04-21-2010 11:24 PM - edited 03-09-2019 10:55 PM
Hi all
here is the scenario for cisco NAC if anyone have good solution please let me know.
we have plan to implement NAC in L2 in-band virtual gateway (for wireless) and L2 Out-of-band virtual gateway (for wired). for in-band there are 4 different different vlans for untrusted and trusted vlan, and for OOB one untrusted vlan and 4 trusted vlan. since this design is virtual gateway mode, both trusted and untrusted interface has same ip address. So in which vlan should we put the CAS?
Thank you
Solved! Go to Solution.
04-26-2010 07:00 PM
Hi,
CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.
HTH,
Faisal
04-22-2010 03:15 PM
Hi,
Your question doesn't signify whether you have one or two CASs. If one, then you can't do IB and OOB on the same CAS. If two, then you would put the CAS's trusted interface on the trusted VLAN, and the untrusted interface as a trunk to which you will allow all the untrusted VLANs. This is valid for both the IB and OOB CASs.
HTH,
Faisal
04-22-2010 04:39 PM
Hi Faisal,
Thank you very much for response.
yes we have 2 CAS one for in-band mode and another is for oob mode. As you told me that we have to put trusted port (etho) into trusted vlan but we have 4 vlans, so among them which vlan will me appropriate for cas trusted port ?
thank you
04-26-2010 07:00 PM
Hi,
CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.
HTH,
Faisal
04-26-2010 08:22 PM
hi Faisal,
Thank you for your answer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: