I have a problem with simultaneous L2 and L3 NAC deployement.
I have a CAS configured as Real IP gateway, Inband. Previosly i can have the NAC running well on L3 deployment using PBR.I configured PBR on distribution switch to intercept the traffic from user to untrusted NAC.
Now our company try to add Wireless, using WLC, which have interface vlan configured in untrusted CAS (Using 'managed subnet' section on CAM). the wireless run perfectly, they able to authenticate to NAC and able to connect to the whole network after NAC authentication.
However now the L3 users cant reach the untrusted to perform NAC authentication. The CAS cant even ping the L3 user which was okay previosly.
Is there any limitation on Cisco NAC for L2 and L3 deployment? I read from Cisco that one CAS can be configured for L3 and L2 simoultaneously so i should work