Cisco NAC is connected to the core switch. All the access switches are L2 connected to the core switch and to the clients.
The user vlan is 101 and the access vlan is 11. The trusted and untrusted interface of Cisco Access server has same IP.NAC is configured as L2 OOB Virtual gateway mode. Please let me if this is correct in this scenario.
Also , the access switch and the the client is discovered in Cisco NAC. What should be configuration of auth vlan in Core switch and also that the user is not able to redirect to NAC agent and the user is not shown under online users in Cisco NAC. Also, the posture assessment is not happening.
Please explain the vlans one more time, is the vlan 101 for clients that are unauthenticated and then being mapped over to 11 once their traffic is inspected and permitted (trusted). If so, you will need to setup vlan mapping from 101 to 11 you will need to configure a managed subnet entry (an unused ip address from vlan 11 that is tagged with vlan 101).
then you will have to make sure that vlan 101 is a l2 vlan and that all switches that are connected to the clients are set to trunk vlan 101 and 11 to client. Also the port setting of all clients will need to be set to vlan 101.
As far as setting up oob there is more to it, you will need to open a TAC case if you are looking for configuration assistnace with the nac system.
I hope that gets you started or provide some help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :