09-02-2012 02:51 AM - edited 03-10-2019 07:29 PM
I am configuring out of band virtual network on Clean Access Server. CAS is successfully connected to the CAM without any issue. I am using two VLANs on my network one for data and one for Voice. My question is, do I need to create Auth VLAN for voice network and same need to map on CAS server?
09-02-2012 10:50 AM
Amrish,
Are you using Cisco phones in your deployment? If so, then you should be able to drop them right in and they will tag their traffic on the voice vlan using cdp.
If you are using a 3rd party phone then by default they will first leave their traffic untagged (data vlan) and then grab their ip address (view the dhcp attributes) and then start broadcasting dhcp on the voice vlan and then their traffic is allowed.
If you have the 2nd situation then you will have to add a device filter for all your phones so then can come through the network.
There is no need to create any additional vlans for the phones.
Thanks,
Tarik Admani
*Please rate helpful posts*
09-02-2012 11:21 AM
Thanks Tarik, I am using cisco IP phones. what about the other devices like printers, do I need to filter these devices MAC address?
09-02-2012 01:50 PM
Is this a new deployment (if so, have you considered ISE)? Are these printers going to be on the same vlan as your users? Also are you running an out of band or in band setup?
Let me know these answers and we can see what the best option is for you.
thanks,
Tarik Admani
*Please rate helpful posts*
09-02-2012 10:15 PM
No its not a new deployment, I just integrating the NAC into existing setup. All printers are on same VLAN as users VLAN. I am running out-of-band setup.
Thanks,
Amrish
09-03-2012 12:29 AM
If you are running an out of band setup then you will have to create device filters for each of the printers (you can also use wildcards) and map them to a out of band user role if you are using different vlans for each different user role...if you are only doing a one to one mapping then it should all take care of itself.
Here is the link on how to configured device filters:
You can also import them in using a csv file....
Thanks,
Tarik Admani
*Please rate helpful posts*
09-03-2012 12:49 AM
Thanks Tarik, Its very help. Can you please tell me how to integrate ASA 5520 with CAS for VPN? I am using cisco VPN client for user to login from home.
09-03-2012 02:28 AM
If you are doing virtual gateway then this is a little tricky since you will have to enable layer 3 support.
Thanks,
Tarik Admani
*Please rate helpful posts*
09-03-2012 10:51 PM
Sorry for late response. I have two CAS servers one for LAN and one for VPN. Is this make any difference to use separate server for VPN users?
09-04-2012 05:37 PM
How is your VPN cas deployed? Is it deployed as a Real-IP gateway?
Thanks,
Tarik Admani
*Please rate helpful posts*
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: