Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
5
Helpful
1
Replies

NAC OOB L3 and many untrusted vlans

mlopacinski
Level 1
Level 1

‎09-15-2009 09:28 PM - edited ‎02-21-2020 03:40 AM

Hello

I am planning OOB L3 real IP deployment and have few questions:

1. After CAM decides to which vlan user will be redirected what protocol does it use to tell switch to set this vlan ? For this deployment i found only: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cas/s_L3oob.html but it's incomplete. There is not detailed explenation how it works. Could you suggest any other link ?

2. What types of rules are available for setting destination vlan ? I want to have many untrusted vlans and each of them should be mapped to specified trusted vlan (if user authenticates and validates)

Thanx

0 Helpful
1 Reply 1

edunn
Level 1
Level 1

‎09-16-2009 06:24 AM

1. SNMP is used to read and write the vlan info on the switches.

2. You can use port profiles or NAC roles to set destination vlans. An example of how Port profiles would be used is if you want a port to start in a desired authentication vlan and transition to a specific access vlan afetr posture assessment and authentication. NAC roles can be used to assign ports to a specific auth vlan based on things like credentials....

Hope this helps.

Ern

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card