3oob.html but it's incomplete. There is not detailed explenation how it works. Could you suggest any other link ?

2. What types of rules are available for setting destination vlan ? I want to have many untrusted vlans and each of them should be mapped to specified trusted vlan (if user authenticates and validates)


Thanx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

1. SNMP is used to read and write the vlan info on the switches.


2. You can use port profiles or NAC roles to set destination vlans. An example of how Port profiles would be used is if you want a port to start in a desired authentication vlan and transition to a specific access vlan afetr posture assessment and authentication. NAC roles can be used to assign ports to a specific auth vlan based on things like credentials....


Hope this helps.


Ern

Actions

This Discussion