NAC L2 OOB implementation=>Quarantine Role relationship with Untrusted Network

Baerde1234 · ‎06-14-2010

in NAC L2 OOB per my understanding, a node coming online gets put in the untrusted network for the authentication/validation before going "out of band" or out to the regular subnet. As far as Quarantine Role for remediation, does there need to yet be a different subnet for the hosts requiring remediation, or can the remedication be done from within the Untrusted subnet(quarantine role within untrusted managed subnet)?

Baerde1234 · ‎06-14-2010

Also I just set aside Subnet Information for the Untrusted Managed Subnets. I have opted for 2 /

22 subnets per Distribution Block, and 4 for the one distribution block that is substantially larger than the rest.

Is that number reasonable, from all the provided info or is it advisable to use smaller subnets or

larger ones and what's the reason for whatever the more advisable approach?

Faisal Sehbai · ‎06-14-2010

Hi,

I've seen customers use /16's as their subnets too. Not something I'd do necessarily, but just another data point for you to consume. Think /22's would be okay.

HTH,

Faisal

Faisal Sehbai · ‎06-14-2010

Hi,

Remediation is done in the untrusted subnets. Once they're through and clean, they'll either retain their IP addressing, or get a new one (depending on whether you use role-based VLANs or not)

HTH,

Faisal