cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
0
Helpful
4
Replies

VLAN for CAS

blaxucisco
Level 1
Level 1

Hi all

here is the scenario for cisco NAC if anyone have good solution please let me know.

we have plan to implement NAC in L2 in-band virtual gateway (for wireless) and L2 Out-of-band virtual gateway (for wired). for in-band there are 4 different different vlans for untrusted and trusted vlan, and for OOB one untrusted vlan and 4 trusted vlan. since this design is virtual gateway mode, both trusted and untrusted interface has same ip address. So in which vlan should we put the CAS?

Thank you

1 Accepted Solution

Accepted Solutions

Hi,

CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.

HTH,

Faisal

View solution in original post

4 Replies 4

Faisal Sehbai
Level 7
Level 7

Hi,

Your question doesn't signify whether you have one or two CASs. If one, then you can't do IB and OOB on the same CAS. If two, then you would put the CAS's trusted interface on the trusted VLAN, and the untrusted interface as a trunk to which you will allow all the untrusted VLANs. This is valid for both the IB and OOB CASs.

HTH,

Faisal

Hi Faisal,

Thank you very much for response.

yes we have 2 CAS one for in-band mode and another is for oob mode. As you told me that we have to put trusted port (etho) into trusted vlan but we have 4 vlans, so among them which vlan will me appropriate for cas trusted port ?

thank you

Hi,

CAS management VLAN should be separate from any of the user VLANs that you're mapping through it, so if you don't have one created for the management of the CAS, create one, and use that.

HTH,

Faisal

hi Faisal,

Thank you for your answer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: