Internet access from untrusted vlan?

Unanswered Question
Jun 16th, 2010

We are running NAC 4.7.2 in a OOB VGW configuration.

Let's say the mapping is from untrusted vlan 630 to trusted vlan 30 and that I have device that has failed it's posture check and needs to remediate to an external website. (The device that has failed stays in vlan 630 and has an same IP address it would use when it is moved into vlan 30.)

I would like to leave the device in vlan 630 but need to give it access to the Internet. Am I correct in that I should be able to do this using the proper filter?

If not what is the correct way to approach this scenario?

Thanks!

Bob   

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Faisal Sehbai Wed, 06/16/2010 - 15:50

Bob,

That is correct. In this scenario the traffic policies of the Temporary Role would apply and whatever sites/ips you allow in that role, the client would be able to get to those.

HTH,

Faisal

Actions

This Discussion