VLAN for CAS

Answered Question
Apr 21st, 2010
User Badges:

Hi all

here is the scenario for cisco NAC if anyone have good solution please let me know.


we have plan to implement NAC in L2 in-band virtual gateway (for wireless) and L2 Out-of-band virtual gateway (for wired). for in-band there are 4 different different vlans for untrusted and trusted vlan, and for OOB one untrusted vlan and 4 trusted vlan. since this design is virtual gateway mode, both trusted and untrusted interface has same ip address. So in which vlan should we put the CAS?


Thank you

Correct Answer by Faisal Sehbai about 7 years 1 month ago

Hi,


CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.


HTH,

Faisal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Faisal Sehbai Thu, 04/22/2010 - 15:15
User Badges:
  • Gold, 750 points or more

Hi,


Your question doesn't signify whether you have one or two CASs. If one, then you can't do IB and OOB on the same CAS. If two, then you would put the CAS's trusted interface on the trusted VLAN, and the untrusted interface as a trunk to which you will allow all the untrusted VLANs. This is valid for both the IB and OOB CASs.


HTH,

Faisal

blaxucisco Thu, 04/22/2010 - 16:39
User Badges:

Hi Faisal,


Thank you very much for response.

yes we have 2 CAS one for in-band mode and another is for oob mode. As you told me that we have to put trusted port (etho) into trusted vlan but we have 4 vlans, so among them which vlan will me appropriate for cas trusted port ?


thank you

Correct Answer
Faisal Sehbai Mon, 04/26/2010 - 19:00
User Badges:
  • Gold, 750 points or more

Hi,


CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.


HTH,

Faisal

Actions

This Discussion